Keeping your data, money & reputation safe

Slides:

Advertisements

Similar presentations

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

Advertisements

Business Continuity Check List PageOne. - Why Does Your Business Need A Continuity Checklist? Should the unexpected occur, your business will be able.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Threats to I.T Internet security By Cameron Mundy.

Protecting Yourself Online (Information Assurance)

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Security of systems Security risks come from two areas: employees (who introduce accidental and intentional risks) and external computer crime. Unfortunately.

IT Security for Users By Matthew Moody.

IT security By Tilly Gerlack.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

 A viruses is a program that can harm or track your computer. E.g. browser hijacker.  When a viruses accesses the computer it can accesses the HDD and.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

The way to avoid being trap into cyber crime. What is cyber crime? The Department of Justice categorizes computer crime in three ways: 1. The computer.

Internet Safety Internet Safety LPM

Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.

MIS323 – Business Telecommunications Chapter 10 Security.

Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.

1 #UPAugusta Today’s Topics What are Deadly IT Sins? Know them. Fear them. Fix them. #UPAugusta201 6.

Information Security January What is Information Security?  Information Security is about the physical security of our equipment and networks as.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

Devon LMC workshop Kai Winterbottom, Group Manager, Good Practice Jonathan Kay, Lead Auditor, Good Practice Maria Dominey, Team Manager, Good Practice.

1 Outline of this module By the end of this module, you will be able to: – Understand what is meant by “identity crime”; – Name the different types of.

Threats To Data 30 Threats To Data 30. Threats To Data 30 We’re now going to look at a range of different threats to people’s data: Opportunity Threats.

Computer Security Keeping you and your computer safe in the digital world.

Mobile device security Practical advice on how to keep your mobile device and the data on it safe.

Tuesday March 15, 2016 Session 19-D Technology Forum David Finkelstein, CIO RiverSpring Health.

Welcome to the ICT Department Unit 3_5 Security Policies.

TOTAL POLICING LDSC: Protecting London’s Business Community. Presentation to.

Presented by: SBS CyberSecurity © SBS CyberSecurity, LLC

Case Study - Target.

Comprehensive Security and Compliance at an Affordable Price.

Careers in Cyber Security

Information Security.

Team 2 – understand vulnerabilities

Cyber Crime What’s all the fuss about?

Data Protection Session

RCCU Zephyr South West Regional Cyber Crime Unit.

COMP3357 Managing Cyber Risk

Tackling Cyber threats together

Information Security 101 Richard Davis, Rob Laltrello.

Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Bird Team Lead, Account Executive.

The Insurance Sector & Beyond – Managing The Threat Within

Forensics Week 11.

Unit 7 – Organisational Systems Security

Cybersecurity Awareness

Robert Leonard Information Security Manager Hamilton

Mary Kummer Jim McNall PRIMA Spring Training 2018

Andy Hall – Cyber & Tech INSURANCE Specialist

Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Andrew Cotton.

Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Matthew Gardiner Product Marketing.

Network Security Best Practices

David J. Carter, CISO Commonwealth Office of Technology

Finham Primary School – GDPR Practice Guidelines

GDPR (General Data Protection Regulation)

Learning Link Scotland

Cyber Security Culture

Anatomy of a Large Scale Attack

Steppa Cyber Security Training Tips Your Business Was Seeking For With Cyber Security Training!

Qiyu chen, Xiaomin Dong, Chenhui Lai, Xinteng Chen, Vittorio DiPentino

Tackling Cyber threats together

Cybersecurity EXERCISE (CE) ATD Scenario questions

LO1 - Know about aspects of cyber security

Employee Cybersecurity Program

Cybersecurity: Don’t Be Scared; Be Prepared Dean Choudhri, CISSP, CISM, CRISC Assistant Vice President, Cybersecurity and Information Assurance Alloya.

CIO City Of West Palm Beach

“Workplace Behaviour: Activating your greatest security asset”

Founded in 2002, Credit Abuse Resistance Education (CARE) educates high school and college students on the responsible use of credit and other fundamentals.

Privacy and Security Basics Training

Presentation transcript:

Keeping your data, money & reputation safe Cyber Resilience: Keeping your data, money & reputation safe

Information governance, assurance and cyber resilience Give people clearer, more consistent choice around how their information is shared Streamline governance Publish clear guidelines Improve security of how health & care organisations handle information (cyber resilience)

Third sector cyber resilience Common approach (pathway) to cyber resilience Strengthening awareness Partnership working, knowledge sharing & leadership Supply chain cyber security Strengthening incentives Benchmarking, monitoring & evaluation

Being cyber resilient is: Taking steps to reduce the risk of cyber breaches Making sure that if a breach occurs you know how to respond to ensure: Adequate legal response Responsible public response Business continuity

A cyber breach is: An incident in which data is lost or stolen. Such as: Financial data (££s from your bank) Security data (usernames/passwords) Personal data (emails, address, phone numbers, medical data…) In some cases, security data or personal data could be more ‘costly’ than financial data Requirements to report cyber breaches in relation to the loss or theft of data are included in GDPR

Myth vs. Reality

What are the main causes of cyber breaches? Myth: Hackers, Ransomware, Viruses Reality: “48% of business who have experienced a breach said the root cause was a “negligent employee or contractor”. A cyber breach is not always a cyber-attack.

Who are the targets? Myth: Hackers focus on big business and high-profile companies with lots of money or data Reality: Everyone… Whoever takes the bait Vulnerable: individuals and businesses

What are the types of threats? Accidental loss of data Insider treats Disgruntled employee? Opportunity? Making a statement – whistleblowing? Moving to a competitor? Incentivised? Social Engineering Phishing Spear-phishing Whaling Viruses Malware Spyware Ransomware DDoS BYOD Policies Security software

Vulnerable Organisations Who are the targets? Vulnerable Organisations Vulnerable People

Taking it seriously Assume that you will have an attack or a breach You may already have… People are testing “doors” looking for ones which are weak, vulnerable, or left unlocked Have you checked if your doors are locked?

Don’t be an easy target… The most common breaches are simple and avoidable They are aimed at those who have not taken any steps to prepare. Do your staff have basic knowledge? Be aware that CEOs are often the biggest target and the weakest link (And the most difficult to educate?)

Consider what someone could do if they get hold of some of your data… Scenario – what if…? Consider what someone could do if they get hold of some of your data…

What if… Some of your user data gets into the wrong hands… An email is sent to wrong address A USB pen dropped in the street A disgruntled team member exports your data base Or a hacker uses a well know weakness in unpatched software

Scenario – what if? They could then buy a domain similar to yours. For as little as £0.01

Scenario – what if? They could then easily clone your website and put in on their newly purchased domain They could email the list of contacts they got from the data breach, asking for a donation to your charity 100s of people give donations inc. bank details and home addresses.

What should we do now?

Lock your doors! Four areas to consider and act on: IT Security: investigate your IT security Protecting your technology from threats (e.g. Cyber Essentials) Data management: conduct a data audit Ensuring your Data is managed properly (e.g. GDPR) Staff education: Increase staff knowledge and awareness to protecting from Scams (e.g. online/offline training) Response: incident response plan Ensuring business continuity and adequate response - Legal response - Public response - Individual response

Discuss

Discuss Where do you think your strengths are in being cyber resilient? What do you think your weaknesses are in being cyber resilient? What help / actions are needed to take to improve your cyber resilience (and third sector health & social care providers in general)?