Kentucky Nonprofits & COVID-19 Sector Resources Cybersecurity - - PowerPoint PPT Presentation

kentucky nonprofits covid 19 sector resources
SMART_READER_LITE
LIVE PREVIEW

Kentucky Nonprofits & COVID-19 Sector Resources Cybersecurity - - PowerPoint PPT Presentation

Nov 19, 2023 293 likes •631 views

Kentucky Nonprofits & COVID-19 Sector Resources Cybersecurity in a Pandemic for Small Businesses All participants have been automatically muted. During todays conversation, if you would like to submit a question, please use the

slide-1
SLIDE 1

Kentucky Nonprofits & COVID-19 – Sector Resources

Cybersecurity in a Pandemic for Small Businesses

All participants have been automatically muted. During today’s conversation, if you would like to submit a question, please use the “CHAT” feature located at the bottom of your Zoom screen. You can also find COVID-19 resources on www.kynonprofits.org We will begin the program shortly.

slide-2
SLIDE 2

Cybersecurity in a Pandemic

Jason D. Miller Director, Business & Technology Consulting

slide-3
SLIDE 3
  • 1. Small business cybersecurity pre-pandemic
  • 2. Rush to work from home
  • 3. Cybersecurity during a pandemic
  • 4. Online meeting tools discussion
  • 5. Cybersecurity post-pandemic

Agenda

slide-4
SLIDE 4

Small Business Cybersecurity Pre-Pandemic

slide-5
SLIDE 5

Industry reports

slide-6
SLIDE 6

Small Business Prime Targets

2019 DBIR

slide-7
SLIDE 7

What tactics are utilized?

2019 DBIR

slide-8
SLIDE 8

Top hacking actions?

2019 DBIR

slide-9
SLIDE 9

What are other commonalities?

2019 DBIR

slide-10
SLIDE 10

Small Business with Cyberattacks

slide-11
SLIDE 11

Why aren’t small businesses better at cybersecurity?

slide-12
SLIDE 12

Cost of a breach and business disruption?

slide-13
SLIDE 13

The Rush to Work From Home March 2020

slide-14
SLIDE 14

What did we see happen in a matter of days?

Remote Access? Who?

  • Open up remote desktop

services

  • More VPN users
  • Third-party tools (free?)
  • Untrained users
  • Employees out of their

comfort zone

Devices? Communication?

  • Grab any spare laptop
  • Employee's home

computers

  • Free video conferencing
  • Personal email
  • Personal file shares
slide-15
SLIDE 15

Concerns created by the rush

Remote Access? Who?

What new vulnerabilities did you just open up for cyber criminals to access your network? Are your users really prepared? Users are our number one vulnerability is cybersecurity.

Devices? Communication?

How many vulnerable and unpatched devices are processing your critical data? Where is your sensitive information going?

slide-16
SLIDE 16

Cybersecurity During the Pandemic

slide-17
SLIDE 17

Make sure NO open RDP, Secure all remote - MFA

Remote access

Do it NOW

Swap out all old devices with patched and secure

Get devices updated

Review and implement secure password policies

Secure password policies

Have a professional do a quick external scan

External vulnerability scan

slide-18
SLIDE 18

Online Meeting Tools

slide-19
SLIDE 19

Popular tools and recent news

Zoom Resources →

Best Practices

  • Use unique meeting ID’s for each meeting
  • Require a password or ping to gain

access to meetings

  • Privately share meeting invitations.
  • Consider requiring users to enable the

“Lobby” or “Waiting room” functionality and affirming entry into a meeting.

  • If your users are using client-applications

versus the web interface, be sure the client applications are updated frequently to gain any security patches and enhancements that are released.

Cisco Webex Resources →

slide-20
SLIDE 20

Cybersecurity Post-Pandemic

slide-21
SLIDE 21

Do you have the right protection tools?

Key cybersecurity considerations

Would you know if your systems have been compromised? Do you have monitoring tools? Does your

  • rganization

conduct regular user awareness training? Have you had a third-party Cyber assessment conducted? Recently?

slide-22
SLIDE 22

PEOPLE TECHNOLOGY PROCESSES

Information Security Program

slide-23
SLIDE 23

People User Awareness

It is critical to train and equip

  • ur users on the frontlines.

2019 DBIR

slide-24
SLIDE 24

Processes & Controls

Risk Assessment Monitoring & Response

  • Not just a technology

exercise

  • Must be continual
  • Tools to monitor and provide

early detection

  • Incident Response plans

Information Security Program Business Continuity

  • Policies and Procedures
  • User education
  • Technology
  • Roadmap for improvement
  • Documentation & planning
  • Strong and reliable backups
slide-25
SLIDE 25

Assessment: Dean Dorton Cybersecurity Scorecard

slide-26
SLIDE 26

Security Lifecycles

Small Business Model Large to Medium Model

slide-27
SLIDE 27

Technology

MFA

Multi-factor Authentication

Next-Gen Anti-virus Advanced Web Filter Advanced Email Protection

slide-28
SLIDE 28

Other considerations

Office 365 Passwords

Have someone evaluate your Office 365 security and controls

  • Deploy a password filter
  • Require strong passwords
  • Minimum length 12
  • Age: 180 days

Remote Workforce Backups

  • Should all users have a

laptop?

  • Virtual Desktop Solutions
  • Cloud Solutions
  • Multiple layers
  • Air gap
  • Test regularly
slide-29
SLIDE 29

The one thing…

MFA

Multi-factor Authentication

slide-30
SLIDE 30

Resources

deandorton.com/insights deandorton.com/remote-work deandorton.com/cybersecurity

slide-31
SLIDE 31

What questions do you have?

Use the Chat box now

slide-32
SLIDE 32

Thank you

Jason D. Miller

Director, Business & Technology Consulting jmiller@ddaftech.com 859.425.7626