LEARNING OBJECTIVES Minimize litigation risk Discuss ...LEARNING OBJECTIVES •Minimize litigation...

LEARNING OBJECTIVES

• Minimize litigation risk

• Discuss security best practices

• Review security tools and techniques

• Identify seven cybersecurity “must-do’s”

2016 © Azstec, LLC Slide 2

Imtiaz Munshi, CPA

(Subbing is Sajid Patel, Co-Founder Azstec)imunshi@azstec.com

https://www.linkedin.com/in/imtiaz-munshi-57725a

David Griffithdgriffith@azstec.com

https://www.linkedin.com/in/david-griffith-9020b813

Mark Gibbsmgibbs@gibbs.com

https://www.linkedin.com/in/mgibbs

WHY PROTECT DATA?

• Good business practice

• Defends firm’s reputation

• Risk mitigation

• Industry requirements

• Regulatory requirements

• Patriot Act exposure

• Protect intellectual property

SMALL BUSINESS TECH

• PC-centric

• Windows and MS Office

• Email and data servers

• Networking infrastructure

• Remote access

• Public cloud

• Website and private client portal

• Data backups

WHERE’S THE DATA?

At Rest

• Obvious: data server, backup storage, PCs

• Not so obvious: email, smartphone, cloud, printer

In Transit

• Email

• Uploads / downloads

• LAN and Wi-Fi transmission

• Online meetings

DATA BREACHES

• Accidental: Human error

– Wrong email address

– Poor passwords

– Lost/stolen device

• Deliberate: Internal and external

– Most likely internal

– Direct external breach risk for small business lower

EXCEPT for malware.

BREACH CONSEQUENCES

• Recovery and notification costs

• Brand damage

• Litigation

• Penalties and fines

• Theft of IP

POLLING QUESTION #1

Which of these negative impacts of cybersecurity breaches are you most concerned about?

Litigation

Ransom demand

Loss of reputation

Loss of intellectual property

RISK MITIGATION

• Make security “top of mind”

• Tech policies and procedures

• Physical security of data

• Software solutions

• Hardware solutions

• D.I.Y. versus IT expert

• Cyber insurance

POLICIES AND PROCEDURES

• Minimize impact of human error

• Get organizational buy-in

• Have an appropriate security policy

• Protect against all breaches

• Bolster defense in litigation; “due care”

SMALL BUSINESS IT

ENVIROMENT

PHYSICAL SECURITY

• Physical premises access

• Desktops vs. other devices

• Kensington locks

• Terminate ex-employees’ access

• Visitor control

• Maintenance, security, and janitorial

• The Tao of Shredding

NETWORK SECURITY

• Internet firewall

• Strong passwords and password managers

• Use “Pro” versions of Windows OS

• Anti-malware software

• Wi-Fi; no WPS and managed guest access

• Storage access control

• Disk and email encryption software

• Control and restrict applications

POLLING QUESTION #2

In your opinion, which of these is the LEAST

secure?

Smartphones

Laptops

Data Servers

HARDWARE SECURITY

• Protect servers

• Secure desktops

• Encrypt all storage

• Phase out old hardware

• Infrastructure management

• Beware the IoT (e.g. Pwn Plug)

MOBILE DEVICES

• Smartphones, tablets, laptops, USB drives

• Company owned or BYOD

• Data “at-rest” in mobile devices

• Need policies… and enforcement

• Mobile device management systems

REMOTE ACCESS

• Office desktops

• Hosted virtual desktops

• No DIY fixes

• No Starbucks

• No home Wi-Fi

CLOUDS

• Public, private, hybrid

• Always encrypt individual files in cloud

• Patriot Act Section 125

• Company policy

• Once email leaves sender, security is uncertain

• Highly vulnerable to human error and hacking

• Study: 30% of business email need encryption

• Encrypt message body as well as attachments

• Low adoption of encryption because of complexity

• 38% who do encrypt use manual encryption

• Must not interfere with workflow

• Must maintain file format of encrypted attachments

BOTTOM LINE

• Security is complicated

• Simple is better

• Passwords really matter

• Security through systems

• Systems need policies

• People make policies work

• The right tools matter

• Trust but verify

POLLING QUESTION #3

How often do you email confidential data in

Excel, Word ?

Sometimes

Quite Often

Very Frequently

THE SEVEN MUST-DO’S

1. Use robust logins and passwords

2. Encrypt disk drives and folders

3. Encrypt individual files

4. Encrypt sensitive email

5. Protect against malware

6. Keep systems updated

7. Be wary of the Internet of Things (IoT)

SCHNEIER ON SECURITY

“Complexity is the worst enemy of security”

“Security is a process not a product”

“People often represent the weakest

link in the security chain”

POLLING QUESTION #4

What are your biggest cybersecurity concerns?

