Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security Best Practices

Published byEileen Phillips Modified over 6 years ago

Similar presentations

Presentation on theme: "Network Security Best Practices"— Presentation transcript:

1 Network Security Best Practices
PROSECUTORbyKarpel Thursday, November 29, 2018 Network Security Best Practices 2017 Users Group Meeting April 13, 2017 Confidential information

2 Monitor Applications with Access to Data
PROSECUTORbyKarpel Thursday, November 29, 2018 Monitor Applications with Access to Data Applications are great. They give your business the tools it needs to function and be productive. But they also put your sensitive data at risk. When IT security attempts to protect critical information, it usually involves putting up firewalls and building your infrastructure around the data you want to protect. Then you give applications access to this data. When hackers look to steal your data, they won’t try to hammer their way through your firewall, they’ll look for the least secure system with access to the data they need. Confidential information

3 Create Specific Access Controls
PROSECUTORbyKarpel Thursday, November 29, 2018 Create Specific Access Controls Once your IT network is secure, you need to be very careful about who you decide to give the keys to the kingdom. Ideally, it shouldn’t be anyone. By creating specific access controls for all of your users you can limit their access to only the systems they need for their tasks and limit your sensitive data’s exposure. Confidential information

4 Maintain Security Patches
PROSECUTORbyKarpel Thursday, November 29, 2018 Maintain Security Patches When cyber-criminals are constantly inventing new techniques and looking for new vulnerabilities, an optimized security network is only optimized for so long. When Home Depot’s POS systems were hacked last summer, they were in the process of installing a security patch that would have completely protected them. To keep your network protected, make sure your software and hardware security is up to date with any new antimalware signatures or patches. Confidential information

5 Outline Clear Use Policies for Employees and Vendors
PROSECUTORbyKarpel Thursday, November 29, 2018 Outline Clear Use Policies for Employees and Vendors To strengthen and clarify the education you give your users, you should clearly outline the requirements and expectations your company has in regards to IT security when you first hire them. Make sure employment contracts and SLAs have sections that clearly define these security requirements. Confidential information

6 User Activity Monitoring
PROSECUTORbyKarpel Thursday, November 29, 2018 User Activity Monitoring Trust but verify. While well trained users can be your security front line, you still need technology as your last line of defense. User Activity Monitoring allows you to monitor users to verify that their actions meet good security practices. If a malicious outsider gains access to their log-in information – or if an insider chooses to take advantage of their system access – you will be immediately notified of the suspicious activity. Confidential information

7 Create a Data Breach Response Plan
PROSECUTORbyKarpel Thursday, November 29, 2018 Create a Data Breach Response Plan No matter how well you follow these best practices, you might get breached. In fact, nearly half of organizations suffered a security incident in the past year. If you do, having a response plan laid out ahead of time will allow you to close any vulnerabilities and limit the damage the breach can do. Confidential information

8 Educate and Train Your Users
PROSECUTORbyKarpel Thursday, November 29, 2018 Educate and Train Your Users No matter how gifted, your users will always be your weakest link when it comes to information security. That doesn’t mean you can’t limit this risk through regularly educating your users on cyber security best practices. This training should include how to recognize a phishing , how to create strong passwords, avoiding dangerous applications, taking information out of the company, and any other relevant user security risks. Confidential information

9 Beware of Social Engineering
PROSECUTORbyKarpel Thursday, November 29, 2018 Beware of Social Engineering All of the technical IT security you implement can’t take the place of common sense and human error. Social engineering tactics have been used successfully for decades to gain login information and access to encrypted files. Rogers Communications recently faced a major breach when a hacker called an employee pretending to be the IT department and was able to get the employee’s log-in information. Attempts like this one may come from phone, or other communication with your users. The best defense is to… Confidential information

10 Phishing PROSECUTORbyKarpel Thursday, November 29, 2018
Confidential information

11 Common Sense Steps Don‘t open emails you aren’t expecting to receive.
PROSECUTORbyKarpel Thursday, November 29, 2018 Common Sense Steps Don‘t open s you aren’t expecting to receive. Never click on a link that “shows” a different address when you hover over it. Be cognizant that any information you send via can be forwarded. Confidential information

12 PROSECUTORbyKarpel Thursday, November 29, 2018 Confidential information

13 Maintain Compliance PROSECUTORbyKarpel Thursday, November 29, 2018
Hopefully these best practices are a useful guideline for keeping your business safe, but you do have another set of guidelines available to you. Regulations like CJIS, HIPAA, PCI DSS and ISO offer standards for how your business should conduct its security. More than a hassle which you need to prepare audit logs for, compliance can help guide your business. Confidential information

14 Questions? PROSECUTORbyKarpel Thursday, November 29, 2018
Confidential information

15 9717 Landmark Parkway Drive Suite 200
PROSECUTORbyKarpel Thursday, November 29, 2018 Karpel Solutions 9717 Landmark Parkway Drive Suite 200 St. Louis, MO 63127 Vice President Tony Morris Confidential information

Download ppt "Network Security Best Practices"

Similar presentations

How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.

Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Phishing scams Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal.

Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
The way to avoid being trap into cyber crime. What is cyber crime? The Department of Justice categorizes computer crime in three ways: 1. The computer.

The way to avoid being trap into cyber crime. What is cyber crime? The Department of Justice categorizes computer crime in three ways: 1. The computer.
Computer Security By Duncan Hall.

Computer Security By Duncan Hall.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
BizSmart Lunch & Learn Webinar Information Security and Protecting your business With the increased risk of some sort of cyber- attack over the past few.

BizSmart Lunch & Learn Webinar Information Security and Protecting your business With the increased risk of some sort of cyber- attack over the past few.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID # 0435738.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Important Information Provided by Information Technology Center

Important Information Provided by Information Technology Center
Presented by: SBS CyberSecurity © SBS CyberSecurity, LLC

Presented by: SBS CyberSecurity © SBS CyberSecurity, LLC
Payment Card Industry (PCI) Rules and Standards

Payment Card Industry (PCI) Rules and Standards

Similar presentations

Ads by Google