Keeping your organization safe

44
Keeping your Organization Safe

Transcript of Keeping your organization safe

Page 1: Keeping your organization safe

Keeping your Organization

Safe

Page 2: Keeping your organization safe

Pure Perfection Catering Carr Workplaces Who is OptfinITy Network Security Email Security Desktop Security Data Loss People Quiz Questions

Agenda

Page 3: Keeping your organization safe

Pure Perfection Catering is a chef owned and operated catering company serving the Northern Virginia and Washington D.C. Metro area. 

With our combined experience of more than 40 years working in catering, hotel, and fine dining restaurants, we provide our clients with food that is great tasting and beautifully presented. 

We believe in using the freshest ingredients and sourcing local when available to not only provide a successful event, but a memorable one.

Pure Perfection Catering

Page 4: Keeping your organization safe

Whether you’re an independent professional, a startup, or an ever-expanding company, Carr Workplaces offers the office space, services, and community to help you grow.

Look no further for supportive staff, flexible options on ways to work, nationwide office locations, and a vibrant, collaborative community of professionals just like you.

Carr Workplaces

Page 5: Keeping your organization safe

Founded in 2002 with a focus on providing Peace of Mind to small businesses and non-profit organizations.

Headquartered in the Washington, DC Metropolitan area with clients across the United States.

We have worked with over 200 clients.

About Optfinity

Page 6: Keeping your organization safe

IT Strategy and Assessments Managed Services◦ 24 x 7 Network Operations Center◦ 24 x 7 Technical Support Helpdesk ◦ Infrastructure Support◦ OptfinITy Sync (Cloud Infrastructure and Solutions)

Software and Database Development Website Development◦ Content Management (CMS Works, WordPress) ◦ SharePoint◦ Search Engine Optimization

Mobile Application Development ◦ iOS (iPhone, iPad), Android (Phone & Tablet)

Phone Systems

Services and Core Competences

Page 7: Keeping your organization safe

Network Security (Protect the Infrastructure)

Email Security (Keeping Communication Safe)

Desktop Security (Protecting Desktops) Data Loss (Backup and Disaster Recovery) People (USB, Social Engineering)

Areas of Concern

Page 8: Keeping your organization safe

Network Security

Page 9: Keeping your organization safe

Use a Firewall which offers network intrusion and detection

Use Complex Passwords and only allow remote access via certain IP

Use Network monitoring app to monitor for changes and unauthorized users

Keep Firmware Updated Make ALL default rules DENY traffic and

only make exceptions where needed

Routers / Firewall

Page 10: Keeping your organization safe

Use Strong Network and Administrative Passwords

Use Strong Encryption (WPA2 and AES Encryption)

Use Separate Wifi for Guests Physically Secure Wifi Equipment Have employees use VPN Software when

using external Wifi connections

Wifi Access Points

Page 11: Keeping your organization safe

Need to have plan in place to manage and monitor BYOD (Bring Your Own Device) devices and phones.

All Phones connected to network and system resources should be encrypted with the ability to find the device and remotely wipe

Delete unneeded apps

Mobile Devices

Page 12: Keeping your organization safe

Use Strong Passwords and Strong Encryption when using VPN’s

Limit Access to only those who have a valid business need.

Provide strong antivirus protection to users

Virtual Private Networks / Remote Access

Page 13: Keeping your organization safe

Email Security

Page 14: Keeping your organization safe

An email is very likely to be spam if it… Shows up in the spam filter Contains more than one link Is overly complimentary Tells a long personal story Attempts to sell you drugs, luxury products,

or some random services Seems to be sent by yourself

Spam

M D
example?
Page 15: Keeping your organization safe

Emails are used to transmit viruses and other threats.

Consider using hosted spam protection software to keep the messages out of your network.

Use Strong Passwords on your accounts Utilize 2 Factor Authentication for your

email

Protecting Email from Spam and Antivirus Protection

Page 16: Keeping your organization safe

In addition to the characteristics of spams, an email is likely to be a phishing email if it… Contains mismatch URLs. e.g.

http://www.dell.com/support Contains misleading URLs. e.g.

www.shop.ebay.maliciousdomain.com Asks you to send money to cover expenses Makes a unrealistic threat Appears to be from a government agency

Phishing

Page 17: Keeping your organization safe

Example of a Phishing Email

Page 18: Keeping your organization safe

To Trust or not to Trust

Page 19: Keeping your organization safe

Train your employees on what Phishing is – use automated testing and educational videos

“When in doubt, throw it out” – delete emails that are questionable and if from someone you know, email them separately.

