Security 101 for No- techies

Security for Non-Techs

Bulletproof

Introduction to IT Security Understanding the Modern Business Landscape Where IT Leaders are focusing Understanding the core principles of IT Security

3 Focus Areas Ransomware Passwords Wi-Fi Security

Short 5 Minute Break

Barnier Law Legal Side of IT Security

Format

Before We StartGround Rules

Ask Questions

Tell me if this is what you hear!

Slides will be availible afterwards!

Obviously Confidential

The World Has Changed!

Agility & Mobility

Increased Complexity

Top 3 Focus Areas of IT Leaders around the world

Top Challenges Focus on Users

Increasing Security Measures

“It Takes The Entire Organization— Not Just The Latest Technology—to Keep

Sensitive Data And People Safe”

What’s Your Security Strategy?

Security Through Risk Management

Security Through Obscurity

Security Through Obscurity•We store our passwords at uptakedigital.com.au/passwords

– but no one knows its there so we are safe.

• Our staff are good people and would never steal or compromise data in our organisation.

•We are only a small business, we are one of millions.who will attack us when they can attack the big targets?

The End of Security Though Obscurity

https://www.uptakedigital.com.au/passwords/

Security Through Risk Management•We use a Password Manager to encrypt, control and store

company passwords.

•We have strong policies and procedures to protect company information from being compromised

•We encrypt our sensitive files to protect our customers information.

The Two Most Important Ideas of IT Security

Think Layers

Think Trust

Ransomware

50% of Hospitals have had Ransomware

Antivirus doesn’t work like it used to

Typical Scenario

• Very Busy

• Manages Finances/HR

Time to Enact The Ransomware Plan

“No Worries MateWe Will Just Restore the

Backup”

Backup Encrypted

“You left the backup plugged in, we will have to pay the ransom mate”

Hello SirI will help you get the bitcoins you

need.

Files Decrypted

“Phew, That was close.”

Preventing and Preparing for a

ransomware attack

First take some preparatory steps

• Ransomware DR Plan

• Build a strong security stack

• Improve IT Planning and Audit Process

The most important thing

• Secure Offsite Backup

• Documented Continuity Plan

• Regular Backup Testing

Passwords

63% of confirmed data breaches involved hackers leveraging weak, default,

or stolen passwords.

Passwords in the wild

Passwords in the Wild

174 million passwords cracked in one week

So what can you do?

Passwords you need to remember

Hard to Guess, Not in the PW Dictionary

Passwords you don’t need to remember

100+ Password

s

Passwords I must memorise

• Password Manager (PM)• Laptop Password• Office 365 Password• Phone Lock code

Passwords the PM can remember

• Banking Password• Mailchimp Password• Facebook Password• Credit Card Details• 100+ other passwords

Password for my laptopDish-Tide-Engineer-Horizontal-7(bad at remembering characters)

Password for my zip archivejo&^sNG,j(}Ip|"9jo&^sNG,j(}Ip|"9(good at remembering characters)

Password Managers• Store Passwords in an encrypted form

• Help come up with passwords on your behalf

• Can automatically change passwords for you (and alert you of breaches)

• Allow you to share passwords securely

• Have reporting mechanisms to alert the organisation to weak passwords

Save

50 Hours a year!

Multi-Factor Auth (MFA)

something you have something you know

something you are

SSO – Single Sign On

Wi-Fi Security

Outside of the Office

Avoid Public Wi-Fi like the plague

When outside the safety of your firewall…

Inside of the Office

Have you ever let an external party on your

internal network?

OPEN, WEP, WPA(insecure)

WPA 2Enterprise(Radius)

WPA 2Personal

(PSK)

Think Layers

Think Trust

SECURITY MINDSET

Any Questions?

Bulletproof Security for Non-Techs

Your Legal responsibility and how to manage it

Your Business / Company

• Sole Trader• Family business• Partnerships• Joint ventures• Companies – small, medium,

large


Owner / Directors

• Sole Trader/ Owner• Partners• Family member management

committee• Board


Owner / Directors Employees

• Family members• Relatives• Staff• Employees• contractors



Customers

Your Customers

• Customer personal information• Name, address, mobile• Bank Acc. / Credit card details• Age / gender

The Wake-up Call

Here’s the rest of the story...



Customers

Duty of Care

Duty of Care to keep customer information private:

• Likely harm if disclosed (eg. reputational / financial)• Reasonable care to avoid harm by disclosure• Negligence leading to a breach of duty of care



Customers

Duty of Care

Basic Business Risk:– leak of confidential information, including • customer personal information • trade secrets (eg. suppliers, procedures, client list)• Staff personal information

Basic Business Structure



Customers

Duty of CareIT Dept /

Ext Provider

Storing Customer & Business information:

• Hardware / Software• Internet / Intranet• Specialist programs / Fire-walls• Information security



Customers


Ext Provider

Employment Contract

Contract Clauses include:

• Confidentiality & non disclosure of information

• Act honestly & with integrity• Comply with organisation policies /

directions



Customers


Ext Provider

Employment Contract

Board Policies

• Risk Identification & minimisation• Confidentiality• Code of Conduct• Delegation of Authority & Governance



Customers


Ext Provider

Employment Contract

Board Policies Management Procedures

• Confidentiality & Disclosure of information• Privacy Policy / Staff Code of Conduct / Internal Procedures • Intranet / Internet / Email use



Customers


Ext Provider

Employment Contract

Board Policies Management Procedures

Elements of reducing your Liability for damages from a breach of the Duty of Care you owe to your Customers

Security 101 for No- techies

Technology

Transcript of Security 101 for No- techies