How to safe your company from having a security breach
1. How to save your company
from having a security breach
Matej Zachar
Project & Security Manager
Ota Čermák
Business Development
Manager
2. SAFETICA TECHNOLOGIES
• ESET Technology Alliance Partner
• Czech company
• 60 employees
• Developing security software since 2009
• 30 000 protected devices in 50 countries
with over 300 customers
3.
4. • Human error
• Abuse / fraud
• Problems in processes
ROOT CAUSES OF DATA LEAKAGE
5. • Chelsea and Westminster Hospital NHS Foundation
Trust has been fined £180,000 after revealing the
email addresses of more than 700 users of HIV
service. The incident happened when a member of
staff was sending newsletter and used field CC:
instead of BCC:
• (9.5.2016, ico.org.uk)
HUMAN ERROR
6. • 78 % of companies have already had a data leak
caused by an internal source
• 50 % of employees take sensitive data with them
when leaving a job
• 80 % of these plan to use this data in their new job
• (Ponemon Institute)
ABUSE / FRAUD
7. • Missing policies / guidelines
• E.g. data transfer
• Insufficient user awareness
• Lack of control mechanisms
PROCESSES
8.
9. • June 2016: Massive data leak
• 1.2 million customer records
• Insider sold the data
• 133.000€ Fine
• Front page headlines
10. • They admitted incident
• (But played it down)
X
• Crisis communication
• Remediation
• Transparency
14. • Production companies and
manufacturing
• Private Health care
• Logistics
• Automotive
• Public sector
• Financial sector, insurance,
advisory
• Law firms
• Security forces, military
and suppliers
• Utilities
• Services
• Pharmacy
• Food and Beverages
WHO IS THE TARGET?
15. • Every company.
• Personal data - GDPR
• Know-how
• Financial data
• Employees
WHO IS THE TARGET?
16. • Get support from board
• Identify risks
• Classify the data
• Secure their perimeter
• Implement policies
• Provide training
HOW TO DO IT
17. • „Open“ companies
• Agile development
• „Closed“ firms
• Hybrid approach
• Startups, young companies
CHOOSE THE RIGHT APPROACH
18. • Access to data
• Secure transfer
• User behavior
• Insider threat
FIND AND SOLVE ISSUES
19. • Be open to your employees
• Implement policies
• Train users
• Be aware of new and leaving staff
• Discuss everything!
DEVELOP RESPONSIBILITY
20. • Data Loss Prevention
• Security audit
• Encryption
• Mobile security
IMPLEMENT TECHNOLOGY
21. • Based in Czech republic
• Creating products for physical security
• Management realizes
the importance of data
22. 1. Policies
2. Training using DLP notifications
3. Step-by-step protection of know-how
4. Monitoring of leaving employees