Protect Your Small Business From Cyber Attacks Presenter: Jacob - - PowerPoint PPT Presentation

protect your small business from cyber attacks
SMART_READER_LITE
LIVE PREVIEW

Protect Your Small Business From Cyber Attacks Presenter: Jacob - - PowerPoint PPT Presentation

Aug 22, 2022 270 likes •530 views

Protect Your Small Business From Cyber Attacks Presenter: Jacob Blacksten Technology Business Advisor, Delaware SBDC 01/01/2018 www.delawaresbdc.org Small Businesses are a Target 68% of breaches took months or longer to 58% of data breach

slide-1
SLIDE 1

Protect Your Small Business From Cyber Attacks

Presenter: Jacob Blacksten Technology Business Advisor, Delaware SBDC 01/01/2018

www.delawaresbdc.org

slide-2
SLIDE 2

Small Businesses are a Target

58% of data breach victims are small businesses 68% of breaches took months or longer to discover

Source: 2018 Verizon Data Breach Report

58 42 68 32

www.delawaresbdc.org

slide-3
SLIDE 3

Program Purpose

slide-4
SLIDE 4

Program Purpose

Raise awareness of cyber risk within Delaware’s community Help businesses manage the threat and impact of cyber interference Foster innovation in cyber security

slide-5
SLIDE 5

Why Create a Security Plan?

  • Cyber is: Behavioral, Physical, Technological
  • S E C U R I T Y
  • The unknown is expensive
  • Increased scrutiny and liability from buyers, business partners, etc.
  • You want to protect your brand, your customers, your employees, your

buyers, etc.

  • Demonstration of reasonable effort to protect your data and systems.

Can you?

www.delawaresbdc.org

slide-6
SLIDE 6

The Small Business Cybersecurity Workbook

  • To provide small business with a starting concept

for creating a Written Information Security Program or (WISP).

  • Defining a reasonable program for handling

cybersecurity within a small business.

  • This is just a starting point. It is meant to get

small businesses thinking in a security mindset.

www.delawaresbdc.org

slide-7
SLIDE 7

Cybersecurity Workbook

DETECT ‐ (Pg 19)

What do you use to identify someone of something malicious?

PROTECT ‐ (Pg 12)

What are the basic practices you have in place to protect your systems?

IDENTIFY ‐ (Pg 8)

What structures and practices do you have in place to identify cyber threats?

RESOIND ‐ (Pg 21)

How will you deal with a breach if and when it occurs?

RECOVER ‐ (Pg 23)

How will you get your business back to normal after a breach?

  • Based off the NIST Framework
  • Concept is simple
  • Common language which all

understand

slide-8
SLIDE 8

Section 1: Identify

A Risk‐Based Approach

  • What do you collect?
  • What sensitivity level?
  • Where’s it located?
  • Who has access to it?
  • Outside consultant?

Know Your Company

  • Desktops
  • Laptops
  • Mobile Devices

Physical Security

  • Which ones do you

have?

  • Who has them?
  • How are they

maintained?

Operating Systems

  • Inventoried and

current?

Software

www.delawaresbdc.org

slide-9
SLIDE 9

Section 2: Protect

Login

Usernames and Passwords

Data Segregation Timeouts and Lockouts Firewalls and patching Training and Awareness

www.delawaresbdc.org

slide-10
SLIDE 10

Passwords & Authentication

www.delawaresbdc.org

Passwords Authentication

slide-11
SLIDE 11

Passwords & Authentication

www.delawaresbdc.org

Passwords

Mandatory Password Cycle Length 8 – 64 Characters Require Special Characters Scan Against Common Known/Used

Authentication

What you know: Password What you have: Token What you are: Biometrics Multifactor Password Hints

slide-12
SLIDE 12

Passwords & Authentication

www.delawaresbdc.org

Passwords

NO Mandatory Password Cycle Length 8 – 64 Characters Require Special Characters Scan Against Common Known/Used

