Friday, October 23, 2015

Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Kevin Bodell Systems and Infrastructure Manager City Creek Reserve, Inc. Kevin Bodell Systems and Infrastructure Manager City Creek Reserve, Inc. Smart Chick Megan Orser Smart Apartment Solutions Smart Chick Megan Orser Smart Apartment Solutions

TUESDAY, OCTOBER 20, 2015

Mark Stamford, OCCAMSEC

Symantec found that 17 percent of all android apps were actually malware in disguise. Ransomware attacks grew 113 percent in 2014, along with 45 times more crypto-ransomware attacks INTERNET SECURITY THREAT REPORT, Symantec

Small Business A recent infographic by Towergate Insurance said that last year, 97 percent of smaller businesses neglected to prioritize online security improvement for future business growth. VS

It’s not IF, It’s WHEN! It’s not IF, It’s WHEN!

Social Engineering Phishing Hacking Ransomware

A non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures Social engineering is one of the most effective ways to circumvent established security protocol Targets human “vulnerabilities” (helpfulness, fear, insecurity)

10

Building Management Systems Energy Management Systems Emergency Notification Systems Customer Portals Integrated Work Management Systems Poor Password Protection Unmonitored Access Points Rudimentary Software

Midsize Businesses The most common causes were malicious or criminal attacks (44 percent), followed by employee negligence (31 percent) and system glitches (25 percent). The intent of the breach is usually information theft leading to financial gain, rather than so-called hacktivism,

Resident/Employees Files Social Security Number Drivers License Major Credit Cards Credit Report Address History Employment History Business Reputation

Prevent What is the risk? What is your exposure? Prepare What can you do to prepare for the inevitable? What practical approaches can you take to minimize exposure? Respond How do you minimize the impact to business as usual when it does happen? How do you mitigate risk once it’s happened?

Data Classification Level 1Level 2Level 3Level 4 Data that may be freely disclosed with the public. Internal data that is not meant for public disclosure. Sensitive internal data that if disclosed could negatively affect operations. Highly sensitive corporate and customer data that if disclosed could put the organization at financial or legal risk. Example: Contact information, price lists Example: Sales contest rules, organizational charts Example: Contracts with third-party suppliers, employee reviews Example: Employee social security numbers, customer credit card numbers Prevent Prepar e Respo nd

Network & Physical Security Controls Network, Computer, and Access Controls Encryption Anti-Virus/Anti-Spyware Firewall and Internet Connection Prevent Prepare Respond

General Security Controls Visitor Policy Social Engineering Third party network security checks Network and Computer Backups Prevent Prepare Respond

Prevent Prepare Respond

Respond CONSIDER THE NUMBERS Average Organizational Cost of a Data Breach $5.9 million Estimated Cost of a General Data Breach $201 per compromised record Identify source & stabilize Notify impacted parties Be detailed, consistent & diligent with your reporting Review business loss insurance Develop plan to protect the company brand Commence “Customer Loyalty” activities Implement protocols to prevent future breaches Be ready to adjust & adapt quickly as new threats arise Prevent Prepare Respond

New forms of blackmailing & extortion schemes Ransom ware for data theft Smart Machines Smart Offices or Business BMS Systems Increased threats at the power source (public utilities, old/outdated infrastructure, banking systems, financial institutions) Are you and your organization protected ? Prevent Prepare Respond

“Are You Sitting on a Cyber Security Bombshell?”, Joseph Dobrian, JPM Sept/Oct 2015 Before and After Disaster Strikes: Developing An Emergency Procedures Manual, 4th Edition, ©2012 IREM “What You Should Know About Cybersecurity Insurance,” © IREM Blog October 15, 2015