Creating a Culture of Cyber Security at Work

Similar documents
Boston University Security Awareness. What you need to know to keep information safe and secure

NATIONAL CYBER SECURITY AWARENESS MONTH

I ve been breached! Now what?

National Cyber Security Month 2015: Daily Security Awareness Tips

Auditing emerging cyber threats and IT controls

Internet threats: steps to security for your small business

Defense Media Activity Guide To Keeping Your Social Media Accounts Secure

Technical Testing. Network Testing DATA SHEET

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

Malware & Botnets. Botnets

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

INFOCOMM SEC RITY. is INCOMPLETE WITHOUT. Be aware, responsible. secure!

Information Security

Are You A Sitting Duck?

GUIDE TO KEEPING YOUR SOCIAL MEDIA ACCOUNTS SECURE

How To Protect Yourself From A Hacker Attack

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Remote Access Securing Your Employees Out of the Office

Information Security It s Everyone s Responsibility

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015

Security Bank of California Internet Banking Security Awareness

SURVEY RESULTS CYBER-SECURITY PRACTICES OF MINNESOTA REGISTERD INVESTMENT ADVISERS

TMCEC CYBER SECURITY TRAINING

Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference

Cybersecurity Best Practices

An Introduction on How to Better Protect Your Computer and Sensitive Data

General Security Best Practices

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY. Mark

Guide to Preventing Social Engineering Fraud

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

Hot Topics in IT Security PREP#28 May 1, David Woska, Ph.D. OCIO Security

How-To Guide: Cyber Security. Content Provided by

IIABSC Spring Conference

Cyber Essentials Scheme

What are the common online dangers?

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY

TRAINING SERVICES elearning

Reducing Cyber Risk in Your Organization

Protecting Yourself Against Identity Theft. Identity theft is a serious. What is Identity Theft?

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO p f

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

How to stay safe online

Cyber Security. Securing Your Mobile and Online Banking Transactions

CYBERSECURITY POLICY

Technical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments

How To Protect Yourself From Cyber Threats

Understanding Security Threats in the Cyber World. Beth Chancellor, Chief Information Security Officer

SENIORS ONLINE SECURITY

Cybersecurity Practices of Ohio Investment Advisers; A Summary of Survey Responses

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

Online Cash Manager Security Guide

How To Protect Your Information From Being Hacked By A Hacker

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Advanced Biometric Technology

Online Banking Fraud Prevention Recommendations and Best Practices

Is Your IT Environment Secure? November 18, Sarah Ackerman, Greg Bernard, Brian Matteson Clark Schaefer Consulting

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

Know the Risks. Protect Yourself. Protect Your Business.

Cybersecurity Awareness. Part 1

Common Cyber Threats. Common cyber threats include:

Mobile Security & BYOD Policy

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

Data Security Best Practices & Reasonable Methods

Remote Deposit Quick Start Guide

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Cybersecurity Workshop

MANAGING RISK: SECURING DIGITAL IDENTITIES Striking the balance between user experience and security

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C

Top 10 Tips to Keep Your Small Business Safe

SMALL BUSINESS PRESENTATION

Security tips for the use of social media websites

INDUSTRY OVERVIEW: HEALTHCARE

Security Awareness for Social Media in Business. Scott Wright

SHS Annual Information Security Training

2012 Endpoint Security Best Practices Survey

When registering on a jobsite, first ensure that the site is reputable and has a physical address and landline phone number.

Cyber Security Management

Protect Yourself. Who is asking? What information are they asking for? Why do they need it?

From Data Breaches and Information Hacks, to Unsecure Computing - Know Your Defense

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

THE HUMAN COMPONENT OF CYBER SECURITY

Discover Your IT Blind Spots. Emerging Technology Trends & Threats

Simplifying Security & Compliance Innovating IT Managed Services. Data Security Threat Landscape and IT General Controls

Your Personal Information: Protecting it from Exploitation

A Small Business Approach to Big Business Cyber Security. Brent Bettis, CISSP 23 September, 2014

WEB ATTACKS AND COUNTERMEASURES

SMALL BUSINESS IT SECURITY PRACTICAL GUIDE

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

NACS/PCATS WeCare Data Security Program Overview

PCI Data Security Standard 3.0

Are your people playing an effective role in your cyber resilience?

Security Defense Strategy Basics

Protect yourself online

2012 Data Breach Investigations Report

Protecting Your Organisation from Targeted Cyber Intrusion

It may look like this all has to do with your password, but that s not the only factor to worry about.

Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security

Transcription:

Creating a Culture of Cyber Security at Work Webinar

Why is this important?

Cybersecurity is a people problem.

