Growing Your Business Online…Securely

Michael Miranda

Hawaiian Telcom

Agenda

• About Me

• Cloud

• Social Networking Sites

• Mobile Devices

Business Risks

Mitigation Strategies

Michael Miranda

• Maryknoll 1990

2013 ILH Champions Boys Basketball!

Michael Miranda

• Maryknoll 1990, UCF, Gonzaga, UH

• Miranda Rights

• Geek Passion

• Coder at Heart

• Cyber Security Spartan

• Hawaiian Telcom Presenter

Hawaiian Telcom does not specifically endorse

any of the companies mentioned in this

presentation.

• OS/Application/Anti-Virus Updates

• Disable Unnecessary Services and Privileges

• Whitelist Applications (Software Restriction Policy)

End Point Security

• Firewall

• Intrusion Prevention

• Web Content Filtering

Perimeter Security

• Identify

• Monitor

Sensitive Information

• Collect

• Analyze Frequently Logs

• Policy

• Plan of Action

Incident Response

Business Growing Online Using…

Connecting with

Hawaii

Social Networking

Sites

Mobile Devices

Cloud Applications

CLOUD

GROWING YOUR BUSINESS ONLINE…SECURELY

YOUR DATA

APPLICATION

SERVER

OPERATING SYSTEM

HARDWARE

REAL ESTATE & ENVIRONMENT

Work PC

CLOUD SERVICE

SMB Cloud Services

• Email

• Web Sites

• Backups

• Productivity

• Vertical Apps

• Security

Gmail has 425M Users

Google Apps has 5M Businesses

Google Apps Has 66 of 100 Top Universities

23 of 42 Fed Contracts for Productivity Apps in 2012

Google 90% of Subscribers are Small Businesses

10 of 42 Fed Contracts for Productivity Apps in 2012

“Billion” user install base

Office 365

SLAs are not Free FREE PAID

Google Docs “As Is” - No commitments Self-help

N/A

Google Apps for Business N/A $5 per user/month 99.9%, Service Credits

24x7 Phone Support

Skydrive (MS Office Web Apps)

“As Is” – No commitments Self-help

MS Office 365 N/A $6 per user/month 99.9%, Service Credits

24x7 Phone Support

HyperOffice N/A $7 per user/month 99.9%, Service Credits

YOUR DATA

APPLICATION

SERVER

OPERATING SYSTEM

HARDWARE

REAL ESTATE & ENVIRONMENT

Work PC

CLOUD SERVICE

$$$$$$

$

Risks and Mitigation

Risks

• Compromise of cloud user

accounts

• Trapped data

• Unauthorized data

disclosure

• No Internet Connection =

No Data/Application

Mitigation

• Use offered security controls (i.e.

multi-factor authentication)

• Protect user accounts and use

strong passwords (more later…)

• Backup data from the cloud

• Certifications and Written

Protection Policies

• Internet redundancy

• Reduce/Eliminate Upfront Hardware/Software Costs

• Lower Ongoing Costs (Install & Support, Power, etc.)

• Lower Technology Obsolescence Costs (Upgrade/Replacement) Cost

• Improved Availability (“Always On”)

• Greater Accessibility (Desk, Home, Mobile)

• Improved Functionality Productivity

• Add Services Quickly (Utility model)

• Expand/Contract as the Business Requires (Seasonal, etc.) Scalability

• Keep the Business Running During Local Outages

• Recover Cleanly and Quickly from Significant Events

Business Continuity & Disaster Recovery

• Benefit from a Service Provider’s “Defense in Depth”

• Reduce Internet Footprint Security

Grow Using the Cloud

CONFIDENTIAL - Hawaiian Telcom University 22

SOCIAL NETWORKING SITES (SNS)

GROWING YOUR BUSINESS ONLINE…SECURELY

Risks and Mitigation

Risks

• Informal communications

may become “business”

communications

• Critical reviews can hurt your

business

• Stolen user account

credentials could be used to

hurt your image and business

Mitigation

• Be formal with all

communications

• Do not conduct transactions

on SNS

• Monitor and respond to

negative reviews quickly

• Strategize to protection your

user account credentials

Wired (12/2012)

• “hackers destroyed my entire digital life in the span of an hour”

• Victim Account Info Needed:

– Master Email Address (for recoveries)

– Billing Address

– Last 4 Digits of a Credit Card

– No Advanced Security Beyond Password

• Social Engineered and Exploited Procedures to Gain Access to his

accounts with: Apple, Gmail, Amazon and Twitter

Damage • Deleted 8 years worth of email on Gmail

• Took over Twitter account to broadcast

offensive messages

• Erased all data on iPhone, iPad and Macbook

– Family photos

– Work documents and email

User Account Strategy

• Use a separate business email address for

SNS and other business activity

• Use an alias email address instead of a real

email address (even for recovery email

addresses)

airjordan808@yahoo.com

airjordan808@hotmail.com airjordan808@gmail.com airjordan808@me.com airjordan808@live.com miranda@university.edu

Home PC

MY BUSINESS

mike@mybusiness.com adm@mybusiness.com (email alias for all

transactions)

xyz@mybusiness.com (keep private!)

xyz@gmail.com (keep private!)

.com

• Commit to a an Online Presence on The Popular Platforms

• Treat as a Primary Communication Channel

• Monitor/Respond Timely and Professionally

SNS for Business…Securely

• Only for informational business

communications. DO NOT:

– Contract using SNS messaging

– Transmit or receive sensitive information

• Monitor and respond consistently

• Segregate and protect business SNS accounts

MOBILE DEVICES

GROWING YOUR BUSINESS ONLINE…SECURELY

90% Acted Within

24 Hours

Mobile Consumers

94% Searched for

Local Info

70% Called a

Business After Searching

66% Visited in

Person

45% Use for In-Store

Research

722M Smartphones

Shipped in 2012

45

Mobile Strategy

• Determine Value of Mobile to Your Business

• Invest in a Mobile Presence and Analyze Usage (assess the mobile

experience yourself)

• Build an App only if Value is Identified

• Purchase Apps that Truly Improve Your Business and Fit Current

Operations (morale, productivity, technology, costs)

• Take Advantage of Mobile-enabled Sties/Apps from

Suppliers/Partners

0.00%

10.00%

20.00%

30.00%

40.00%

50.00%

60.00%

70.00%

80.00%

Market Share

Malware

2011

Apple iOS • Data is not public • Isolated reports of malware

• 775,000 Apps!

Mobile Devices Attacked “Like its 1999”

• Phishing Scams, Malicious Web Sites/Advertisements,

Malicious Apps

• Zbot.ANQ

– Reportedly installs as a trojan on a Windows computer

– Social engineers user to install software on mobile phone

and to provide phone number to hacker

– Hijacks SMS messages from banks to steal money

Top 5 Mobile Content Associated with Malware

1. Pornography

2. Known Spam Sites

3. Computer/Internet

4. Web Advertisements

5. Entertainment

Risks and Mitigation

Risks

• Attacks against mobile devices

and sites

• Sensitive data being distributed

on more devices

• Incomplete implementation of

mobile experience could hurt

business

• Immature security controls on

mobile devices

Mitigation

• Ensure mobile-sites and apps undergo

security reviews

• Specifically control what types of

devices can access sensitive

applications and data

• Invest in a professionally designed

mobile site from the start

• Consider mobile device management

platforms to control employee devices

Mobile Final Tips

• Keep Mobile OS updated and Use Passcode Locks

• Assume mobile device is vulnerable at all times and

only visit known safe sites

• Carefully research apps prior to installation

• Do NOT Jailbreak

• Include Mobile Devices in Overall Cyber Security

Planning

Grow Your Business Online…Securely

Connecting with

Hawaii

Social Networking

Sites

Mobile Devices

Cloud Applications

• Questions?