Authentication

What you know: Password What you have: Token What you are: Biometrics Multifactor Password Hints

slide-13
SLIDE 13

Passwords & Authentication

www.delawaresbdc.org

Passwords

NO Mandatory Password Cycle Length 8 – 64 Characters Don’t Require Special Characters Scan Against Common Known/Used

Authentication

What you know: Password What you have: Token What you are: Biometrics Multifactor Password Hints

slide-14
SLIDE 14

Passwords & Authentication

www.delawaresbdc.org

Passwords

NO Mandatory Password Cycle Length 8 – 64 Characters Don’t Require Special Characters Scan Against Common Known/Used

Authentication

What you know: Password What you have: Token What you are: Biometrics Multifactor Avoid Password Hints

slide-15
SLIDE 15

Section 3: Detect

www.delawaresbdc.org

slide-16
SLIDE 16

Section 3: Detect

AntiVirus and AntiMalware Scan for unusual activity Foreign Password Login!

www.delawaresbdc.org

slide-17
SLIDE 17

Section 3: Detect

www.delawaresbdc.org

AntiVirus and AntiMalware Scan for unusual activity Foreign Password Login!

Congratulations!

Claim Reward!

You are our 100th visitor of the day and we would like to thank you.

slide-18
SLIDE 18

Section 4: Respond

www.delawaresbdc.org

slide-19
SLIDE 19

Section 4: Respond

  • Contact legal support
  • Contact a Digital Forensics Team
  • Document EVERYTHING!
  • Date of Incident
  • Explanation of Incident
  • How Discovered
  • How Remediated
  • Date Affected
  • Steps Taken To Close Vulnerability
  • Updated Backups

www.delawaresbdc.org

slide-20
SLIDE 20

Section 4: Recover

  • Getting back to normal
  • Move swiftly and obtain assistance
  • Communication
  • Document

www.delawaresbdc.org

slide-21
SLIDE 21

House Bill 180

  • August 24, 2017, Governor John Carney signed into law the first update to Delaware’s

data breach law in 12 years.

  • Enacts new requirements for Delaware’s businesses for protecting personal

information.

  • If you conduct business in Delaware and own, license or maintain personal information
  • n Delaware residents, you are required to “implement and maintain reasonable

procedures and practices to prevent the unauthorized acquisition, use, modification, disclosure, or destruction of personal information collected or maintained in the regular course of business.”

www.delawaresbdc.org

slide-22
SLIDE 22

House Bill 180

If the data I own, license or maintain is hacked, what is my obligation?

  • You have 60 days to provide notice to affected individuals unless you

can determine after an appropriate investigation that the breach is “unlikely to result in harm.”

  • If the data breach includes Social Security numbers, residents shall be
  • ffered credit monitoring services at no cost to the residents for a

period of one year. If the effected number of Delaware residents exceeds 500, the Attorney General is to be notified.

  • If encrypted data is breached, you don’t have to provide notice unless

the encryption key is also breached.

What Counts as Personal Information?

To be personal information, the categories listed below must be associated with a Delaware resident’s first name or initial and last name in combination with any of the categories below with the required password or security code

  • Social Security number
  • Driver’s license number
  • Financial account number
  • Passport Number
  • Username or email address in

combination with a password or security question

  • Medical information
  • Health insurance information
  • DNA profile
  • Biometric data used to access

information

  • An individual taxpayer identification

number

www.delawaresbdc.org

slide-23
SLIDE 23

Cyber Risk Assessment Tool

www.delawaresbdc.org

slide-24
SLIDE 24

SBDC Online Resources SBDC Online Resources

DatAssured Cybersecurity Workbook Do’s and Don’ts

  • Small Business Cybersecurity
  • Safe Payments
  • Vendor Questions

Cybersecurity Plans

  • FCC Cyber Planner
  • Ransomware Public Handout

Information Security Policy Templates

  • SANS
  • Cybersecurity Resource List

www.delawaresbdc.org

slide-25
SLIDE 25

Helping Delaware’s small business community secure their critical data and infrastructure

Jacob Blacksten Technology Business Development Delaware SBDC jacobb@udel.edu

www.delawaresbdc.org