Use Phishing monitoring software (hosted solutions) which track phishing emails and delete them.

Phishing

Page 20: Keeping your organization safe

Utilize email encryption when sending emails with any protected information (PHI, Social Security Information, Company information)

Implement policies on who can send information and what it may contain.

Email Encryption

Page 21: Keeping your organization safe

Desktop Security

Page 22: Keeping your organization safe

Keep Security Software Current – Have the latest security software, web browser and operating system are the best defenses against viruses and online threats.

Automate Software Updates – many software programs need to release security patches and it is important to have them managed installed/auto installed

Protect EVERYTHING: - protect all machines including smartphones, gaming systems, etc.

Scan EVERYHING: - USB and other External Devices can be infected by viruses and malware – scan them as well

Keep Machine Clean

Page 23: Keeping your organization safe

Antivirus Software Antimalware Software Application Level Encryption -

Utilize Desktop Protection

Page 24: Keeping your organization safe

Data Security

Page 25: Keeping your organization safe

Utilize an automatic backup solution which copies the data and moves it offsite via the cloud

Utilize Encryption on the data backups Use MULTIPLE BACKUPS OF FILES

Backup Continuously and Securely

Page 26: Keeping your organization safe

Website Protection

Page 27: Keeping your organization safe

Data is kept on a server You view the data through a web browser The web browser has codes that can:◦Send requests to the web server on your behalf◦Render the web page into a human-friendly form

The concerns may include: ◦Can anyone else see the data exchanged between the

web browser and the server?◦How can I verify the identity of a website?◦How can I be protected if the website I visit has been

compromised?

How Does a Website Work?

Page 28: Keeping your organization safe

Except ye see signs and wonders, ye will not believe

How to Tell If a Webpage is Secure

URL is spelt correctly

URL begins with HTTPS

Green, Clickable Lock Icon

Page 29: Keeping your organization safe

HTTPS: The “s” at the end of “http” stands for secure and is using an SSL (Secure Sockets Layer) connection. Your information will be encrypted before being sent to a server.

Green Icon: It indicates that the owner of the website has been verified and is trustworthy

Technologies Under the Hood

Page 30: Keeping your organization safe

Don’t Ignore Warning MessagesWeb browsers displays a warning message when it detects that…. The certificate for the a website has

expired The name of the certificate and the

name of the website don’t match The validity of the certificate

cannot be verified The website you’re trying to visit

contains malicious code

Page 31: Keeping your organization safe

Keep your web browser up to date Utilize Web Filtering◦A local filter rejects the request for visiting

harmful website◦A remote filter blocks dishonest IP addresses◦A filtering proxy inspects the traffic between the

user and the server and filters out malicious contents

Ways to Protect

Page 32: Keeping your organization safe

Scams

Page 33: Keeping your organization safe

Criminals are…

Using social engineering to convince you to install malicious software, or hand over personal information under false pretenses.

Trying to sell you overprized services/products

Tech Support Scam

Page 34: Keeping your organization safe

Examples

Page 35: Keeping your organization safe

Examples

Page 36: Keeping your organization safe

Quiz

Page 37: Keeping your organization safe

Question 1

Page 38: Keeping your organization safe

Question 1 You receive an email as shown above, you should:

A. Use the link to update your credit cardB. Type www.paypal.com in a web browser and log in

to check your information

Page 39: Keeping your organization safe

Question 2IRS sends you an email and instructs you to provide credit card info for tax return. You should:

A. Fill the form and click “submit” button

B. Ignore this email

Page 40: Keeping your organization safe

You find a flash drive on the parking lot, it looks brand new. You should:

A. Plug it into the company computer and see if it works

B. Stare at it for a few seconds, and put it back to where you find it

Question 3

Page 41: Keeping your organization safe

Question 4

You see this pop up window, you should:

A. Ignore itB. Click the “Accept and Install” button immediately

Page 42: Keeping your organization safe

Question 5

Which of the following files looks suspicious?

Page 43: Keeping your organization safe

Under the current security landscape, everyone is a target

Be paranoid

Summary

Page 44: Keeping your organization safe

Questions?Email us at

[email protected]

Call (703)-790-0400