Session 13 Cyber-security and cybercrime. Contents  What’s the issue?  Why should we care?  What are the risks?  How do they do it?  How do we protect.

Slides:

Advertisements

Similar presentations

Security and Control Soetam Rizky. Why Systems Are Vulnerable ?

Advertisements

Women in Technology 2009 Mary Henthorn. Security Prevent loss, theft, or inappropriate access Privacy Ensure freedom from intrusion or disturbance Security.

MOBILE DEVICES & THEIR IMPACT IN THE ENTERPRISE Michael Balik Assistant Director of Technology Perkiomen Valley School District.

© Peter Readings Data Leakage Pete Readings CISSP.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Risk & Financial Management Allison Wooddisse & Emma Dickin

IDENTITY THEFT AND FRAUD CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.

Protecting Your Identity: What to Know, What to Do.

Security for Today’s Threat Landscape Kat Pelak 1.

Possible Threats To Data. Objectives To understand: Types of threats Importance of security Preventative and remedial actions Personal safety This will.

Section 6.3 Protecting Your Credit. Billing Errors and Disputes Notify your creditor in writing Notify your creditor in writing Pay the portion of the.

Training prepared by Geoff Webb Information Security & Governance Consultant Data Protection isn’t a choice, it’s the law What all CPH staff must do 17/07/2013.

Data Classification & Privacy Inventory Workshop

Information Security Policies and Standards

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

1 Pertemuan 17 Organisational Back Up Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

Effective Identification and Management of Compliance Risks Peter Scott, 1 Peter Scott Consulting.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Information Security Information Technology and Computing Services Information Technology and Computing Services

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.

Securing Information Systems

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

General Awareness Training

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

TITLE : E-SAFETY NAME : ABDUL HAFIQ ISKANDAR BIN ROZLAN PROGRAM : SR221 NO.STUDENT :

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

2015 Risky Business Week Welcome to the 2015 Risky Business Week presentation regarding disaster recovery Risky Business Week.

Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

Protecting Your Organization Identity Theft and Data Breach.

A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.

Session 7 Compliance failure policy. 1 Contents Part 1: COLP and COFA duties Part 2: What do we have to comply with and why does it matter? Part 3: Compliance.

Session 1 An introduction to compliance. 1 Contents The compliance maze OFR and SRA Handbook Cost of compliance COLP and COFA Compliance arrangements.

Security fundamentals Topic 12 Maintaining organisational security.

CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management.

Have the Time? Steps to Deal with Cybercrime HFTP Annual Conference Bellevue, Washington October 23, 2015 Presented by: John D. Daum, CPA Scott Perry (Just.

Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)

Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.

Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.

Information Security Everyday Best Practices Lock your workstation when you walk away – Hit Ctrl + Alt + Delete Store your passwords securely and don’t.

Financial Times Matheson is ranked in the FT’s top 10 European law firms Matheson has also been commended by the FT for corporate law,

Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:

Your Cyber Security: The scope of your risk is broad and growing To understand the nature of the risk landscape look at the presentations here today-begin.

Branch of computer security specifically related to the Internet. Security for transactions made over the Internet. Internet security encompasses browser.

Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.

Computer Security and the “H” word Glen Klinkhart, CEO Mike Messick, CTO.

Law Firm Data Security: What In-house Counsel Need to Know

October 27, 2016 Main Line Association for Continuing Education

E&O Risk Management: Meeting the Challenge of Change

John A. Wright, CEO WIPFLI Client Appreciation June 8, 2017

Demystifying cybersecurity: Best practices to help strengthen your program Chris Candela Senior Consultant Business Consulting Services Charles Schwab.

Data Compromises: A Tax Practitioners “Nightmare”

Tax Identity Theft Presenter Date

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Chapter 3: IRS and FTC Data Security Rules

Cybersecurity Awareness

I have many checklists: how do I get started with cyber security?

SAM GDPR Assessment <Insert partner logo here>

Cyber Risk & Cyber Insurance - Overview

Policies and Procedures to Protect you, your Office and your Data

School of Medicine Orientation Information Security Training

Presentation transcript:

Session 13 Cyber-security and cybercrime

Contents  What’s the issue?  Why should we care?  What are the risks?  How do they do it?  How do we protect the firm?  What if the worst happens?

What’s the issue?

PRIORITY RISK

What’s the issue 60-81% report breach… £65k-£1.15m cost of one breach… 84% believe colleagues violate controls… …GLOBAL COST - £338 bn

Why should we care?

Why should I care? Principle 10: Protect client money and assets Outcome 4.1: Keep the affairs of clients confidential Principle 8: Run your business effectively and in accordance with proper governance and sound financial and risk management principles

Why should we care? Breach of confidentiality Structural and financial instability Reputational damage

Confidentiality What are the risks?

Confidentiality Client lists Strategic client information or personal data Financial information Payment and transactional information Trade secrets Personal details of prominent clients dealings Must protect client confidential information

Structural and financial instability What are the risks?

Structural and financial instability Systems unavailable Financial losses Overloading Dependence on IT infrastructure Reputational damage

What are the risks?

Reputation damage BOGUS LAW FIRMS

How do they do it?

Phishing Malware Hacking Overloading Identity theft

Identify our vulnerabilities… How can we protect our firm?

Identify your vulnerabilities People Passwords Operations Too much information

Take action! How can we protect our firm?

Take action – the ‘do’ list Manage the risk properly Restrict data sticks and attachments Keep browsers etc updated Restrict file access Take identity theft precautions Have a policy Encrypt remote data Back-up Sound HR procedures Training and awareness

Take action – the ‘don’t’ list! Use unsecured webmail or unapproved devices to transfer files Use guessable passwords and locally stored files Let your operating systems fall behind Store critical files online without backups. work remotely on an unsecured Wi-Fi connection

What if the worst happens?

Contain and recover Assess on-going risk Notify Evaluate and respond

Summary  What is cybercrime  Why it’s important to us  The risks  Cybercrime types and methods  Protection  Incident management?

Final comments Any questions?