Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan
2 Agenda Security Hack 2FA Security Concerns Case Studies Security Process Security Preparation Examples Prevention Recent Breaches Costs of a Breach Cyber Insurance
3 Security Hack Security Demo
2FA – what is it and why you should use it everywhere you can
5 Security Concerns Broad security concerns for businesses For remote users For home users For firms that hold client data (legal implications) In an Information Age, Information is Power How much is your info worth to hackers? A LOT! Info is saved, stored, and flows freely Mobility BYOD Some employees have a tendency to be careless – it takes only one!
6 Case Studies Law firm and insurance company Security issues Risk? TJX, Home Depot, Target, JP Morgan, Anthem Vermont Country Store, other smaller companies HIPAA
7 Security is a Process of Prevention Security is an ongoing process and there is no such thing as being completely secure!!! The criminals work at this all day, every day, and so must your security team. You must have a team working together to enforce security and comprised of….. Management Legal Communications IT/Security
What can small/mid-size businesses do specifically to reduce their risk of exposure to a security breach? Manage IT from a security standpoint Behavior modification – passwords, remote logins, training Ongoing monitoring, Two-factor authentication, employment policies Distrust & Caution are the Parents of Security (Ben Franklin) Security protocols, Vigilance, etc….
9 Security Preparation 30% of small business get hacked each year - of them, 60% close within in a year
Security Preparation (2) Take a proactive approach Have a written plan in place on how to protect before, during, and after an attempt to breach Developed by your IT, Security and Legal teams Put a C-level person on it Risk management Shift risk (& make yourself a good risk – see yourself through the lens of an insurer) Cycle, Prevent, Detect, Respond, Recover
Elements of a Plan Treat company information like the crown jewels Understand what you have, why/how you store & secure it, why you keep it. You cannot lose data you don’t have. Risk cannot be managed after a breach occurs when panic and confusion have set in. Calm communication of facts shows a company in control of itself, its systems, and the story.
12 Cyber Insurance Cyber insurance Policy for the business Policy for client data Coverage? Are all policies the same? Expense? Directors & Officers? Class actions? Is there a standard of care for negligence? All are good questions – get your insurance broker involved and ask the questions !!
13 Examples How small business data get hacked What has been seen out in the field and how was it handled. Law Firm Manufacturer Entertainment Company Start up
14 Recent Breaches Why are large companies like Target and Home Depot breached? What could have been done better? What lessons we take from those events that can be implemented for any business, of any size? Board of Directors, Corporate Officers How much and when to disclose/notify Penalties vs. harm to the corporate image
15 Costs of a Breach IT Costs Investigation Remediation Business Interruption Recovery & Prevention Management & P R Costs Notification (Regulatory Compliance) of Affected Parties External Communications (P R)/Loss of Reputation/Share Price Legal advise & counseling Legal Team Litigation Costs (Defense and Indemnity), Class Actions The Forensic point of view – if data needs to be analyzed as to who did what, when, how
16 Top 10 Breaches (that were published as of October 2014)
Thank You! Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan