Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Growing Your Business Online…Securely
Michael Miranda
Hawaiian Telcom
Agenda
• About Me
• Cloud
• Social Networking Sites
• Mobile Devices
Business Risks
Mitigation Strategies
Michael Miranda
• Maryknoll 1990
2013 ILH Champions Boys Basketball!
Michael Miranda
• Maryknoll 1990, UCF, Gonzaga, UH
• Miranda Rights
• Geek Passion
• Coder at Heart
• Cyber Security Spartan
• Hawaiian Telcom Presenter
Hawaiian Telcom does not specifically endorse
any of the companies mentioned in this
presentation.
• OS/Application/Anti-Virus Updates
• Disable Unnecessary Services and Privileges
• Whitelist Applications (Software Restriction Policy)
End Point Security
• Firewall
• Intrusion Prevention
• Web Content Filtering
Perimeter Security
• Identify
• Monitor
Sensitive Information
• Collect
• Analyze Frequently Logs
• Policy
• Plan of Action
Incident Response
Business Growing Online Using…
Connecting with
Hawaii
Social Networking
Sites
Mobile Devices
Cloud Applications
CLOUD
GROWING YOUR BUSINESS ONLINE…SECURELY
YOUR DATA
APPLICATION
SERVER
OPERATING SYSTEM
HARDWARE
REAL ESTATE & ENVIRONMENT
Work PC
CLOUD SERVICE
SMB Cloud Services
• Web Sites
• Backups
• Productivity
• Vertical Apps
• Security
Gmail has 425M Users
Google Apps has 5M Businesses
Google Apps Has 66 of 100 Top Universities
23 of 42 Fed Contracts for Productivity Apps in 2012
Google 90% of Subscribers are Small Businesses
10 of 42 Fed Contracts for Productivity Apps in 2012
“Billion” user install base
Office 365
SLAs are not Free FREE PAID
Google Docs “As Is” - No commitments Self-help
N/A
Google Apps for Business N/A $5 per user/month 99.9%, Service Credits
24x7 Phone Support
Skydrive (MS Office Web Apps)
“As Is” – No commitments Self-help
MS Office 365 N/A $6 per user/month 99.9%, Service Credits
24x7 Phone Support
HyperOffice N/A $7 per user/month 99.9%, Service Credits
YOUR DATA
APPLICATION
SERVER
OPERATING SYSTEM
HARDWARE
REAL ESTATE & ENVIRONMENT
Work PC
CLOUD SERVICE
$$$$$$
$
Risks and Mitigation
Risks
• Compromise of cloud user
accounts
• Trapped data
• Unauthorized data
disclosure
• No Internet Connection =
No Data/Application
Mitigation
• Use offered security controls (i.e.
multi-factor authentication)
• Protect user accounts and use
strong passwords (more later…)
• Backup data from the cloud
• Certifications and Written
Protection Policies
• Internet redundancy
• Reduce/Eliminate Upfront Hardware/Software Costs
• Lower Ongoing Costs (Install & Support, Power, etc.)
• Lower Technology Obsolescence Costs (Upgrade/Replacement) Cost
• Improved Availability (“Always On”)
• Greater Accessibility (Desk, Home, Mobile)
• Improved Functionality Productivity
• Add Services Quickly (Utility model)
• Expand/Contract as the Business Requires (Seasonal, etc.) Scalability
• Keep the Business Running During Local Outages
• Recover Cleanly and Quickly from Significant Events
Business Continuity & Disaster Recovery
• Benefit from a Service Provider’s “Defense in Depth”
• Reduce Internet Footprint Security
Grow Using the Cloud
CONFIDENTIAL - Hawaiian Telcom University 22
SOCIAL NETWORKING SITES (SNS)
GROWING YOUR BUSINESS ONLINE…SECURELY
Risks and Mitigation
Risks
• Informal communications
may become “business”
communications
• Critical reviews can hurt your
business
• Stolen user account
credentials could be used to
hurt your image and business
Mitigation
• Be formal with all
communications
• Do not conduct transactions
on SNS
• Monitor and respond to
negative reviews quickly
• Strategize to protection your
user account credentials
Wired (12/2012)
• “hackers destroyed my entire digital life in the span of an hour”
• Victim Account Info Needed:
– Master Email Address (for recoveries)
– Billing Address
– Last 4 Digits of a Credit Card
– No Advanced Security Beyond Password
• Social Engineered and Exploited Procedures to Gain Access to his
accounts with: Apple, Gmail, Amazon and Twitter
Damage • Deleted 8 years worth of email on Gmail
• Took over Twitter account to broadcast
offensive messages
• Erased all data on iPhone, iPad and Macbook
– Family photos
– Work documents and email
User Account Strategy
• Use a separate business email address for
SNS and other business activity
• Use an alias email address instead of a real
email address (even for recovery email
addresses)
[email protected] [email protected] [email protected] [email protected] [email protected]
Home PC
MY BUSINESS
[email protected] [email protected] (email alias for all
transactions)
[email protected] (keep private!)
[email protected] (keep private!)
.com
• Commit to a an Online Presence on The Popular Platforms
• Treat as a Primary Communication Channel
• Monitor/Respond Timely and Professionally
SNS for Business…Securely
• Only for informational business
communications. DO NOT:
– Contract using SNS messaging
– Transmit or receive sensitive information
• Monitor and respond consistently
• Segregate and protect business SNS accounts
MOBILE DEVICES
GROWING YOUR BUSINESS ONLINE…SECURELY
90% Acted Within
24 Hours
Mobile Consumers
94% Searched for
Local Info
70% Called a
Business After Searching
66% Visited in
Person
45% Use for In-Store
Research
722M Smartphones
Shipped in 2012
45
Mobile Strategy
• Determine Value of Mobile to Your Business
• Invest in a Mobile Presence and Analyze Usage (assess the mobile
experience yourself)
• Build an App only if Value is Identified
• Purchase Apps that Truly Improve Your Business and Fit Current
Operations (morale, productivity, technology, costs)
• Take Advantage of Mobile-enabled Sties/Apps from
Suppliers/Partners
0.00%
10.00%
20.00%
30.00%
40.00%
50.00%
60.00%
70.00%
80.00%
Market Share
Malware
2011
Apple iOS • Data is not public • Isolated reports of malware
• 775,000 Apps!
Mobile Devices Attacked “Like its 1999”
• Phishing Scams, Malicious Web Sites/Advertisements,
Malicious Apps
• Zbot.ANQ
– Reportedly installs as a trojan on a Windows computer
– Social engineers user to install software on mobile phone
and to provide phone number to hacker
– Hijacks SMS messages from banks to steal money
Top 5 Mobile Content Associated with Malware
1. Pornography
2. Known Spam Sites
3. Computer/Internet
4. Web Advertisements
5. Entertainment
Risks and Mitigation
Risks
• Attacks against mobile devices
and sites
• Sensitive data being distributed
on more devices
• Incomplete implementation of
mobile experience could hurt
business
• Immature security controls on
mobile devices
Mitigation
• Ensure mobile-sites and apps undergo
security reviews
• Specifically control what types of
devices can access sensitive
applications and data
• Invest in a professionally designed
mobile site from the start
• Consider mobile device management
platforms to control employee devices
Mobile Final Tips
• Keep Mobile OS updated and Use Passcode Locks
• Assume mobile device is vulnerable at all times and
only visit known safe sites
• Carefully research apps prior to installation
• Do NOT Jailbreak
• Include Mobile Devices in Overall Cyber Security
Planning
Grow Your Business Online…Securely
Connecting with
Hawaii
Social Networking
Sites
Mobile Devices
Cloud Applications
• Questions?