Presentation is loading. Please wait.

Presentation is loading. Please wait.

Keeping your data, money & reputation safe

Published byThomasine Murphy Modified over 5 years ago

Similar presentations

Presentation on theme: "Keeping your data, money & reputation safe"— Presentation transcript:

1 Keeping your data, money & reputation safe
Cyber Resilience: Keeping your data, money & reputation safe

2 Information governance, assurance and cyber resilience
Give people clearer, more consistent choice around how their information is shared Streamline governance Publish clear guidelines Improve security of how health & care organisations handle information (cyber resilience)

3 Third sector cyber resilience
Common approach (pathway) to cyber resilience Strengthening awareness Partnership working, knowledge sharing & leadership Supply chain cyber security Strengthening incentives Benchmarking, monitoring & evaluation

4 Being cyber resilient is:
Taking steps to reduce the risk of cyber breaches Making sure that if a breach occurs you know how to respond to ensure: Adequate legal response Responsible public response Business continuity

5 A cyber breach is: An incident in which data is lost or stolen. Such as: Financial data (££s from your bank) Security data (usernames/passwords) Personal data ( s, address, phone numbers, medical data…) In some cases, security data or personal data could be more ‘costly’ than financial data Requirements to report cyber breaches in relation to the loss or theft of data are included in GDPR

6 Myth vs. Reality

7 What are the main causes of cyber breaches?
Myth: Hackers, Ransomware, Viruses Reality: “48% of business who have experienced a breach said the root cause was a “negligent employee or contractor”. A cyber breach is not always a cyber-attack.

8 Who are the targets? Myth:
Hackers focus on big business and high-profile companies with lots of money or data Reality: Everyone… Whoever takes the bait Vulnerable: individuals and businesses

9 What are the types of threats?
Accidental loss of data Insider treats Disgruntled employee? Opportunity? Making a statement – whistleblowing? Moving to a competitor? Incentivised? Social Engineering Phishing Spear-phishing Whaling Viruses Malware Spyware Ransomware DDoS BYOD Policies Security software

10 Vulnerable Organisations
Who are the targets? Vulnerable Organisations Vulnerable People

11 Taking it seriously Assume that you will have an attack or a breach
You may already have… People are testing “doors” looking for ones which are weak, vulnerable, or left unlocked Have you checked if your doors are locked?

12 Don’t be an easy target…
The most common breaches are simple and avoidable They are aimed at those who have not taken any steps to prepare. Do your staff have basic knowledge? Be aware that CEOs are often the biggest target and the weakest link (And the most difficult to educate?)

13 Consider what someone could do if they get hold of some of your data…
Scenario – what if…? Consider what someone could do if they get hold of some of your data…

14 What if… Some of your user data gets into the wrong hands…
An is sent to wrong address A USB pen dropped in the street A disgruntled team member exports your data base Or a hacker uses a well know weakness in unpatched software

15 Scenario – what if? They could then buy a domain similar to yours. For as little as £0.01

16 Scenario – what if? They could then easily clone your website and put in on their newly purchased domain They could the list of contacts they got from the data breach, asking for a donation to your charity 100s of people give donations inc. bank details and home addresses.

17 What should we do now?

18

19

20 Lock your doors! Four areas to consider and act on:
IT Security: investigate your IT security Protecting your technology from threats (e.g. Cyber Essentials) Data management: conduct a data audit Ensuring your Data is managed properly (e.g. GDPR) Staff education: Increase staff knowledge and awareness to protecting from Scams (e.g. online/offline training) Response: incident response plan Ensuring business continuity and adequate response - Legal response - Public response - Individual response

21 Discuss

22 Discuss Where do you think your strengths are in being cyber resilient? What do you think your weaknesses are in being cyber resilient? What help / actions are needed to take to improve your cyber resilience (and third sector health & social care providers in general)?

Download ppt "Keeping your data, money & reputation safe"

Similar presentations

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
Business Continuity Check List PageOne. - Why Does Your Business Need A Continuity Checklist? Should the unexpected occur, your business will be able.

Business Continuity Check List PageOne. - Why Does Your Business Need A Continuity Checklist? Should the unexpected occur, your business will be able.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
Protecting Yourself Online (Information Assurance)

Protecting Yourself Online (Information Assurance)
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Security of systems Security risks come from two areas: employees (who introduce accidental and intentional risks) and external computer crime. Unfortunately.

Security of systems Security risks come from two areas: employees (who introduce accidental and intentional risks) and external computer crime. Unfortunately.
IT Security for Users By Matthew Moody.

IT Security for Users By Matthew Moody.
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
 A viruses is a program that can harm or track your computer. E.g. browser hijacker.  When a viruses accesses the computer it can accesses the HDD and.

 A viruses is a program that can harm or track your computer. E.g. browser hijacker.  When a viruses accesses the computer it can accesses the HDD and.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, 2014 -WITH THANKS TO.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
The way to avoid being trap into cyber crime. What is cyber crime? The Department of Justice categorizes computer crime in three ways: 1. The computer.

The way to avoid being trap into cyber crime. What is cyber crime? The Department of Justice categorizes computer crime in three ways: 1. The computer.
Internet Safety Internet Safety LPM

Internet Safety Internet Safety LPM
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.

Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
MIS323 – Business Telecommunications Chapter 10 Security.

MIS323 – Business Telecommunications Chapter 10 Security.
Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.

Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.
1 #UPAugusta2016. 2 3 Today’s Topics What are Deadly IT Sins? Know them. Fear them. Fix them. #UPAugusta201 6.

1 #UPAugusta Today’s Topics What are Deadly IT Sins? Know them. Fear them. Fix them. #UPAugusta201 6.

Similar presentations

Ads by Google