Presentation is loading. Please wait.

Presentation is loading. Please wait.

PREPARATION – DELETE BEFORE MEETING

Published byDanièle Auger Modified over 5 years ago

Similar presentations

Presentation on theme: "PREPARATION – DELETE BEFORE MEETING"— Presentation transcript:

1 PREPARATION – DELETE BEFORE MEETING
Fill in the following: Slide 2: Enter the “Presented By: Name, Title, Company” with your information Replace the “Your Logo Here” logo with your company logo Slide 3: Fill this slide out with your personal information as well as your Company information TIPS: PRACTICE – run through the deck multiple times Focus on the impact to their business, not the stats or the technology Be relatable and have talking points Don’t read right off the slides.

2 ASSESSING THE HUMAN RISK FACTOR STAYING PROACTIVE
PRESENTED BY: [NAME, TITLE, COMPANY]

3 WHO AM I? [Your name and job title] [Company Name]
[Brief speaker biography] [Note some personal tidbits, get personal and real with your prospects] One hobby or activity [Company Name] [Brief company biography] Security-focused We pride ourselves on helping small to mid-size businesses strengthen their security posture and protect them from cybertheft.

4 PROACTIVELY PREVENTING A DATA BREACH
Last time we met we discussed the dangers of the Dark Web and proceeded with a Phishing & Training Baseline Assessment Results Improvements 5 Steps to a Successful Security Program Strengthening Your Weakest Links Next Steps Now that your baseline phishing and training assessments have been completed, it’s time to look at those results. We’ll start with the Security Awareness Training. We found that [insert number] of employees completed and passed the initial security awareness training program, which was great to see! Unfortunately, [insert number] of your employees did not complete the training program. As you know, Security Awareness Training is extremely important in educating employees and making sure they’re aware of what to watch out for in terms of cybercrime, and also in ensuring they know how to protect themselves and your organization with their overall security habits. So let’s dig a little deeper into your employees’ security hygiene and look at the phishing campaign that we sent out (flip to next slide.)

5 HOW DID YOUR EMPLOYEES STACK UP?
Your employees are opening the door for cybercriminals. If cybercriminals start to become less successful in one area, they find new ways to trick their victims. C/5 A: Enter the “Phishing link clicked” percentage Talking Points: You had [B] employees click on the link in the phishing . If this was a real phishing , this could have lead to a very detrimental incident B: Enter the Difficulty of the phishing link Talking Points: I used a phishing with a difficulty rating of [C/5]. Phishing s come in all shapes and sizes, and knowing how to identify the most difficult of scams leads to decreased susceptibility ratings. Cybercriminals are constantly doing research and acquiring tools to make their tactics harder to decipher and more efficient. Keeping up with the newest threats ensures you’re sticking right there with them. If your employees don’t take security seriously, it could be detrimental.

6 5 STEPS TO EFFECTIVE EMPLOYEE SECURITY
Simulated Phishing Security Policies STEP STEP STEP STEP STEP Continuous Education Continuous Dark Web Monitoring Ongoing Analytics

7 CONTINUOUS EDUCATION 48% of cybercriminals spend 1-5 hours per week keeping up with the latest trends. Why aren’t we doing the same? Humans learn on a continuous basis, once and done education isn’t enough. Cybercriminals start to become less successful in one area and must find new ways to trick their victims. Why do they need to be educated Humans learn from continuous education. Not once and done, security must be continuous! “well you sent them through the training” will forget in 6 months  reasons why it needs to be continuous. The threat landscape is constantly changing, as new scams are being created and used daily. If employees aren’t trained continuously they may be unaware of the latest threats, which could be targeted at them. Security recommendations change as well. For example, password standards may change. Staying up-to-date on security tips is crucial in optimizing your human defense. Annual training is a great first step, but what they learn today may be forgotten in 6 months. The 2018 Nuix Black Report

