Download presentation
Presentation is loading. Please wait.
Published byDarren Potter Modified over 8 years ago
1
Proprietary & Confidential 1 Paul Falor, VP of IT, North Highland Friday, May 20th Cyber Security PayCLT
2
Proprietary & Confidential 2 Agenda Speaker Introduction Recent Big Breaches – Common Themes Cultural Problem Mobile Payment Considerations Critical Controls (Refresher) Q & A
3
Proprietary & Confidential 3 Speaker Introduction Paul Falor is the CIO/Vice President, Global Information Technology with the North Highland Company. He has 15 years of information technology and security experience across a variety of industries. Specific areas of expertise include IT strategy and governance, security strategy, incident response, and breach containment. Paul held critical roles in the breach remediation efforts of a major payment processor, as well as establishing information security programs at several leading financial institutions. Paul is an expert at translating technology risk to business terms at all levels across an organization.
4
Proprietary & Confidential 4
5
5
6
6 Recent Big Breaches – Common Themes Phishing ›Seagate (W2’s) ›Snapchat ›GCI User Credentials ›eBay (145,000,000 records) ›Anthem (80,000,000 records) ›JP Morgan Chase (76,000,000) Vendor Credentials ›Target (70,000,000) ›Home Depot (56,000,000) ›Wendy’s
7
Proprietary & Confidential 7 Cultural Problem! What Should We Do? Technology advances / Changing landscape Security awareness/education End-user perception (security = hinderance) Understand compliance vs security
8
Proprietary & Confidential 8 Mobile Payment Considerations Mobile devices more susceptible to loss or theft Usage of public WiFi NFC lacks native encryption Audio jack readers Barcode based payments? (free coffee…) Jailbreaking / Rooting Malware/Anti-virus products limited for mobile space Offline payment support
9
Proprietary & Confidential 9 Critical Controls (Refresher) Restrict remote access Enforce password policies for ALL accounts Restrict all non-business activities on critical devices (servers, POS, etc) Eliminate flat networks Monitor OUTBOUND network traffic Use multi-factor authentication (*) Validate ALL inputs Enforce lockout policies Know your data, where it is, and who has access Audit user access and publish results
10
Proprietary & Confidential 10 Critical Controls, continued Encrypt everything Backup everything; not just for recovery, but also to know what is lost Keep browsers updated (Patch management) Disable Unused Software & Services (Particularly Java & Flash)
11
Proprietary & Confidential 11 Q & A
12
Thanks for joining us!
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.