Jake Blacksten Technology Business Advisor Jacobb@udel.edu
Small Businesses are a Target 43% of breaches involved small 56% of breaches took months or longer to businesses discover 43% 44% 56% 57% Source: 2019 Verizon Data Breach Report
Program Purpose Raise awareness of cyber risk within Delaware’s community Help businesses manage the threat and impact of cyber interference Foster innovation in cyber security
Why Create a Security Plan? • Cyber is: Behavioral, Physical, Technological • The unknown is expensive • Increased scrutiny and liability from buyers, business partners, etc. • You want to protect your brand, your customers, your employees, your buyers, etc. • Demonstration of reasonable effort to protect your data and
Cybersecurity Workbook 2.0 • To provide small business with a starting concept for creating a Written Information Security Program or (WISP). • Defining a reasonable program for handling cybersecurity within a small business. • This is just a starting point. It is meant to get small businesses thinking in a security mindset.
Cybersecurity Workbook IDENTIFY • Based off the NIST Framework What structures and practices do you have in place to identify cyber threats? • Concept is simple PROTECT • Common language which all What are the basic practices you have in understand place to protect your systems? DETECT What do you use to identify someone of something malicious? RESOIND How will you deal with a breach if and when it occurs? RECOVER How will you get your business back to normal after a breach?
Section 1: Identify Know Your Company Operating Systems Physical Security Software • What do you collect? • Which ones do you • What sensitivity level? have? • Where’s it located? • Who has them? • Desktops • Which ones do you • Who has access to it? • How are they have? • Laptops • Outside consultant? maintained? • Who has them? • Mobile Devices • Are they supported? • How are they • Printers • Do you mix them? maintained? • Storage Devices • Are they supported? • Are they up to date?
Section 2: Protect Usernames and Passwords Training and Awareness Data Segregation Login Timeouts and Lockouts Firewalls and patching
Section 3: Detect AntiViruses and Scan for unusual AnitMalware activity Foreign Password Login!
Section 4: Respond Backing up and Types of Restoring Backups • Full System • File Level • Incremental
Section 4: Respond Cyber Incident Response Insurance Team First-Party Liability Third-Party Liability HR Staff • Forensic investigator • • Legal Fees • Payments to affected IT Staff • • Cost of notifying • Cyber extortion cost Legal team • affected • Regulatory fees Marketing team • • Settlements • Forensics Investigation • Damages • Business Interruption • Public relations
Section 5: Recover • Getting back to normal • Move swiftly and obtain assistance • Communication • Document • Managing your brand • Legal responsibilities
House Bill 180 In effect since April 14, 2018 Does not require a specific form of notice when notifying customers If SSNs are exposed credit monitoring must be offered A vendor must give immediate notice to the owner of breached data Notice to affected individuals mandated
House Bill 180 PII • Medical information • Social Security number • Health insurance information • Driver’s license number • DNA profile • Financial account number • Biometric data • Passport number • Username or email address in • Individual taxpayer identification combination with a password or number security question
Low Cost Solutions Encryption: File Storage: • (Apple) FileVault • Google Drive • (Windows) • Microsoft OneDrive BitLocker • Dropbox Cloud Storage: File Backup: • Google Cloud Store • Google Drive • Amazon S3 • SpiderOak One • DigitalOcean Spaces • (Windows) Backup • (Apple) iCloud/Time Machine • Rsync/rclone
Low Cost Solutions Business Platforms: Digital Infrastructure: • Gsuite for business • Google Cloud Platform (GCP) • Office for business • Amazon Web Services (AWS) • Microsoft Azure Password Management: Business Wide Communication: • Lastpass • Slack • 1Password • Skype • Dashlane • Encrypted email solutions like Gmail • Keeper • Zoom Developing a Cybersecurity Readiness Place: • DSBDC Cyber Readiness tool • DSBDC Cyber Guides & Tips
SBDC Online Resources Partner Resources Data Assured Toolkit • Cybersecurity Plans • Cyber Workbook 2.0 • FCC Cyber Planner • Cybersecurity Do’s & • Ransomware Public Handout Don’ts • Information Security Policy • Monthly Webinars Templates • Low-cost Cyber Solutions • SANS • Cybersecurity Resource List
Jake Blacksten Technology Business Advisor Jacobb@udel.edu
Recommend
More recommend