8 SIMULATED PHISHING Simulated phishing campaigns run monthly are the industry standard for effectively reducing your human-factor associated risks. 38% of successful phishing attacks lead to compromised accounts Cybercriminals target low-hanging fruit: humans 94% of malware is delivered via With phishing being a favored method of attack for cybercriminals, employees must be well trained on how to spot malicious attempts. Spear phishing is an -spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information. Spear-phishing attempts are not typically initiated by random hackers but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information. TechTarget What do the hackers have to say for themselves? 71% of all targeted attacks last year (2017) started with spear-phishing, making it the most widely used infection vector. Symantec 2018 Internet Security Threat Report Why social engineering? TechTarget htarget.com/definition/so cial-engineering Phishing is used because it WORKS. Humans are gullible and make mistakes. Without education, employees are sitting ducks.

9 CONTINOUS DARK WEB MONITORING
Data records are lost or stolen at alarming rates Breached accounts lead to phishing and the need of password change The sooner you know, the quicker you can react Monitoring the Dark Web can give your organization insight into what data is already available and can help you get a leg up on attackers. New data is compromised and added to the Dark Web daily, which means running a one-time scan is not enough to protect you. Continuously monitoring the Dark Web improves your chances of finding an early warning sign to help you combat an attack. Monitoring the Dark Web can detect potential risks before they occur Identity Theft Resource Center, “Identity Theft: The Aftermath 2017”

10 SECURITY POLICIES Security policies protect your organization’s critical information/intellectual property by clearly outlining employee responsibilities with regard to what information needs to be safeguarded and why. I DIDN’T KNOW I WASN’T SUPPOSED TO DO THAT… I FOUND MY PHONE! WHY DID YOU WIPE ALL MY PHOTOS?! POLICIES NEED TO BE ENFORCED IN ORDER TO BE EFFECTIVE. Security policies lower breaches. Large organizations have policies as a core piece of their security structure.

11 ONGOING ANALYTICS Importance of measuring success. Employees need to know where they stand, what their expectations are, progress is important, measurement = improvement Which employees pose the highest risk is critical  need insight into which employees need more help Reason why, need encouragement so they can do better Looking at the details graphic  magnifying glass It’s extremely important to know which of your employees are posing the greatest risk to your organization so you know who may need some additional training or assistance in improving their security hygiene. By having a baseline of where your employees started, you can ensure they’re improving and use those improvements as encouragement for continuing the upward trend. You also want to make sure you are setting expectations for your employees’, so they understand the importance of taking their security awareness seriously. Identity Theft Resource Center, “Identity Theft: The Aftermath 2017”

12 EMPLOYEE VULNERABILITY ASSESSMENT (EVA)
Transform your weakest links, into your strongest defenses Our Employee Secure Score is a standard measurement of comparison Interactive Leaderboards increase employee engagement Suggested next steps keep you improving Dark web data increases awareness both at work and at home Show them what EVA is all about. ESS Score – A FICO like credit score but instead looks at an employee’s security strength, rating them as either a high, medium or low risk to the organization. Dark Web Data – This shows how many data breaches the employee has been involved in. Continuous Education – Shows the score the employee got on the overall security awareness training program. This block also shows the average micro-quiz score for the employee. Simulated Phishing – Shows the phishing attack fail rate of the employee. Leaderboard – The leaderboard shows employees how they stack up against their co-workers. Employees create their own unique screen name, which provides anonymity but still encourages friendly competition. Steps to Improve ESS – This is a tips section that provides recommended ways to improve your ESS. Employee Secure Score Trend- This will show how the employee’s security strengthens, or decreases over time. Security Policies is not shown on the dashboard but will appear as a recommended tip. Employees can read and electronically acknowledge these policies to improve their ESS score. Written security policies and a security risk assessment allow you to provide a multitude of services in one portal! Test their retention with simulated phishing Weekly Micro-Training and Monthly Newsletters make up our continuous education

