1 / 34

Jon King

Staffing and Security : IT Security Basics for the Staffing Professional the Basics of Modern Cybersecurity for Staffing Firms. Jon King. Verbena Williams. I.T. Director Employment Enterprises, Inc. Chief Financial Officer Employment Enterprises, Inc. Agenda.

dgilman
Download Presentation

Jon King

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Staffing and Security :IT Security Basics for the Staffing Professional the Basics of Modern Cybersecurity for Staffing Firms

  2. Jon King Verbena Williams I.T. Director Employment Enterprises, Inc. Chief Financial Officer Employment Enterprises, Inc.

  3. Agenda • Group Discussion: What are we doing today to keep our businesses safe? • We all come from different organizations. What are we all doing that’s the same? What are some challenges faced in your firms? What unique solutions are you using? • Why data security is so important • A brief overview of the threat landscape and some basic definitions of common terms used by security professionals • What’s in our toolboxes • What tools do security professionals use when working with companies like ours? What can we all do to help?

  4. Staffing and Security:Why data security is so important in our business A brief overview of the unique challenges faced by today’s small to mid sized staffing firms

  5. Big Target Small Business

  6. What assets do staffing firms keep that hackers would want? • Names • Date of Birth • SSN • Address • Credit Card/Bank Information – both employees and company • Salary • Employer • And in some cases - Family member’s names and SSN • And most sought after by hackers- $$

  7. Big Target Small Business What does a data breach at a staffing firm look like?

  8. Big Target Small Business But its not just one story…

  9. Big Target Small Business But bad press is the tip of the iceburg

  10. Big Target Small Business

  11. Big Target Small Business Why are hackers targeting us? • Staffing firms: • - tend to be smaller: less than 100 internal employees • - handle large volumes of transactions • - function more like a small business than a bank • - work with 2 sets of clients – customers and employees • - sometimes have conflicting agendas

  12. Big Target Small Business What can we do about it? • Make security a priority in your organization. Conversationally, financially and operationally. • Raise awareness: an educated and informed workforce that’s taught to be “skeptical” and “vigilant” is the single most important security measure. They are your first line of defense. Without it, your chances of avoiding the threats for long go way down very fast. • Make sure your vendors are doing all they should to protect the data you entrust them with. Ultimately you can be considered responsible for your data that is compromised in a vendor breach! • Share and discuss the numbers so everyone understands the threats and the possible solutions we all can be implementing.

  13. Big Target Small Business Small-to-medium business experience the highest risk of cyberattack Small businesses often have more vulnerabilities than large ones, so they tend to be targeted more frequently by hackers. Approximately 58% of malware attack victims fall into the small business category.

  14. Big Target Small Business

  15. Big Target Small Business

  16. Big Target Small Business So what do you do? How do you fight back when the threats are everywhere and gaining sophistication every day?

  17. Staffing and Security:What’s in our Toolbox? An overview of the modern tools used by cybersecurity professionals

  18. The Security Professional’s Toolbox

  19. The Security Professional’s Toolbox Older security tools we have used for a long time. • Firewalls • Antivirus • Network monitoring • Tape Backups • UPS and generators • Backup internet connections • Active directory • VPN • Premise based Spam filtering We still use most / a lot of these today.

  20. The Security Professional’s Toolbox Firewall Antivirus

  21. The Security Professional’s Toolbox Network Monitoring Tape Backup

  22. The Security Professional’s Toolbox UPS and Generator Backup Internet Connection

  23. The Security Professional’s Toolbox Newer Security Tools: • Next gen antivirus • Next gen firewalls • Virtual server replication with inflated cold standbys • SaAS providers • Multifactor Authentication • Cloud based network, endpoint and firewall monitoring • Security audits • Penetration testing • Hosted email filtering services • Awareness training

  24. The Security Professional’s Toolbox Next Generation Antivirus Next Generation Firewall A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), and an intrusion prevention system (IPS). • NGAV is the natural (and much needed) evolution of traditional AV that protects computers from the full spectrum of modern cyber attacks, delivering the best endpoint protection with the least amount of work. NGAV speaks to a fundamentally different technical approach in the way malicious activity is detected and blocked. • NGAV takes a system-centric view of endpoint security, examining every process on every endpoint to algorithmically detect and block the malicious tools, tactics, techniques and procedures (TTPs) on which attackers rely.

  25. The Security Professional’s Toolbox Virtual Server Replication SECaas Providers

  26. The Security Professional’s Toolbox Multifactor Authentication Cloud based network, endpoint and firewall monitoring Cloud based Firewall, endpoint and network monitoring delivers around-the-clock security event and device health monitoring, management of upgrades, changes and patching, policy auditing, and intelligence-enhanced threat protection to help keep your environment safe

  27. The Security Professional’s Toolbox Security Audits Penetration Testing

  28. The Security Professional’s Toolbox Hosted email Filtering Service Cyber Insurance

  29. The Security Professional’s Toolbox 3rd Party and Cloud Provider Vetting • Your vendor and cloud provider vetting process should focus on the extent to which your vendors: • have adopted and enforce appropriate security policies and procedures; • have created appropriate incident response and disaster recovery plans, and tests them • comply with applicable federal, state, local laws, • have created a reliable program to maintain its information technology infrastructure and operations that are consistent with your privacy and data security objectives • have identified data breaches and vulnerabilities in the past, and how they remediated them. • In addition to performing vendor vetting, you should consider adding provisions in your vendor contracts to address the cybersecurity risks that your vendors face. • Ideally, your contracts with vendors that you provide PII to should address the following issues: • Which personnel at the vendor will have access to legally-protected and other sensitive information that you will provide to the vendor? • Representations and warranties by the vendor • The vendor’s obligation to notify you if they suffer a data breach. • Oversight of your vendor’s data security procedures and practices. • Indemnification. • Vendors’ Communications With Your Employees.

  30. The Security Professional’s Toolbox Awareness Training Ways to protect yourself Verify – verbally or normal means of communication Never click a link in an email you don’t trust Most companies will not ask for information they already have Use multiple versions of your password • Tone of the email • Address of sender • Links in the body of the email • Reasonable

  31. The Security Professional’s Toolbox Different Options for Password Creation • Select 2 numbers that mean something to you (19) • Select 2 letters that you can remember (LW) • What is your favorite color (blue) • Use a symbol • What year did you graduate from HS (94) Now you put that together 19LWblue@94 It is simple for you to remember, but not for others to guess, then you use version of the base number for different sites: Bank – Suntrust 19LWblue@94 ST - Chase 19LWblue@94CB

  32. The Security Professional’s Toolbox Security in concert AKA taking a layered approach to security

  33. Staffing and Security:Group Discussion What are we doing to keep our business safe?

  34. Questions?

More Related