Securing my data in the cloud

Protecting my network from hackers

Securing my email

Preventing employee mistakes from exposing confidential data

docNCRYPT™ ENCRYPTION

• Designed for CPA/Financial environments

• Simple installation

• Integrates into MS Office

– Simple workflow for high adoption

– Easy to learn

• Retains Excel and Word formats

• Also encrypts email message body

docNCRYPT™ ENCRYPTION

• We specialize in document encryption

– MS Outlook integration (shipping)

– Gmail integration (coming soon)

– Office applications (coming soon)

• Full bundle for complete document and

email security

docNCRYPT workflow

POLLING QUESTION #5

What action/steps will you take as a result of this webinar?

Implement a written cybersecurity policy

Start using email encryption software

Strengthen the logins and passwords we use in my company

Consult with my IT person about my Cybersecurity setup

FREE SOFTWARE AND

CYBERSECURITY WORKBOOK

Get your FREE 2 month license for docNCRYPT and your Cybersecurity Workbook

security.azstec.com

click on

Or at checkout page use promo code: “safe60”(offer expires end of June)

QUESTIONS?

Imtiaz Munshi, CPAimunshi@azstec.com

David Griffithdgriffith@azstec.com

Mark Gibbsmgibbs@azstec.com

azstec.com

THANK YOU!

Visit us on the web to learn more…

azstec.com

LEARNING OBJECTIVES Minimize litigation risk Discuss ...LEARNING OBJECTIVES •Minimize litigation...

Documents

1701 Global Patent Litigation:1701 Global Patent Litigation

SECURITIES LITIGATION UPDATEsecuritieslaw.utahbar.org/assets/Securities Litigation...SECURITIES LITIGATION UPDATE Erik A. Christiansen echristiansen@parsonsbehle.com Annual Securities

Minimize Litigation Risk With The Government So In House ... · Previously Dr. Baker served as the Assistant Inspector General for Audit at the National ... GAO’s Forensic Audit

Patent Litigation at thePatent Litigation at the … Litigation at thePatent Litigation at the International Trade Commission Deanna Tanner Okun Adduci Mastriani & Schaumberg LLPAdduci,

US SECURITIES lITIGATION AND ENFORCEMENT Disputes - Hot Topics.pdf · to contentious matters in the US, including securities litigation, bankruptcy-related litigation, M&A litigation

ERISA Litigation Update for Health Plans ERISA Litigation Update for Health Plans ERISA Litigation Update for Health Plans ERISA Litigation Update for

Chapter 6 Civil Litigation and Its Alternatives. Litigation v. Alternative Dispute Resolution o What is litigation? o Alternative approaches to litigation

CITY COUNCIL STUDY SESSION · 2. EXECUTIVE SESSION. 2.A (6:05 PM) Pursuant to RCW 42.30.110(1)(i), to discuss with legal counsel matters relating to litigation or potential litigation

Objectives Finish talking about ways to minimize ventilation losses Discuss role of ducts in building energy use Describe coheating test methodology Interpret

THE LITIGATION FINANCE CONTRACT - wmlawreview.org · THE LITIGATION FINANCE CONTRACT MAYA STEINITZ* ABSTRACT Litigation funding—for-profit, nonrecourse funding of a litigation by

Elastica and Computer Vision David Mumford 31.1 Introduction I want to discuss the problem from differential geometry of describing those plane cruxes C.' which minimize the integral

TOWN OF PENDLETON PUBLIC HEARING€¦ · Motion by Councilman Leible, seconded by Councilman Ostrowski, to adjourn to Executive Session to discuss personnel and litigation with the

LITIGATION AND ENFORCEMENT DEVELOPMENTS …...Litigation and Enforcement Developments in Connection with Access and Use of Data This presentation will discuss the following topics:

PATENT LITIGATION PRACTICE - Covington & Burling · PATENT LITIGATION PRACTICE COVINGTON 1 PATENT LITIGATION AT COVINGTON BENCH STRENGTH. Our patent litigation practice consists of

UNITED STATES DISTRICT COURT FOR THE …moritzlaw.osu.edu/electionlaw/litigation/documents/Perez...discriminate against voters based on race and an intent to dilute and minimize the

Tax Procedure Outline: Audit to Litigation€¦ · · 2017-09-191 Tax Procedure Outline – Audit to Litigation In this outline, we discuss tax controversy procedures, starting

Drafting Game Rules to Minimize Litigation

Second Annual Roundtable on Strategic Litigation and ... · 20/06/2014 · The Roundtable also provided an opportunity for break out groups to discuss the role of strategic litigation

IP Litigation in United States - Stanford Law School · 28 Data-Powered Tools Investigation • Patent litigation history • Company litigation profile • Counsel litigation profile

Documentation of Obstetrical Emergencies · Obstetrical Emergencies Craig M. Harris and Mary Ashley Cain, M.D. 9-17-2016. Objectives Discuss OBGYN experience and litigation Review