Cybersecurity: Are Your Employees Your Weakest Link?

fecinc.com

Cybersecurity: Are Your Employees the Weakest Link?

fecinc.com

External attacks Viruses and worms Phishing and

Pretexting Data Leakage

Understanding the Risk Landscape

fecinc.com

A shift in thinkingExternal threats are most familiar

Inside threats getting more attention

fecinc.com

Internal risk events– Weak credentials– Credential sharing– Unauthorized application use– Device loss/theft– Disgruntled workers on social

media Targeted information

– Private customer data– Financials– Intellectual Property

Consequences– Legal liability– Stock manipulation– Lost revenue

Looking Inside for Risks

fecinc.com

• Publish and educate• Require Strong

Passwords• Complex and strong

are different– Longer is better

than random complexity

– Easy to remember is better

• Cycle Passwords

A Working Password Policy

fecinc.com

• Commonly a focus• Hobbles usability• Users circumvent

• Focus on strength instead.– Long– Memorable

The Complexity Problem

fecinc.com

Policies, Inventories, Logs and Reports– Documentation is key– Tracking and Reporting

Software-based enforcement

Internal Audits– Systemic– Manual

External Audits– Consultants– Certifications

Measuring Effectiveness

fecinc.com

• Have one• Keep it current• Consider usability• Educate

– Frame the Discussion

– Set an expectation

Effective Security Policies

fecinc.com

Bank Tellers and Retail Cashiers

fecinc.com

Preventing Data Leakage:Keeping the Good “In”

Methods of Data Leakage– Lost Equipment– Stolen Equipment– Equipment gifted or sold to former

employees– USB drives– Unauthorized software access via

stolen or shared credentials– Social Media Posts– Unauthorized Cloud sharing

Stopping Leaks– Firewall Rules– Data encryption and MDM– Equipment release process– Have a USB drive policy or– Lock USB ports out– Pay attention to good work process– Social Media Use Policy or– Block social media posting

fecinc.com

Overall security– https://www.sans.org/critical-security-controls/control/14

Data Leakage Prevention Papers– http://

www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/data-loss-prevention/white_paper_c11-503131.html

– http://resources.infosecinstitute.com/data-loss-prevention-dlp-strategy-guide/

Password Strength Article– http://

www.infoworld.com/article/2616157/security/creating-strong-passwords-is-easier-than-you-think.html?page=2

Additional Information

fecinc.com

Mike OckengaManager IP Services

Finley Engineering Companym.Ockenga@fecinc.com

952-582-2912

Discussion