Jake Blacksten Technology Business Advisor Jacobb@udel.edu Small - - PowerPoint PPT Presentation

jake blacksten technology business advisor jacobb udel
SMART_READER_LITE
LIVE PREVIEW

Jake Blacksten Technology Business Advisor Jacobb@udel.edu Small - - PowerPoint PPT Presentation

Mar 14, 2023 106 likes •295 views

Jake Blacksten Technology Business Advisor Jacobb@udel.edu Small Businesses are a Target 43% of breaches involved small 56% of breaches took months or longer to businesses discover 43% 44% 56% 57% Source: 2019 Verizon Data Breach Report

slide-1
SLIDE 1

Jake Blacksten Technology Business Advisor Jacobb@udel.edu

slide-2
SLIDE 2

Small Businesses are a Target

43% of breaches involved small businesses

43% 57%

56% of breaches took months or longer to discover

56% 44%

Source: 2019 Verizon Data Breach Report

slide-3
SLIDE 3

Program Purpose

Raise awareness of cyber risk within Delaware’s community Help businesses manage the threat and impact of cyber interference Foster innovation in cyber security

slide-4
SLIDE 4
  • Cyber is: Behavioral, Physical, Technological
  • The unknown is expensive
  • Increased scrutiny and liability from buyers, business

partners, etc.

  • You want to protect your brand, your customers, your

employees, your buyers, etc.

  • Demonstration of reasonable effort to protect your data and

Why Create a Security Plan?

slide-5
SLIDE 5

Cybersecurity Workbook 2.0

  • To provide small business with a starting concept

for creating a Written Information Security Program or (WISP).

  • Defining a reasonable program for handling

cybersecurity within a small business.

  • This is just a starting point. It is meant to get small

businesses thinking in a security mindset.

slide-6
SLIDE 6
  • Based off the NIST Framework
  • Concept is simple
  • Common language which all

understand

DETECT

What do you use to identify someone of something malicious?

PROTECT

What are the basic practices you have in place to protect your systems?

IDENTIFY

What structures and practices do you have in place to identify cyber threats?

RESOIND

How will you deal with a breach if and when it

  • ccurs?

RECOVER

How will you get your business back to normal after a breach?

Cybersecurity Workbook

slide-7
SLIDE 7

Section 1: Identify

  • Which ones do you

have?

  • Who has them?
  • How are they

maintained?

  • Are they supported?
  • Do you mix them?

Operating Systems

  • Desktops
  • Laptops
  • Mobile Devices
  • Printers
  • Storage Devices

Physical Security

  • Which ones do you

have?

  • Who has them?
  • How are they

maintained?

  • Are they supported?
  • Are they up to date?

Software

  • What do you collect?
  • What sensitivity level?
  • Where’s it located?
  • Who has access to it?
  • Outside consultant?

Know Your Company

slide-8
SLIDE 8

Section 2: Protect

Login Usernames and Passwords Data Segregation Timeouts and Lockouts Firewalls and patching Training and Awareness

slide-9
SLIDE 9

Section 3: Detect

AntiViruses and AnitMalware Scan for unusual activity Foreign Password Login!

slide-10
SLIDE 10

Section 4: Respond

Backing up and Restoring Types of Backups

  • Full System
  • File Level
  • Incremental
slide-11
SLIDE 11

Section 4: Respond

Cyber Insurance Incident Response Team

  • HR Staff
  • Forensic investigator
  • IT Staff
  • Legal team
  • Marketing team
  • Legal Fees
  • Cost of notifying

affected

  • Forensics Investigation
  • Business Interruption
  • Public relations

First-Party Liability

  • Payments to affected
  • Cyber extortion cost
  • Regulatory fees
  • Settlements
  • Damages

Third-Party Liability

slide-12
SLIDE 12

Section 5: Recover

  • Getting back to normal
  • Move swiftly and obtain assistance
  • Communication
  • Document
  • Managing your brand
  • Legal responsibilities
slide-13
SLIDE 13

House Bill 180

In effect since April 14, 2018 Notice to affected individuals mandated If SSNs are exposed credit monitoring must be offered A vendor must give immediate notice to the owner of breached data Does not require a specific form of notice when notifying customers

slide-14
SLIDE 14

House Bill 180 PII

  • Social Security number
  • Driver’s license number
  • Financial account number
  • Passport number
  • Individual taxpayer identification

number

  • Medical information
  • Health insurance information
  • DNA profile
  • Biometric data
  • Username or email address in

combination with a password or security question

slide-15
SLIDE 15

Low Cost Solutions

Encryption:

  • (Apple) FileVault
  • (Windows)

BitLocker

Cloud Storage:

  • Google Cloud Store
  • Amazon S3
  • DigitalOcean Spaces

File Storage:

  • Google Drive
  • Microsoft OneDrive
  • Dropbox

File Backup:

  • Google Drive
  • SpiderOak One
  • (Windows) Backup
  • (Apple) iCloud/Time

Machine

  • Rsync/rclone
slide-16
SLIDE 16

Low Cost Solutions

Password Management:

  • Lastpass
  • 1Password
  • Dashlane
  • Keeper

Developing a Cybersecurity Readiness Place:

  • DSBDC Cyber Readiness tool
  • DSBDC Cyber Guides & Tips

Business Platforms:

  • Gsuite for business
  • Office for business

Business Wide Communication:

  • Slack
  • Skype
  • Encrypted email solutions like Gmail
  • Zoom

Digital Infrastructure:

  • Google Cloud Platform (GCP)
  • Amazon Web Services (AWS)
  • Microsoft Azure
slide-17
SLIDE 17

SBDC Online Resources

Data Assured Toolkit

  • Cyber Workbook 2.0
  • Cybersecurity Do’s &

Don’ts

  • Monthly Webinars
  • Low-cost Cyber Solutions

Partner Resources

  • Cybersecurity Plans
  • FCC Cyber Planner
  • Ransomware Public Handout
  • Information Security Policy

Templates

  • SANS
  • Cybersecurity Resource List
slide-18
SLIDE 18

Jake Blacksten Technology Business Advisor Jacobb@udel.edu