13 WHICH EMPLOYEE IS THE WEAKEST LINK?
Compare each employee, watch their progress, and track who needs improvement . See which of your employees pose the highest risk to your organization. Create a security culture and stress the importance of sharing the cybersecurity responsibility. - With risk level evaluation, you can see which of your employees are posing the highest risk to your organization. Adoption and engagement start from the top. Make sure your employees know that you are part of the team that will be improving your organization’s risk level. Lead by example and share the cybersecurity responsibility. Adding Employee Secure Scores (ESS) as a metric to your quarterly evaluations is a great way to set the standard. This evaluation will encourage employees to work hard to improve their score. Setting standards and expectations for your employees helps stimulate growth.

14 01 02 03 BREACH PREVENTION PLATFORM (BPP)
Transform your weakest links into your strongest defenses! Benefits of a comprehensive security program Continuous Education & Monitoring Train like a cybercriminal: Learn the newest threats & monitor your accounts for new breaches. Unlimited Simulated Phishing We’ve got your baseline, now let’s watch that fail rate drop with weekly education & routine phishing! Security Policies & Analytics Cover your bases with security policies and strengthen your human defenses with EVA! 01 02 03

15 NEXT STEPS [PRICE STRUCTURE] Breach Prevention Program
Employee Vulnerability Assessment (EVA) How-to guides make onboarding a breeze Employee facing template explaining your brand-new security program What do I need from you? Lead by example Signed proposal agreement by [date] Ongoing communication to discuss patterns and growth initiatives You can price this monthly or yearly basis. You can add to this list of services if you’d like to roll anything in to this bundle. Breach Prevention Platform Users Your Monthly Price 1 to 20 $25.00 21 to 50 $30.00 51 to 100 $35.00 101 to 150 $45.00 151 to 200 $55.00 201 to $65.00 251 to 300 $75.00 301 to 350 $85.00 351 to 400 $95.00 401 to 500 $115.00 501 to 1,500 $250.00 1501 to 2,500 $480.00 2,501 to 3,500 $690.00 3,501 to 4,500 $880.00 4,501 to 5,500 $1,100.00 *This chart is confidential and may not be redistributed*

Download ppt "PREPARATION – DELETE BEFORE MEETING"

Similar presentations

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
INFORMATION TECHNOLOGY IN A GLOBAL SOCIETY: SECURITY Taylor Moncrief.

INFORMATION TECHNOLOGY IN A GLOBAL SOCIETY: SECURITY Taylor Moncrief.
INNOVATE THROUGH MOTIVATION MSP Services Overview KEVIN KIRKPATRICK – OWNER, MSP INC LOGO.

INNOVATE THROUGH MOTIVATION MSP Services Overview KEVIN KIRKPATRICK – OWNER, MSP INC LOGO.
INNOVATE THROUGH MOTIVATION Mobile Computing & Your Business KEVIN KIRKPATRICK – OWNER, MSP INC LOGO.

INNOVATE THROUGH MOTIVATION Mobile Computing & Your Business KEVIN KIRKPATRICK – OWNER, MSP INC LOGO.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.

Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.

HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.
PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.

PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.
Important Information Provided by Information Technology Center

Important Information Provided by Information Technology Center
Law Firm Data Security: What In-house Counsel Need to Know

Law Firm Data Security: What In-house Counsel Need to Know
Michael Wright • Chief Security Officer • Tech Lock

Michael Wright • Chief Security Officer • Tech Lock
CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.

CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.
3 Do you monitor for unauthorized intrusion activity?

3 Do you monitor for unauthorized intrusion activity?
Office 365 Security Assessment Workshop

Office 365 Security Assessment Workshop
Threat Scan (ETS) for Office 365

Threat Scan (ETS) for Office 365
Comprehensive Security and Compliance at an Affordable Price.

Comprehensive Security and Compliance at an Affordable Price.

Similar presentations

Ads by Google