Security and Legal: Keeping your Business and Customers Information Safe Online
45
Capital Region Security and Legal: Keeping your Business and Customers Information Safe Online Presented by: Threesides Marketing
-
Upload
capital-region-digital-enterprise -
Category
Law
-
view
138 -
download
1
description
As more and more organisations do business online it is necessary for owners and managers to understand what they can do to secure business and client information. This workshop looks at variety of topics to manage security requirements for online businesses including: - Your own computer’s security - Keeping your website safe - Protecting customer information - Storing data online and backing up data - Managing online payments and avoiding fraud Just as your organisation may face legal issues when operating in the physical world, it may face legal issues when operating in the online world. The final part of this workshop will focus on key legal tips for organisations doing business online. Topics include: - The security issues facing your business - Cloud computing - Securing your hardware and fixed assets - Security of mobile devices and information - Using cloud based software - Backups and online data storage - Password security and management - Simple Disaster recovery planning This session is part of the Capital Region Digital Enterprise program. For more information visit www.crde.com.au This workshop was presented by Threesides Marketing www.threesides.com.au
Transcript of Security and Legal: Keeping your Business and Customers Information Safe Online
Capital Region
Security and Legal: Keeping your Business and Customers Information Safe Online
Presented by: Threesides Marketing
Housekeeping
RDA Southern Inland Region
Key Initiatives• South East Region of Renewable
Energy Excellence• Regional Sponsored Migration
Scheme• Southern NSW Harvest Association• Capital Region Digital Enterprise
Program
How We Can Help You• Access to government programs• Advice and training• Sourcing skilled labour• Grants - support and data• Networks and contacts
www.threesides.com.au
www.Facebook.com/threesides
www.Twitter.com/threesides
www.slideshare.net/threesides
What can we achieve today?
Inspire
Direct
Inform
Learning outcomes
1. Recognise the key security and legal issues of doing business online.
2. Compare different options to secure your business using hardware and software
3. Understand other legal and privacy implications in the online space.
Think cyber criminals only target big companies?
Images: McAfee Security Checklist
10 Step Security Checklist
1. Train your employees
2. Know your data
3. Inventory your devices
4. Protect your network
5. Secure your physical devices
6. Keep your facilities safe
7. Protect your website and ensure safe browsing
8. Create clear cybersecurity policies
9. Properly dispose of end-of-life devices and documents
10. Screen employees thoroughlySource: McAfee Security Checklist
1. Train your employees
Use strong passwords: uppercase, lowercase, numbers, symbols, etc. http://strongpasswordgenerator.com/
Avoid dangerous links and email attachments don’t open links or attachments unless you know they’re safe. Navigate to a website directly.
Online password management toolsPros Portability Possess low risk of losing
passwords Do not require any type of
software installation Provides secure back-ups in
case there’s damage to a
single PC
Cons: Requires a user to trust the
hosting site Susceptible to cyber attacks No guarantee over appropriate
encryption of stored password with a user defined key
Top 10 Reviews: http://online-password-manager-review.toptenreviews.com/
2. Know your data
Do you know where all your sensitive information is? Do an audit of confidential information on your PC
and online storage e.g. website What is considered sensitive? medical history, credit
card numbers, bank account numbers, insurance info, spouse and dependent info, dates of birth, home address, phone number, email addresses
Backup and encrypt data to avoid unauthorised access
Backup tools
http://www.symantec.com/en/au/solutions/smallbusiness
3.Inventory your devices
What about other devices? Memory sticks, smartphones, tablets,
laptops, etc. Do you allow BYOD in your office /
business?
Click of death – Hard drive failure
Over a three-year period, 3.1% of Hitachi's drives failed; 5.2% of Western Digital's drives died; and a sizable 26.5% of Seagate's drives failed.
"The Seagate drives start strong, but die off at a consistently higher rate, with a burst of deaths near the 20-month mark."
The study includes data on 15 drive models totaling more than 12,000 drives each from Seagate and Hitachi, and almost 3,000 drives from Western Digital.
http://www.computerworld.com/s/article/9245630/Read_this_before_you_buy_another_hard_drive
4. Protect your network
Connect to networks safely – be careful what you open over open and public wireless networks and use VPN software when conducting business
Keep security software up to date Set your Bluetooth as undiscoverable If you don’t know how?
pay someone who does!!
http://www.avgfree.com.au/
http://au.norton.com/360/
5. Secure physical devices
Do you lock up servers or unused devices? even old memory sticks and laptops
6. Keep your business premises safe
Don’t let strangers wander through your premises no matter how nice they are
Alarm systems and cameras
7. Protect your website and ensure safe browsing
Use reparable hosting read reviews talk to others use hosts who specialise in your type of website if you have concerns move your hosting
Security plugins Avoid Torrents
http://wpengine.com/
http://hostify.com.au/
E-commerce safety
Do you need a security certificate? Payment gateways – customers payment
data Retaining customer details – Australian
Privacy Principles
https://cheapsslsecurity.com/
http://www.eway.com.au/
8. Create clear cybersecurity policies
Have policy about: Use of cloud computing and online file sharing tools
delete files when no longer required, Make sure you are comfortable with the terms and conditions
of the provider Use of social media – do your staff need admin rights?
What happens when they leave? Use of own devices:
- security protection- deletion of records- do others use their device?
http://mindfulsecurity.com/
Policy(general
management statements)
Standards(specific mandatory
controls)
Guidelines(recommendations/best practices)
Procedures(step-by-step instructions)
9. Properly dispose of end-of-life devices/documents
Give to charity but make sure you remove sensitive data first. Use a hard drive wiper e.g. Ccleaner (paid) Darik's Boot And Nuke (free) Eraser (free)
10. Screen employees thoroughly
Start offline (recruitment) before you let them go online
Disaster recovery planning
How quickly can your business start back up if your premises is out of action (Fire, Flood, Asbestos) or your website goes down?
Where is your information stored? Do you know how to recover it? Have you tested it? How long will it take? What will it cost you? Who is on standby to help you?
Other Legal issues
Copyright
Privacy + Using 3rd party sites
Trademark protection
Terms and conditions
International trade and postage
Consumer affairs
Trade permits
Spam Act 2003
E-commerce and fundraising
Tips to get started
1. Secure you hardware and devices
2. Make sure you have reliable data backups
3. Reduce and block external threats
4. Know who has access to what in your business
5. Test your digital recovery plan - communicate to staff and suppliers
Workshops and Consultations
Workshops– Series of 17 workshop topics over the next 12
months– Free sessions – subsidised by federal government –
in Queanbeyan and across the region
Digital Consultations– Face-to-face in your business– Develop and digital business plan– Identify 3 get started now actions– Help you start in the right digital direction
Workshop feedback
https://forms.communications.gov.au/enterprisegroupfeedback
Verification word: dog
Stay in touch
Website:
www.crde.com.au
Call the office:
62970933
Stay on our email list
Tell a friend!
