Security Readiness

WebinarSeries

March 2017

About Community IT

Advancing mission through the effective use

of technology.

100% Employee Owned

Presenter

Matthew EshlemanCTO

Background Reading

• Co-sponsored Idealware Security Report in 2016• http://www.idealware.org/reports/nonprofits-

need-know-security-practical-guide-managing-risk/

• Community IT Security Playbook• http://www.communityit.com/blog/security-pl

aybook/

• Security webinars• http://www.communityit.com/resources/2016-

jan-it-security-threats/• http://www.communityit.com/resources/webi

nar-february-18-2016-backups-and-disaster-recovery-for-nonprofits/

• 20 Critical Security Controls• https://citidc.sharepoint.com/sites/SecurityArc

hitecture/Shared%20Documents/Community%20IT%20Security%20Controls.docx?web=1

Current Landscape

• Increased sophistication in attacks• Financially motivated hacking• Credential trading• Increased organization awareness of risks of

security breach• IT controls part of financial audit• Complex security solution landscape

$1.2 Billion Paid in Ransomware

- 201798% of Malware found on only 1

systemBuild your own ransomware system for

$400

Security Breaches

to date

Brute Force Attacks• Brute Force attacks via RDP• Staff Accounts• Service Accounts

Credential Theft• Credential Theft• W2 Scam• Job Offer Scam

Compromised Partner• Compromised Partner• Account for Network Service• Account for printer

Security Awareness Training• SANS Securing the Human –

Resources1 – No Awareness Program2 – Compliance Focused3 – Promotes Awareness & Change4 – Long – Term Sustainment5 – Metrics Framework

• Focus Security Training

• Use Likelihood x Impact to identify biggest risks

Best Practices

• Password Policy• 8 characters minimum• 90 day age• Account lockout after 5 failed attempts,

10 min reset• 2FA for Cloud

• SSO for Cloud Applications• Rename Admin Account• Complex Service Account Passwords• Disable inactive & unused accounts• Remote access

• Enable NLA for RDP• Restricted Access for Server Admin RDP• RDP behind Firewall/RD Gateway• Direct Access/VPN• Go Cloud

• Security Awareness Training for Staff

Community IT Security Toolkit

• Windows and 3rd Party Patching• Barracuda Email Security• Webroot AntiVirus• 3rd Party Malware Scanner with

Autoremediation• Reporting in LabTech

• Active Directory PasswordAge• Active Directory PrivilegedUserReport• Successful Logon with Geolocation

• Crowdstrike Falcon Host with Overwatch• Security Awareness Training

• Phishing test• Online learning

UpcomingWebinar

Single Sign On (SSO)Wednesday April 19 4:00 – 5:00 PM EST