Upload
doandieu
View
213
Download
0
Embed Size (px)
Citation preview
Keeping Electronic Data Secure
Greg Van Wormer
Assistant Technology Services Director
League of Minnesota Cities
Readme.txt
Not Attorney
More than 20 years IT experience
First server operating system used: Windows NT
3.51
I have used acoustical modems
Colossal Cave Adventure still holds a place in my
heart
Who Are You? (Poll)
Have an IT department
Have an IT consultant
IT professional
Supervise IT professionals
Menace to IT systems
Agenda
What are the threats?
Securing data
How your data can be accessed
Cloud services
Mobile workforce security
Attack Vectors
Weak passwords
Web management consoles
Missing patches
Application vulnerabilities
Social engineering
Attack Vectors
Weak passwords
Web management consoles
Missing patches
Application vulnerabilities
Social engineering
Attack Vectors
Weak passwords
Web management consoles
Missing patches
Application vulnerabilities
Social engineering
Attack Vectors
Weak passwords
Web management consoles
Missing patches
Application vulnerabilities
Social engineering
Attack Vectors
Weak passwords
Web management consoles
Missing patches
Application vulnerabilities
Social engineering
Know what you have (Poll)
Do you have a complete, partial or no inventory of
all connected devices?
Complete
Partial
No
Inventory
List of all “protected” systems/equipment
List of who has access to it
Include who can authorize additional users
Purchase and support information
Document
Policies
More later!
Procedures
Employee departure
Employee setup
Disaster recovery
System patching & testing
Patching systems (Poll)
How are your desktop/laptop/tablet operating
systems kept up to date?
Automatic deployment with no user interaction.
Automatic download, ask for user to install.
Depend on users to update.
What updates?
Patching Systems (ASAP)
ASAP (Within a week of
release)
End user operating
systems
Mainstream end user apps
(Word, etc.)
End user “Free” apps
(Java, Reader, etc.)
Mobile devices
(Smartphones, tablets)
Patching Systems (Quick)
Quick (Within two or three
weeks of release)
Server operating systems
(Windows, VMware, etc.)
Mainstream server
applications (Mail, SQL,
etc.)
Patching Systems (Longer)
Longer (Within two or
three months of release)
Line of business
applications (Billing
applications, etc.)
Customized applications
Hardware (Firmware, etc.)
Ransomware: I’ve got it
Call a pro first thing
Call LMCIT – you may have coverage
Do not shut down systems
Ransomware: Prevention
Only access to what you need
Only admins have local admin
Educate users
Block ads
Filter email
Segment networks
Where do you get your news? (Poll)
TV
Online news sites (web)
Newspaper (actual paper format!)
Social Media (Twitter, Facebook, etc.)
Policies (Poll)
What is the status of your computer use policy?
Updated in the past year
Updated in the past 5 years
Updated in the past 10 years
Updated more than 10 years ago
Don’t have a policy
Policy
You can’t enforce anything without a policy
Use common language
Make it enforceable (personal use)
Attorney review
Have employees sign it!
Remote Workforce
Address in computer use policy
BYOD or not
What they may access
How they may access
Cloud Computing
Different types
Private cloud
Public cloud
Software as a Service
(SAAS)
Advantages
Disadvantages
Interrogative Statements?
Greg Van Wormer
For a recording of this webinar, go to: http://www.lmc.org/DataSecurity15