cyber security for the smb 2014
DESCRIPTION
What small and mediums business need to know about cyber security. The risks related to social media, hackers, Identity Theft, Data Breaches, Espionage…TRANSCRIPT
![Page 1: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/1.jpg)
Cyber Security for SMB
Social Media, Identity Theft, Data Breaches , Espionage & Cyber Security
![Page 2: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/2.jpg)
Donald E. Hestertwitter.com/sobca |
www.facebook.com/LearnSecwww.learnsecurity.org
![Page 3: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/3.jpg)
What you don’t know can hurt you
![Page 4: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/4.jpg)
![Page 5: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/5.jpg)
Challenge for SMB Knowledge of cyber threats (What you don’t know)
Dynamic and changing technology Requires expert or professional advice Additional costs Security products and services sized for Enterprise
Balance customer & business needs
![Page 6: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/6.jpg)
SMB Cyber Security Don’t think in terms of security Think in terms of risk to your business What is the risk to my business if I ________? What can I do to minimize that risk? How much will it cost if I do nothing? How much will it cost if I do something? Am I money ahead?
![Page 7: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/7.jpg)
What is the risk to my business if I accept payment cards?
![Page 8: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/8.jpg)
Payment Card Acceptance If your business accepts credit cards you are required to protect cardholder data.
Failure to protect cardholder data can lead to steep fines.
The fines have put some small businesses out of business.
![Page 9: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/9.jpg)
pcisecuritystandards.org/merchants/
![Page 10: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/10.jpg)
Risks related to Social Media
![Page 11: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/11.jpg)
Business Integration
![Page 12: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/12.jpg)
Online Profile & Reputation Your "online profile" is the sum of online content about you that you've created and content about you created by others. Items include: emails, videos, posts on social networks, someone posting a picture or comments about you on a social network or website, credit, financial and medical information.
Your "online reputation" is the image created of you through information you or others shared online in blogs, posts, pictures, tweets and videos.
![Page 13: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/13.jpg)
Online Reputation Do you have control of what is posted?
Not all fame is good! People use anonymity to post stuff about others!
Embarrassment, loss of credibility
• Rev2/28/2011
![Page 14: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/14.jpg)
Social Shopping & Brand Protection
If you own a business or are self-employed:• Have you looked to see
what is posted about you?• Do you monitor for
comments or ratings?• How do you address
complaints? • Do you monitor for brand-
jacking? http://knowem.com/
![Page 15: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/15.jpg)
Social Media & HR
The use of social media outside of personal lives has increased and continues to increase
Concern that potential employers will misconstrue what is seen
Used for monitoring current employees Used for screening job applicants
Employees see it as a good way to “get to know” the applicant
![Page 16: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/16.jpg)
Ramifications• Employers are increasingly using
social media for background checks.
• Insurance companies use social media to look for fraud.
• Spies use social media to look for informants.
![Page 17: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/17.jpg)
Bad guys use social media too
Bad guys can exploit your use of social media to infect your computer with malware
![Page 18: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/18.jpg)
Information about your business online Do I have control of what is
posted about my business? Look your business up! Even if you are not on the web,
you may be on the web! Do what you can to control what
is out there. What is you social relevancy
(Reputation)? Setup alerts and monitor what is
posted about you.
![Page 19: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/19.jpg)
Are people using your intellectual property?
![Page 20: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/20.jpg)
Can someone use what you post against you?
![Page 21: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/21.jpg)
The risk of keeping customer information? Why do criminals want personal information? In an information age information becomes a
commodity Information has a value Some information has a greater value Personal information is potentially worth more than
you think Criminals can trade for money or drugs
![Page 22: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/22.jpg)
What is PII Personally Identifiable Information
Name and account number Name and social security number Name and address Credit Card Number
Where you might find it Tax files Account Statements Records (Medical, Public and other) Businesses you do business with
![Page 23: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/23.jpg)
Who keeps personal data on you and your business? Social Media Sites – User generated Corporations – Big data, Tracking, Sales, Marketing
Government – Local, State, Federal and other
Organizations – Non-profits, Clubs, VSOs Schools – Grades, Clubs, School Newspaper Media – Newspapers, News, Video
![Page 24: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/24.jpg)
![Page 25: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/25.jpg)
Data from unexpected sources
![Page 26: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/26.jpg)
ID Theft vs. ID Fraud “Identity fraud," consists mainly of someone making unauthorized charges to your credit card.
“Identity theft,” is when someone gathers your personal information and assumes your identity as their own."Identify theft is one of the fastest
growing crimes in the US."John Ashcroft79th US Attorney General
![Page 27: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/27.jpg)
The Busboy That Started It All
March 20th 2001, MSNBC reported the first identity theft case to gain widespread public attention
Thief assumed the identities of Oprah Winfrey and Martha Stewart, took out new credit cards in their names, and accessed their bank accounts
Stole more than $7 million from 200 of the world’s super rich - Warren Buffet and George Soros, tech tycoons Paul Allen and Larry Ellison
Used a library computer, public records, a cell phone, a fax machine, a PO Box, and a copy of Forbes Richest People
32-year-old Abraham Abdallah was described as “a high school dropout, a New York City busboy, a pudgy, disheveled, career petty criminal.”
![Page 28: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/28.jpg)
ID Theft & Fraud PII exposed by others (Data Breaches) PII exposed by ourselves (online & others) Malware (Spyware, Viruses, etc…) Social Engineering
Phone Internet (Phishing, social websites etc…) In Person (at your door, in a restaurant etc…)
Physical theft Mail box Trash (Dumpster diving) ATMs (skimming) Home break-ins
![Page 29: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/29.jpg)
Physical theft Dumpster diving ATM – Credit Card skimming Mailbox Break-in
![Page 30: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/30.jpg)
“Lock Bumping”
http://cbs11tv.com/seenon/Bump.Key.Safety.2.499252.html
![Page 31: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/31.jpg)
Credit Card/ATM Skimming
![Page 32: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/32.jpg)
Credit Card Skimming Stats
TOP MERCHANT GROUPS
RESTAURANTSGASHOTELSCAR RENTALSALL OTHER
SOURCE: CALIFORNIA RESTAURANT ASSOCIATION, VISA USA, UNITED STATES SECRET SERVICE
![Page 33: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/33.jpg)
Credit Card Skimming Stats
BY MERCHANT LOCATIONS
CALIFORNIAFLORIDANEW YORKNEW JERSEYTEXASMEXICOILLINOISALL OTHER
SOURCE: CALIFORNIA RESTAURANT ASSOCIATION, VISA USA, UNITED STATES SECRET SERVICE
![Page 34: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/34.jpg)
What do they do with stolen IDs?
• Information is sold on the Black Market
• Sometimes the information is traded for drugs
• Used to fund terrorist operations
![Page 35: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/35.jpg)
Computer and Mobile Security
![Page 36: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/36.jpg)
![Page 37: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/37.jpg)
Cyber Spying
![Page 38: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/38.jpg)
Other risks P2P (Peer to Peer file sharing, IP loss, Malware)
Theft of mobile devices (data on mobile devices)
Malware, Spyware, Viruses (disrupt or data theft) Advanced Persistent Threats (APTs)
Data loss (no backups) Access to your network
Wireless or no firewall Remote access
![Page 39: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/39.jpg)
Computer Spyware
![Page 40: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/40.jpg)
Cell Phone Spyware
![Page 41: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/41.jpg)
Data Breaches
![Page 43: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/43.jpg)
![Page 44: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/44.jpg)
Desensitization of data breaches
![Page 45: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/45.jpg)
The Problem
Albert Gonzalez, 28
With accomplices, he was involved in data breaches of most of the major data breaches: Heartland, Hannaford Bros., 7-Eleven, T.J. Maxx, Marshalls, BJ’s Wholesale Club, OfficeMax, Barnes & Noble, Sports Authority, Dave & Busters, Boston Market, Forever 21, DSW and others.
![Page 46: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/46.jpg)
![Page 47: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/47.jpg)
Who is behind data breaches? 70% from external agents 48% caused by insiders 11% implicated business partners 27% involved multiple parties
![Page 48: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/48.jpg)
How PII might be exposed
Data Breach Lack of security on the part of
businesses Organization may post information
online Loss of a laptop, hard drive or paper
work Data loss by a third party Hacker (Organized Crime & Nation
State) Organizations may break into your
computer Hacktivisim
![Page 49: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/49.jpg)
Top 10 Largest Breaches
Data provided by DataLoss db as of February 2014
![Page 50: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/50.jpg)
Hacktivisim
![Page 51: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/51.jpg)
Cyber Security Framework http://www.nist.gov/cyberframework/
![Page 52: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/52.jpg)
Help SBA.gov US Small Business Administration
![Page 53: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/53.jpg)
Other Sites
![Page 54: Cyber Security for the SMB 2014](https://reader038.vdocument.in/reader038/viewer/2022110307/556c522fd8b42acc228b467f/html5/thumbnails/54.jpg)
Linkstwitter.com/sobca | www.facebook.com/LearnSec
www.learnsecurity.orglinkedin.com/in/donaldehester
Slideshttp://www.slideshare.net/sobca/