Time To Get Serious About Information Security

Size: px

Start display at page:

Download "Time To Get Serious About Information Security"

Adelia Ruby Williamson
7 years ago
Views:

1 Time To Get Serious About Information Security Developed By CPA Crossings, LLC Rochester, Michigan

2 Learning Objectives After completing this course, you will be able to Implement Best Practices to improve your information security Improve your password management Secure your mobile devices 2

3 Presentation Outline Information Security Framework Information Security Challenges Defense in Depth Strategy Steps to Securing Your System 3

4 INFORMATION SECURITY FRAMEWORK 4

5 Information Security Management A systematic approach to encompassing people, processes and IT systems that safeguards critical systems and information, protecting them from internal and external threats. Source: AICPA IT Membership Section 5

6 Information Security Overview Information Assurance CIA Confidentiality Integrity Availability 6

7 Information Security Overview (continued) CIA Confidentiality Assurance of data privacy. Only the intended and authorized recipients (individuals, processes or devices) may read the data. 7

8 Information Security Overview (continued) CIA Integrity Assurance of data nonalteration. Data integrity means having assurance that the information has not been altered in transmission, from origin to reception. 8

9 Information Security Overview (continued) CIA Availability Assurance of the ability to have timely and reliable access to data services for authorized users. It ensures that information or resources are available when required. 9

10 INFORMATION SECURITY CHALLENGES 10

11 The IT Model A Strategic View Human Layer - Staff & Clients (People who use the underlying layers) Security Business Process Layer (What we want the Apps to do) Software Applications Layer (Apps that make Infrastructure useful ) Infrastructure Layer (Hardware & equipment to run IT) 11

12 Information Security Challenges Information moving to digital format Digital information knows no borders Information needs to be secured Physical security isn t enough Info security requires legal & technical expertise Information security is a relatively new frontier 12

13 Primary Threats to Information Viruses Unauthorized access Theft Physical destruction Unintentional distribution Internal staff 13

14 DEFENSE IN DEPTH STRATEGY 14

15 Defense In Depth DATA 15

16 STEPS TO SECURING YOUR SYSTEM 16

17 Improve Your Information Security 1. Data Protection 2. Malware Protection 3. Password Management 4. Mobile Device Protection 17

18 DATA PROTECTION 18

20 Data Protection (continued) Where is your data? Password protect devices Use secure devices Firm supplied devices ONLY Destroy device / data Temporary use ONLY 20

21 Secure USB Drives 21

22 Things to Know About Encryption Every privacy regulation requires it Loss of control of encrypted data does not constitute a breach of privacy Data should be encrypted when it is stored and in transit Some encryption tools are really simple and some are complex 22

23 Encryption Example Unencrypted File Encrypted File 23

24 Sending a Secure Package #1 Use a Lock Scenario #1 Can t Open, Needs Key!! 24

25 Sending a Secure Package #2 Send the Key with the Package Scenario #2 Send Key with package? No, because anyone can open 25

26 Scenario #3 Copyright 2015 CPA Crossings, LLC Sending a Secure Package #3 Send the Key Some Other Way Mary Sends Bob the Key In this scenario, Mary has to deliver a key to anyone she wants to open her package (like a password protected file). This can be an administrative nightmare. If she doesn t want someone to open her packages anymore, she must get back the key. 26

Sending a Secure Package #4 Receiver Sends the Lock Scenario #4 Mary uses Bob s Lock to secure package = Public Key START = Private Key In this scenario, Bob gives Mary is lock & Mary uses it to

27 Sending a Secure Package #4 Receiver Sends the Lock Scenario #4 Mary uses Bob s Lock to secure package = Public Key START = Private Key In this scenario, Bob gives Mary is lock & Mary uses it to secure the package. Bob is the only one with a key to his lock. If someone intercepts the package, they cannot open because they don t have the key. No matter who has Bob s lock, only Bob can open it with the key he has. Bob Sends Mary his Lock Bob uses his key to open package 27

28 MS Office Encryption 28

29 Adobe Acrobat PDF Encryption 29

30 DATA STORAGE & THE CLOUD 30

31 Data Storage Considerations Storage Location Application Compatibility Synchronization Virtual Drive Mapping Backup 31

32 Cloud vs. Local Storage 32

33 Cloud Storage Services

34 Cloud Storage Backup 34

35 Data Center Security World class security Disaster recovery protection 24 x 7 network administration Peace of mind! 35

36 Firewall Security Hardware or software Prevent internet traffic Policy based Personal firewall single computer Network firewall front-end of network Application firewall looks at application traffic IPS Intrusion Prevention System IDS Intrusion Detection System 36

