Cybersecurity: Are Your Employees Your Weakest Link?
-
Upload
finley-engineering-company -
Category
Business
-
view
273 -
download
1
Transcript of Cybersecurity: Are Your Employees Your Weakest Link?
fecinc.com
Cybersecurity: Are Your Employees the Weakest Link?
fecinc.com
External attacks Viruses and worms Phishing and
Pretexting Data Leakage
Understanding the Risk Landscape
fecinc.com
A shift in thinkingExternal threats are most familiar
Inside threats getting more attention
fecinc.com
Internal risk events– Weak credentials– Credential sharing– Unauthorized application use– Device loss/theft– Disgruntled workers on social
media Targeted information
– Private customer data– Financials– Intellectual Property
Consequences– Legal liability– Stock manipulation– Lost revenue
Looking Inside for Risks
fecinc.com
• Publish and educate• Require Strong
Passwords• Complex and strong
are different– Longer is better
than random complexity
– Easy to remember is better
• Cycle Passwords
A Working Password Policy
fecinc.com
• Commonly a focus• Hobbles usability• Users circumvent
• Focus on strength instead.– Long– Memorable
The Complexity Problem
fecinc.com
Policies, Inventories, Logs and Reports– Documentation is key– Tracking and Reporting
Software-based enforcement
Internal Audits– Systemic– Manual
External Audits– Consultants– Certifications
Measuring Effectiveness
fecinc.com
• Have one• Keep it current• Consider usability• Educate
– Frame the Discussion
– Set an expectation
Effective Security Policies
fecinc.com
Bank Tellers and Retail Cashiers
fecinc.com
Preventing Data Leakage:Keeping the Good “In”
Methods of Data Leakage– Lost Equipment– Stolen Equipment– Equipment gifted or sold to former
employees– USB drives– Unauthorized software access via
stolen or shared credentials– Social Media Posts– Unauthorized Cloud sharing
Stopping Leaks– Firewall Rules– Data encryption and MDM– Equipment release process– Have a USB drive policy or– Lock USB ports out– Pay attention to good work process– Social Media Use Policy or– Block social media posting
fecinc.com
Overall security– https://www.sans.org/critical-security-controls/control/14
Data Leakage Prevention Papers– http://
www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/data-loss-prevention/white_paper_c11-503131.html
– http://resources.infosecinstitute.com/data-loss-prevention-dlp-strategy-guide/
Password Strength Article– http://
www.infoworld.com/article/2616157/security/creating-strong-passwords-is-easier-than-you-think.html?page=2
Additional Information
fecinc.com
Mike OckengaManager IP Services
Finley Engineering [email protected]
952-582-2912
Discussion