Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proprietary & Confidential 1 Paul Falor, VP of IT, North Highland Friday, May 20th Cyber Security PayCLT.

Published byDarren Potter Modified over 8 years ago

Similar presentations

Presentation on theme: "Proprietary & Confidential 1 Paul Falor, VP of IT, North Highland Friday, May 20th Cyber Security PayCLT."— Presentation transcript:

1 Proprietary & Confidential 1 Paul Falor, VP of IT, North Highland Friday, May 20th Cyber Security PayCLT

2 Proprietary & Confidential 2 Agenda Speaker Introduction Recent Big Breaches – Common Themes Cultural Problem Mobile Payment Considerations Critical Controls (Refresher) Q & A

3 Proprietary & Confidential 3 Speaker Introduction Paul Falor is the CIO/Vice President, Global Information Technology with the North Highland Company. He has 15 years of information technology and security experience across a variety of industries. Specific areas of expertise include IT strategy and governance, security strategy, incident response, and breach containment. Paul held critical roles in the breach remediation efforts of a major payment processor, as well as establishing information security programs at several leading financial institutions. Paul is an expert at translating technology risk to business terms at all levels across an organization.

4 Proprietary & Confidential 4

5 5

6 6 Recent Big Breaches – Common Themes Phishing ›Seagate (W2’s) ›Snapchat ›GCI User Credentials ›eBay (145,000,000 records) ›Anthem (80,000,000 records) ›JP Morgan Chase (76,000,000) Vendor Credentials ›Target (70,000,000) ›Home Depot (56,000,000) ›Wendy’s

7 Proprietary & Confidential 7 Cultural Problem! What Should We Do? Technology advances / Changing landscape Security awareness/education End-user perception (security = hinderance) Understand compliance vs security

8 Proprietary & Confidential 8 Mobile Payment Considerations Mobile devices more susceptible to loss or theft Usage of public WiFi NFC lacks native encryption Audio jack readers Barcode based payments? (free coffee…) Jailbreaking / Rooting Malware/Anti-virus products limited for mobile space Offline payment support

9 Proprietary & Confidential 9 Critical Controls (Refresher) Restrict remote access Enforce password policies for ALL accounts Restrict all non-business activities on critical devices (servers, POS, etc) Eliminate flat networks Monitor OUTBOUND network traffic Use multi-factor authentication (*) Validate ALL inputs Enforce lockout policies Know your data, where it is, and who has access Audit user access and publish results

10 Proprietary & Confidential 10 Critical Controls, continued Encrypt everything Backup everything; not just for recovery, but also to know what is lost Keep browsers updated (Patch management) Disable Unused Software & Services (Particularly Java & Flash)

11 Proprietary & Confidential 11 Q & A

12 Thanks for joining us!

Download ppt "Proprietary & Confidential 1 Paul Falor, VP of IT, North Highland Friday, May 20th Cyber Security PayCLT."

Similar presentations

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
IAPP 2004. 2 CONFIDENTIAL Insider Leakage Threatens Privacy.

IAPP CONFIDENTIAL Insider Leakage Threatens Privacy.
Travelers CyberRisk for Insurance Companies

Travelers CyberRisk for Insurance Companies
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
HEALTHCARE BREACHES Andrew Kuebler MIS 534 April 15, 2015.

HEALTHCARE BREACHES Andrew Kuebler MIS 534 April 15, 2015.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
©2011 Kingston Technology Corporation. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. Best.

©2011 Kingston Technology Corporation. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. Best.
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Treasury in the Cloud Bob Stark – Vice President, Strategy September 17, 2014.

Treasury in the Cloud Bob Stark – Vice President, Strategy September 17, 2014.
Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.

Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan.

Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Cloud Security Julian Lovelock VP, Product Marketing, HID Global.

Cloud Security Julian Lovelock VP, Product Marketing, HID Global.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Similar presentations

Ads by Google