Ensuring Business Security: Cybersecurity Webinar Insights

Slide Note
Embed
Share

Explore cybersecurity insights from Ronnie Viera, a seasoned professional in IT and cybersecurity, covering topics such as common threats, cybersecurity basics, and the importance of protecting personal information. Gain valuable knowledge on cybersecurity measures for safeguarding your business against cyber threats.


Uploaded on Aug 02, 2024 | 0 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Cybersecurity Webinar Series: How to Ensure that your Business has the Proper Security Measures in Place Ronnie Viera, CISSP, CISM, CISA, CRISC, CertIoD Chief Operating Officer First Atlantic Commerce Ltd. BEDC - Cybersecurity - August 2021, RV

  2. Disclaimer All views and opinions expressed during this presentation are for educational purposes and are solely that of the presenter and not necessarily that of the presenter's employer or any other associated organization. CGB/BEDC - Cybersecurity - August 2021, RV

  3. About Me 40+ years in IT & Cybersecurity Banking, Insurance, Payments Certified Information Systems Security Professional Certified Information Security Manager Certified Information Systems Auditor Certified in Risk and Information Systems Control Certified in Company Direction (IoD) CGB/BEDC - Cybersecurity - August 2021, RV

  4. Agenda What is Cybersecurity? Common Threats Crown Jewels The basics What can you do? Personal Information Protection Act PIPA Privacy vs Security NIST Critical Security Controls High Level Questions CGB/BEDC - Cybersecurity - August 2021, RV

  5. What is Cybersecurity? People, Processes & Technology used to protect systems & data from unauthorized access, use, disclosure, modification, disruption, removal and destruction CGB/BEDC - Cybersecurity - August 2021, RV

  6. Common Threats Phishing Email attachments URL links in email Objective: steal log-in credentials Malware Email attachments Downloading rogue software Accessing infected web sites Objective: steal log-in credentials; gain access to your own network; extract data CGB/BEDC - Cybersecurity - August 2021, RV

  7. Common Threats Ransomware Email attachments Encrypts data on your workstation and likely others in your network Objective: payment of ransom money typically in digital coin IoT (Fridge, light bulbs, cameras, doorbells etc.) Insecure log-in credentials out of the box Unpatched vulnerabilities Objective: Gaining access to other devices on your network such as PC workstations and servers CGB/BEDC - Cybersecurity - August 2021, RV

  8. Crown Jewels? Essential to determine what you need to protect What are your company s crown jewels What data or systems, if lost or unavailable, would cause significant damage to your business and/or profitability? Where are they stored? Who has access? How are they being protected? Are they being backed up to a secure location? Risk Assessment All security controls should be focused on protecting the data, systems, and processes identified CGB/BEDC - Cybersecurity - August 2021, RV

  9. Cybersecurity Layers: CGB/BEDC - Cybersecurity - August 2021, RV

  10. The Basics What Can You Do? Access Controls ensure that only authorised individuals have system access and to only what they need Strong Passwords Easy to remember, hard to guess Minimum length of 12 characters or a phrase e.g. Th1sguy!5nu7s Mixture - letters - upper/lower case, numbers, special characters Multi-factor authentication extra security by requiring the user to present two different proofs of identity before they can gain access usually a password plus a code that s sent to the user s phone, for example IoT Log in Credentials & Patching/Updates CHANGE the log in credentials out of the box never retain the default credentials delivered with the device Ensure the all device updates are applied as soon as available Use a separate network where possible CGB/BEDC - Cybersecurity - August 2021, RV

  11. The Basics What Can You Do? Keep your Network, PC Workstations & Servers Up to Date Be sure to apply patches/software updates as soon as possible Anti-Malware software Never connect to the Internet without having protection installed and operational Ensure updates are applied regularly Firewall security First line of defence ensure your internet connection is protected Use a Virtual Private Network (VPN) Provides the ability to hide IP addresses and secures all data on the connection CGB/BEDC - Cybersecurity - August 2021, RV

  12. The Basics What Can You Do? Minimise the number of Access Points to Network Train staff Highest risk are employees Security awareness training How to spot phishing emails, detect suspicious activity, etc. Reporting process for security issues Provide a method for staff to report all suspicious events Process should not be punitive Timely reporting is essential Physical Security Where is the data stored? Who has access to it? Is the equipment stored in a secure location? Is it sufficiently protected? Air conditioning, fire protection, water etc. CGB/BEDC - Cybersecurity - August 2021, RV

  13. The Basics What Can You Do? Ensure that all data and critical systems are backed up regularly Must not be accessible on the same network as primary data Test the backup restore process Ensure that any backup media is stored securely and protected from hazards such as fire and water Reporting process for security issues Provide a method for staff to report all suspicious events Process should not be punitive Timely reporting is essential Develop a cybersecurity policy Invest in insurance if possible On going monitoring for suspicious activity CGB/BEDC - Cybersecurity - August 2021, RV

  14. The basics What can you do? Ensure that all data and critical systems are backed up regularly Must not be accessible on the same network as primary data Test the backup restore process Ensure that any backup media is stored securely and protected from hazards such as fire and water Reporting process for security issues Provide a method for staff to report all suspicious events Process should not be punitive Timely reporting is essential Develop a Cybersecurity policy Invest in Insurance if possible On going Monitoring for suspicious activity CGB/BEDC - Cybersecurity - August 2021, RV

  15. Personal Information Protection Act PIPA Governs how sensitive data on a person is used and handled Sensitive personal information means any personal information relating to an individual s place of origin, race, colour, national or ethnic origin, sex, sexual orientation, sexual life, marital status, physical or mental disability, physical or mental health, family status, religious beliefs, political opinions, trade union membership, biometric information or genetic information. Any business that stores or processes sensitive personal data will have to abide by the Act once it comes into force. Start by carrying out a data inventory in your systems to determine what type of personal data you are storing. Review the processes around collection and maintenance. CGB/BEDC - Cybersecurity - August 2021, RV

  16. Critical Security Controls CGB/BEDC - Cybersecurity - August 2021, RV

  17. CGB/BEDC - Cybersecurity - August 2021, RV

  18. CGB/BEDC - Cybersecurity - August 2021, RV

Related


More Related Content