37 Firewalls Copyright 2015 CPA Crossings, LLC 1. Internet Microsoft.com receives request Legitimate request passed on Outside User, Network, or Server ` 1. Internet user makes request to access Microsoft.com T1, DLS, Cable, etc. Modem Firewall Switch Firewall inspects packet determines what to do 5. Invalid request BLOCK Server(s) ` Users

38 Firewall Solutions Personal Kaspersky / McAfee / Symantec Enterprise Barracuda / Cisco Managed Firewall Service 38

39 MALWARE PROTECTION 39

40 Types of Malware Worms Spyware Rootkits Crimeware Trojans Phishing Viruses Malware Adware 40

41 Effects of Malware Display Message Delete Data Disable Hardware Steal Data Malware Corrupt Data Hijack Computer Slow Down Hardware 41

42 How Do You Get Malware? Malware Click on Something Open a File Install Software Attachment Link Social Engineering Browser Search Hijacked 42

43 Ways to Avoid Malware Can t Eliminate, Just Minimize Anti-Virus Software Browsing Protection Firewall Hardware & Software Windows Updates Knowledge, Awareness, Judgement 43

44 PASSWORD MANAGEMENT 44

45 Logins, Logins, Logins 45

46 Logins, Logins, Logins 46

47 The Connected World Every site / app wants login Logins available across platforms Users have 100 s of logins Can t remember ID s & passwords Many write them down Many make them the same 47

48 What is a Good Password? Unique, not reused Min 8 characters Caps, numbers, symbols Change every 90 days Good Password Random, mnemonic Unknown to others Not written down Not in Dictionary 48

49 Password Management Using Password Keepers Copyright 2015 CPA Crossings, LLC Saves your passwords in an encrypted file One Master password to decrypt the file Cloud-based to synch passwords across devices Fills in login screens for you Store other sensitive information like account & credit card numbers 49

50 What can Password Managers Keep? 50

51 Password Keepers 51

52 Password Manager Reviews PC Magazine TopTenREVIEWS A Secure Life ConsumerAffairs.com CSO Magazine 52

53 RoboForm Demo 53

54 MOBILE DEVICE PROTECTION 54

55 How to Protect Your Mobile Device Passcodes Location Tracking Find My Device Restrictions / Privacy Settings Backup Data Protection BYOD 55

56 Passcodes / Lock Screen Must Enter to Access Device PIN, Swipe, Password, Biometrics Caution: PIN & Swipe action left on screen Password & Biometrics most secure Set to Immediate Screen Timeout Can be Policy Based 56

57 Location Tracking Tracks where you/device is or has been Allows apps to provide location based info Needed for Find My Device apps Allows mapping to provide route & traffic info ios allows user to change per app A convenience feature Can be used for malicious behavior 57

58 Find My Device Find if lost or stolen Play sound to find Provide a message if stolen Lock the device Reset / Erase the device Available for both Android and ios 58

59 Restrictions / Privacy Settings Content apps have access to Information the OS maintains Some ability to control May expose data Another convenience feature 59

60 What Does This Mean to You? Just about anything you do & anywhere you go can be tracked 60

61 Backup Ability to restore device & data Automatic vs. Manual Cloud vs. Local Data vs. Synced Content vs. Settings ios provides complete Restore Android limited Restore 61

62 Data Protection Personal vs. Business Data Encryption Slows device Can t be undone Authorities can t access without warrant Is Passcode enough? Sync with Cloud means 2 places for data Device memory vs. SD card 62

63 BYOD Bring Your Own Device Employees use their Device at Work Need policy to manage security risk Data breach Terminated employees Old devices Track employee s locations & usage MDM (Mobile Device Management) software available 63

64 Learning Objectives Summary You should now be able to Implement Best Practices to improve your information security Improve your password management Secure your mobile devices Copyright 2015 CPA Crossings, LLC 64

65 Questions? 65

CPA Crossings, LLC Our Mission: Increase the value of CPAs by leveraging technology Service Offerings: John Higgins jhiggins@cpacrossings.

66 CPA Crossings, LLC Our Mission: Increase the value of CPAs by leveraging technology Service Offerings: John Higgins Microsoft Office Training Adobe Acrobat Specialists Digital CPA Practice Model Strategic Technology Advisors Cloud/Mobile Computing Specialists Bryan Smith For more information: Call (877)

Learn More Over 20 focused Excel webinars Library of Excel how to videos & sample spreadsheets Excel news and information hub

67 Introducing Our New Comprehensive Learning Centers Practice builder webinars Reviews of top selling solutions Practice aids Community forum News and information hub Exclusive club for members only includes more features and a huge savings on CPE Learn More Over 20 focused Excel webinars Library of Excel how to videos & sample spreadsheets Excel news and information hub Exclusive club for members only includes more features and a huge savings on CPE Learn More Receive updates and discounts via

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential