security 101 for no- techies
TRANSCRIPT
Security for Non-Techs
Bulletproof
Introduction to IT Security Understanding the Modern Business Landscape Where IT Leaders are focusing Understanding the core principles of IT Security
3 Focus Areas Ransomware Passwords Wi-Fi Security
Short 5 Minute Break
Barnier Law Legal Side of IT Security
Format
Before We StartGround Rules
Ask Questions
Tell me if this is what you hear!
Slides will be availible afterwards!
Obviously Confidential
The World Has Changed!
Agility & Mobility
Increased Complexity
Top 3 Focus Areas of IT Leaders around the world
Top Challenges Focus on Users
Increasing Security Measures
“It Takes The Entire Organization— Not Just The Latest Technology—to Keep
Sensitive Data And People Safe”
What’s Your Security Strategy?
Security Through Risk Management
Security Through Obscurity
Security Through Obscurity•We store our passwords at uptakedigital.com.au/passwords
– but no one knows its there so we are safe.
• Our staff are good people and would never steal or compromise data in our organisation.
•We are only a small business, we are one of millions.who will attack us when they can attack the big targets?
The End of Security Though Obscurity
Security Through Risk Management•We use a Password Manager to encrypt, control and store
company passwords.
•We have strong policies and procedures to protect company information from being compromised
•We encrypt our sensitive files to protect our customers information.
The Two Most Important Ideas of IT Security
Think Layers
Think Trust
Ransomware
50% of Hospitals have had Ransomware
Antivirus doesn’t work like it used to
Typical Scenario
• Very Busy
• Manages Finances/HR
Time to Enact The Ransomware Plan
“No Worries MateWe Will Just Restore the
Backup”
Backup Encrypted
“You left the backup plugged in, we will have to pay the ransom mate”
Hello SirI will help you get the bitcoins you
need.
Files Decrypted
“Phew, That was close.”
Preventing and Preparing for a
ransomware attack
First take some preparatory steps
• Ransomware DR Plan
• Build a strong security stack
• Improve IT Planning and Audit Process
The most important thing
• Secure Offsite Backup
• Documented Continuity Plan
• Regular Backup Testing
Passwords
63% of confirmed data breaches involved hackers leveraging weak, default,
or stolen passwords.
Passwords in the wild
Passwords in the Wild
174 million passwords cracked in one week
So what can you do?
Passwords you need to remember
Hard to Guess, Not in the PW Dictionary
Passwords you don’t need to remember
100+ Password
s
Passwords I must memorise
• Password Manager (PM)• Laptop Password• Office 365 Password• Phone Lock code
Passwords the PM can remember
• Banking Password• Mailchimp Password• Facebook Password• Credit Card Details• 100+ other passwords
Password for my laptopDish-Tide-Engineer-Horizontal-7(bad at remembering characters)
Password for my zip archivejo&^sNG,j(}Ip|"9jo&^sNG,j(}Ip|"9(good at remembering characters)
Password Managers• Store Passwords in an encrypted form
• Help come up with passwords on your behalf
• Can automatically change passwords for you (and alert you of breaches)
• Allow you to share passwords securely
• Have reporting mechanisms to alert the organisation to weak passwords
Save
50 Hours a year!
Multi-Factor Auth (MFA)
something you have something you know
something you are
SSO – Single Sign On
Wi-Fi Security
Outside of the Office
Avoid Public Wi-Fi like the plague
When outside the safety of your firewall…
Inside of the Office
Have you ever let an external party on your
internal network?
OPEN, WEP, WPA(insecure)
WPA 2Enterprise(Radius)
WPA 2Personal
(PSK)
Think Layers
Think Trust
SECURITY MINDSET
Any Questions?
Bulletproof Security for Non-Techs
Your Legal responsibility and how to manage it
Your Business / Company
• Sole Trader• Family business• Partnerships• Joint ventures• Companies – small, medium,
large
Your Business / Company
Owner / Directors
• Sole Trader/ Owner• Partners• Family member management
committee• Board
Your Business / Company
Owner / Directors Employees
• Family members• Relatives• Staff• Employees• contractors
Your Business / Company
Owner / Directors Employees
Customers
Your Customers
• Customer personal information• Name, address, mobile• Bank Acc. / Credit card details• Age / gender
The Wake-up Call
Here’s the rest of the story...
Your Business / Company
Owner / Directors Employees
Customers
Duty of Care
Duty of Care to keep customer information private:
• Likely harm if disclosed (eg. reputational / financial)• Reasonable care to avoid harm by disclosure• Negligence leading to a breach of duty of care
Your Business / Company
Owner / Directors Employees
Customers
Duty of Care
Basic Business Risk:– leak of confidential information, including • customer personal information • trade secrets (eg. suppliers, procedures, client list)• Staff personal information
Basic Business Structure
Your Business / Company
Owner / Directors Employees
Customers
Duty of CareIT Dept /
Ext Provider
Storing Customer & Business information:
• Hardware / Software• Internet / Intranet• Specialist programs / Fire-walls• Information security
Your Business / Company
Owner / Directors Employees
Customers
Duty of CareIT Dept /
Ext Provider
Employment Contract
Contract Clauses include:
• Confidentiality & non disclosure of information
• Act honestly & with integrity• Comply with organisation policies /
directions
Your Business / Company
Owner / Directors Employees
Customers
Duty of CareIT Dept /
Ext Provider
Employment Contract
Board Policies
• Risk Identification & minimisation• Confidentiality• Code of Conduct• Delegation of Authority & Governance
Your Business / Company
Owner / Directors Employees
Customers
Duty of CareIT Dept /
Ext Provider
Employment Contract
Board Policies Management Procedures
• Confidentiality & Disclosure of information• Privacy Policy / Staff Code of Conduct / Internal Procedures • Intranet / Internet / Email use
Your Business / Company
Owner / Directors Employees
Customers
Duty of CareIT Dept /
Ext Provider
Employment Contract
Board Policies Management Procedures
Elements of reducing your Liability for damages from a breach of the Duty of Care you owe to your Customers