Cybersecurity is no longer just the IT department s responsibility. It is everyone s responsibility. Board of directors C-Suite Management Full-time Part-time/temp Contractors/Third-parties Interns Anyone w/ network access

Common pitfalls Click a malicious link/attachment, close as fast as possible, don t tell anyone Notification to install update click remind me later 3 weeks go by. Weak passwords, used across multiple accounts See a post from a friend on social media, click link without thinking twice Access a work account from an untrusted computer or public WiFi

Cybersecurity Strategy Graphic: firehost.com

TECH PROCESS PEOPLE

It s not enough to tell employees what they need to do, but how and why. Training & Education are key.

Antivirus, email filters, and firewalls can only do so much. Human beings are the first line of defense, but consistently the weakest link.

Most common passwords from a recent, highly-publicized data breach.

SplashData s 2014 Worst Password List: Rank Password Change from 2013 1 123456 No Change 2 password No Change 3 12345 Up 17 4 12345678 Down 1 5 qwerty Down 1 6 123456789 No Change 7 1234 Up 9 8 baseball New 9 dragon New 10 football New

It s all about the basics Passwords Two-Factor Authentication Social Engineering BYOD security Patches and updates Remote access security Social media Incident reporting

Strong Passwords What? Create a strong, unique password that meets security criteria. Why? Credentials are the top target of malicious actors. Long, complex passwords raise the barriers to entry. Weak passwords it s not if, but when they ll be cracked.

Strong Passwords How? Use these guidelines to create passwords that are difficult to hack: The longer the better minimum of eight characters 12+ if possible Does not contain any strings within the username, sequential numbers or letters, any dictionary words (especially password ), no PII such as date of birth, SSN, phone # Mix of UPPERCASE & lowercase letters, numb3rs, and $pec!@l ch@r@cter$ Don t reuse passwords from other accounts Consider using passphrases, lyrics to a song, or mnemonic (TCJOTM)

Two-Factor Authentication What? Enable 2FA on all accounts that offer it. Why? 2FA is a high-impact layer of security that immediately reduces risk. Low to no cost to implement can be done by the user in minutes.

Two-Factor Authentication How? For enterprise accounts, consult your IT department. For web services and personal accounts, see privacy or security settings menus. Popular websites and services that offer 2FA: Google/Gmail Microsoft/Office 365 Apple icloud Twitter LinkedIn Facebook Snapchat Tumbler Dropbox

Social Engineering Awareness What? All employees at every level should undergo social engineering awareness training. Why? These tactics are used to manipulate people into divulging sensitive information or allowing unauthorized access to a system, network, or physical location. Human-based vs Computer-based methods

Social Engineering Awareness How? The best way to counter social engineering is through education. Real-world examples of the latest fraud schemes, phishing campaigns. Variety of free resources and YouTube videos. Hire third-party firm to conduct phishing or phone elicitation attempts.

BYOD What? Enjoy the benefits of BYOD while minimizing security risks. Why? BYOD is cost-effective for the organization and convenient for employees, but requires proper management in order to mitigate legitimate security risks.

BYOD How? Effective management of BYOD requires three critical components: Device management software Written BYOD policy Employer/employee responsibilities Permitted/Prohibited uses Specify which devices/apps are supported Data ownership Device security Reimbursement Acknowledgement forms signed by employee

Patches, Updates & Remote Access What? Rollout of updates and patches to company-owned devices is best handled by IT-administered patch and vulnerability management system. Employees must be educated on importance of applying updates on personal devices. Why? Known vulnerabilities are the most commonly exploited. A remote access connection is only as secure as the device being used.

What? Social Media in the Workplace Debate: Allow unfettered social media access? Ban all social media? How to limit? Organizations must develop policies to establish what is, is not permitted. Educate employees on the threats present on social media: scams, social engineering, links Why? Social media is an easy target for malicious actors to entice users to click links. The vulnerability of social proof.

Incident Reporting What? All employees should understand when and how to report cyber incidents. All employees should feel comfortable doing so, even if reporting a false positive. Why? People will make mistakes - regardless of position/rank, education, experience, etc. No policy or cybersecurity strategy will prevent all possible incidents. Incidents reported ASAP are easier to contain and remediate.

Incident Reporting How? Organizations must have a clear, written policy outlining the security incident policy. Allow anonymous reporting of potential insider threats. Employees must have a number to call as soon as they identify an indicator of compromise. Employees should know what to do in certain situations i.e. disconnect from network. Report incidents to external agencies.

External Reporting When in doubt, report See something, say something applies to cyber as much as terrorism Report incidents to the, as well as sector ISAC All incidents handled to maintain confidentiality of victims When necessary, response coordinate with federal partners

What is the? The State's one-stop shop for cybersecurity information sharing, threat analysis, and incident reporting. - Collaboration between engineers and analysts - Fusion of technical & non-technical sources - Promote statewide awareness of local cyber threats - Facilitate widespread adoption of best practices - Reduce our members cyber risk

Contact: @cyber.nj.gov @NJCybersecurity cyber.nj.gov

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information