SlideShare ist ein Scribd-Unternehmen logo

Assessing Your security

Als PPTX, PDF herunterladen
Legal Services National Technology Assistance Project (LSNTAP)
Legal Services National Technology Assistance Project (LSNTAP)

Anyone handling sensitive information in this day and age needs to to have a solid security setup and a plan for when something goes wrong. This webinar aims to get you looking at your security with fresh eyes and give you an outline of an action plan.

Technologie
1 von 66
Assessing Your Security September 2016
Introductions Joshua Peskay Idealware Expert Trainer Vice President, RoundTable Technology
Introductions Peter Campbell Chief Information Officer, Legal Services Corporation
Introductions www.idealware.org
WhatWe’ll Cover Today • Imperfect Security • Assessing Your Risk • Common Risky Practices • What Do You Do if You Experience a Data Breach? • Establishing Policies for Your Organization
Poll Question On a scale of 1-5, how concerned are you with your data security?
A False Sense of Security
Why Is Everyone Talking About Security? In the digital age, data risk is the new normal.
A False Sense of Security Some are overwhelmed. Others are just gambling that their number won’t come up. Survey link:
Avoiding Security Won’t Protect You
Neither Will Your Nonprofit Status Survey link: Data thieves are usually pros—they don’t care who their target is. If they can steal valuable information, they will.
Small Nonprofits Are Attractive Targets • Fewer resources • Limited IT security • Not likely to notice an attack until much later
What Are Your Risks? And what should you do about them? Photo Credit: Women of Color in Tech Chat
Assessing Your Risk
It’s a Process To understand the risks and your comfort with them, you need to carry out a thorough assessment of your data.
Inventory Your Data Make a list on sticky notes and group them by where the data is stored (e.g., case management system).
Classify Your Information • Confidentiality: Data that can’t be exposed. • Integrity: Data you can’t lose. • Availability: Data you can’t lose access to for any period of time. If you have data that’s not very high in any of these categories, then it’s likely not essential to your organization.
Consider the Risks Think through: • What could happen to your data? • How likely is it to happen? • How bad would it be if something happened? Photo Credit: Women of Color in Tech Chat
Into the Chat: What Risks Worry You? Are there specific risks that keep you up at night?
8 Common Risky Practices
1. Unmanaged Personal Devices Do staffers use their personal devices for work?
You Can’t Control Access • A personal device may have additional users. • Terminated employees are likely to still have organizational information after leaving.
Virus/Malware Risk How do you know personal computers and devices have basic protections?
Software Ownership Your nonprofit might purchase the software, but not control the license.
What Can You Do? • Provide virus and malware software. • Establish software licensing policies. • Provide devices for work, if possible. • Mobile Device Management exists, but is expensive.
2. Lack of Password Management Are a lot of people using weak passwords?
Bad Habits • Sharing passwords. • Reusing Passwords • Not changing default passwords. • Writing passwords on post-it notes. • Trying to keep it too simple.
Multi-Factor Authentication Something You Know Something You Have Something You Are
Password Managers
What Can You Do? • Implement password management software such as OneLogin. • Dual-factor authentication. • Establish password creation policies. • Provide training.
3. Consumer-Grade Cloud Storage Is there a difference between Dropbox and Dropbox for business?
Hard to Control Access to Data • Convenience • Cost Savings • Staff preference
Less Security You often get what you pay for with free Cloud storage.
What Can You Do? • Use business-grade Cloud storage and set controls that limit access to your data. • Add-on services such as BetterCloud can also give you deeper audit and policy controls.
4. Poor Backup Infrastructure What if your office experiences a disaster?
Data Needs to Be in a Safe Place If you have to store it physically, take your backup off site. The Cloud is a great option for backup.
Think Beyond Backup It’s just one of many business continuity challenges. What will you do if the data is unavailable for a period of time or you experience a data breach?
What Can You Do? • Regularly schedule backups. • Create incident response, business continuity, and disaster recovery plans—and test them!
5. Poor Software Management Is the software your team is using safe?
DIY Downloads Don’t Happen It’s inconvenient, so people are likely to skip downloading patches and updates.
Out of Date Software Hackers keep up to date on security holes and are always looking for opportunities to exploit them.
Unwanted Applications They can affect both productivity and machine health. And some carry malware.
What Can You Do? • Establish patch management procedures. • Manage software installations. • Perform regular tune-ups.
6. Overlooking Physical Security Is your office protected?
What if Someone Walks in the Door? Would it be easy to access or steal computers?
What Can You Do? • Take basic office security measures. • Lock computers to desks. • Institute a check out policy for shared devices and keep them locked away.
7. Unsafe Wi-Fi Is your connection secure?
Office Wi-Fi Needs to Be Protected You can’t just plug in a router and assume everything is fine.
Coffee Shops Can Be Risky Is that connection vulnerable to spying?
What Can You Do? • Make sure your network is protected by a firewall and a password. • Avoid working in unsecure environments.
8. Security Training Your staff members are your most important security measure.
Awareness Can Prevent Many Incidents People want to do the right thing, but they often don’t know what that is or why it’s important.
What Can You Do? • Regularly provide short training sessions. • Incorporate security issues/discussi ons in existing meetings.
Establishing Policies
Form a Committee A diverse committee can help you see risk from multiple angles and come up with smart ways to deal with those risks.
Ask Tough Questions Anything you overlook has the potential to be a hazard in the future.
What Will Prevent a Breach? Think of all the ways a breach might occur. Write rules that govern activities such as how to create and handle passwords or how files can be stored and shared.
How Will You Respond if a Breach Occurs? Map out a response plan that includes steps and roles for data recovery, business continuity, and communications.
BYOD? Write clear usage guidelines for things such as what security software needs to be installed and whether your organization provides IT support.
Policy Making Is Iterative You’ll need to review your rules and update them periodically to make sure they’re addressing your needs.
Policy Examples Go to http://bit.ly/SecurityPolicyExamples to find examples and templates that you can use as your starting point.
Additional Resources Idealware and RoundTable technology have many resources that can help you better secure your technology and data. • What Nonprofits Need to Know About Security: A Practical Guide to Managing Risk (Idealware) • Incident Report Form (RoundTable) • Backup, Data Recovery, and Business Continuity Primer (RoundTable) • Information Identification and Classification Template (RoundTable)
Perfect Security Isn’t Possible There will always be risks out there.
Practical Security Is Within Reach
Into the Chat: What Resonated? What security steps will you take over the next month?
Questions? Ask Idealware… On Twitter: @idealware On Facebook: /idealware

Empfohlen

Everything is not awesome: The rising threat of Cyber-attack and what to do a...
Everything is not awesome: The rising threat of Cyber-attack and what to do a...Everything is not awesome: The rising threat of Cyber-attack and what to do a...
Everything is not awesome: The rising threat of Cyber-attack and what to do a...Robi Sen
 
Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?centralohioissa
 
Deral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail LaterDeral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail Latercentralohioissa
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowRoger Hagedorn
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
 
Mind the gap
Mind the gapMind the gap
Mind the gapRoger Hagedorn
 
Cultivating security in the small nonprofit
Cultivating security in the small nonprofitCultivating security in the small nonprofit
Cultivating security in the small nonprofitRoger Hagedorn
 

Empfohlen

Everything is not awesome: The rising threat of Cyber-attack and what to do a...
Everything is not awesome: The rising threat of Cyber-attack and what to do a...Everything is not awesome: The rising threat of Cyber-attack and what to do a...
Everything is not awesome: The rising threat of Cyber-attack and what to do a...Robi Sen
 
Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?centralohioissa
 
Deral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail LaterDeral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail Latercentralohioissa
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowRoger Hagedorn
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
 
Mind the gap
Mind the gapMind the gap
Mind the gapRoger Hagedorn
 
Cultivating security in the small nonprofit
Cultivating security in the small nonprofitCultivating security in the small nonprofit
Cultivating security in the small nonprofitRoger Hagedorn
 
Security initiatives here and down under
Security initiatives here and down underSecurity initiatives here and down under
Security initiatives here and down underRoger Hagedorn
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directorscentralohioissa
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
Mitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksMitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksTripwire
 
Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information securityMajor Hayden
 
Business-Critical Backup: Preparing for a Disaster
Business-Critical Backup: Preparing for a DisasterBusiness-Critical Backup: Preparing for a Disaster
Business-Critical Backup: Preparing for a DisasterNetWize
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaborationcentralohioissa
 
The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015Major Hayden
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actorsOWASP EEE
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mindcentralohioissa
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
 
What your scanner isn't telling you
What your scanner isn't telling youWhat your scanner isn't telling you
What your scanner isn't telling youCore Security
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...centralohioissa
 
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the BattlefieldPhil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefieldcentralohioissa
 
ISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryKevin Landale
 
2015 Cyber Security
2015 Cyber Security2015 Cyber Security
2015 Cyber SecurityAllen Zhang
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachEast Midlands Cyber Security Forum
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacksAppSense
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISSaazan Shrestha
 
Deverse presentation
Deverse presentationDeverse presentation
Deverse presentationLegal Services National Technology Assistance Project (LSNTAP)
 
República bolivariana de venezuela
República bolivariana de venezuelaRepública bolivariana de venezuela
República bolivariana de venezuelaJavier Portilla
 

Weitere ähnliche Inhalte

Was ist angesagt?

Security initiatives here and down under
Security initiatives here and down underSecurity initiatives here and down under
Security initiatives here and down underRoger Hagedorn
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directorscentralohioissa
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
Mitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksMitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksTripwire
 
Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information securityMajor Hayden
 
Business-Critical Backup: Preparing for a Disaster
Business-Critical Backup: Preparing for a DisasterBusiness-Critical Backup: Preparing for a Disaster
Business-Critical Backup: Preparing for a DisasterNetWize
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaborationcentralohioissa
 
The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015Major Hayden
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actorsOWASP EEE
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mindcentralohioissa
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
 
What your scanner isn't telling you
What your scanner isn't telling youWhat your scanner isn't telling you
What your scanner isn't telling youCore Security
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...centralohioissa
 
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the BattlefieldPhil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefieldcentralohioissa
 
ISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryKevin Landale
 
2015 Cyber Security
2015 Cyber Security2015 Cyber Security
2015 Cyber SecurityAllen Zhang
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacksAppSense
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISSaazan Shrestha
 

Was ist angesagt? (20)

Security initiatives here and down under
Security initiatives here and down underSecurity initiatives here and down under
Security initiatives here and down under
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directors
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
 
Mitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksMitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security Attacks
 
Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information security
 
Business-Critical Backup: Preparing for a Disaster
Business-Critical Backup: Preparing for a DisasterBusiness-Critical Backup: Preparing for a Disaster
Business-Critical Backup: Preparing for a Disaster
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaboration
 
The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
 
What your scanner isn't telling you
What your scanner isn't telling youWhat your scanner isn't telling you
What your scanner isn't telling you
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
 
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the BattlefieldPhil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
 
ISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryISM and its impact on Government Project Delivery
ISM and its impact on Government Project Delivery
 
2015 Cyber Security
2015 Cyber Security2015 Cyber Security
2015 Cyber Security
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breach
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MIS
 

Andere mochten auch

República bolivariana de venezuela
República bolivariana de venezuelaRepública bolivariana de venezuela
República bolivariana de venezuelaJavier Portilla
 
Grabbikemakinhematpromo24mei2016
Grabbikemakinhematpromo24mei2016Grabbikemakinhematpromo24mei2016
Grabbikemakinhematpromo24mei2016henry jaya teddy
 
JIRA 101 - Over(our)head No Longer!
JIRA 101 - Over(our)head No Longer!JIRA 101 - Over(our)head No Longer!
JIRA 101 - Over(our)head No Longer!Frank Caron
 

Andere mochten auch (7)

Deverse presentation
Deverse presentationDeverse presentation
Deverse presentation
 
República bolivariana de venezuela
República bolivariana de venezuelaRepública bolivariana de venezuela
República bolivariana de venezuela
 
Singapore hotels market_view_2015_h1
Singapore hotels market_view_2015_h1Singapore hotels market_view_2015_h1
Singapore hotels market_view_2015_h1
 
Grabbikemakinhematpromo24mei2016
Grabbikemakinhematpromo24mei2016Grabbikemakinhematpromo24mei2016
Grabbikemakinhematpromo24mei2016
 
Solución reto the wall
Solución reto the wallSolución reto the wall
Solución reto the wall
 
Jira 101
Jira 101Jira 101
Jira 101
 
JIRA 101 - Over(our)head No Longer!
JIRA 101 - Over(our)head No Longer!JIRA 101 - Over(our)head No Longer!
JIRA 101 - Over(our)head No Longer!
 

Ähnlich wie Assessing Your security

7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security Pitfalls
7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security Pitfalls7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security Pitfalls
7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security PitfallsDaniel Rivas
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxinfosec train
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and HealthcareJonathon Coulter
 
An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In LibrariesBlake Carver
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessJoel Cardella
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNorth Texas Chapter of the ISSA
 
Common Sense Security Framework
Common Sense Security FrameworkCommon Sense Security Framework
Common Sense Security FrameworkJerod Brennen
 
Small Business Administration Recommendations
Small Business Administration RecommendationsSmall Business Administration Recommendations
Small Business Administration RecommendationsMeg Weber
 
Be More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small BusinessBe More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small BusinessArt Ocain
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Wendy Knox Everette
 
The Silver Bullet of Cyber Security v1.1
The Silver Bullet of Cyber Security v1.1The Silver Bullet of Cyber Security v1.1
The Silver Bullet of Cyber Security v1.1William Kiss
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Executive Directors Chat:It's easy to stay safe online.pdf
Executive Directors Chat:It's easy to stay safe online.pdfExecutive Directors Chat:It's easy to stay safe online.pdf
Executive Directors Chat:It's easy to stay safe online.pdfTechSoup
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCyphort
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight BackMTG IT Professionals
 

Ähnlich wie Assessing Your security (20)

7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security Pitfalls
7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security Pitfalls7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security Pitfalls
7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security Pitfalls
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and Healthcare
 
An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries
 
Team black
Team blackTeam black
Team black
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
 
Common Sense Security Framework
Common Sense Security FrameworkCommon Sense Security Framework
Common Sense Security Framework
 
Small Business Administration Recommendations
Small Business Administration RecommendationsSmall Business Administration Recommendations
Small Business Administration Recommendations
 
Be More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small BusinessBe More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small Business
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
 
The Silver Bullet of Cyber Security v1.1
The Silver Bullet of Cyber Security v1.1The Silver Bullet of Cyber Security v1.1
The Silver Bullet of Cyber Security v1.1
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Executive Directors Chat:It's easy to stay safe online.pdf
Executive Directors Chat:It's easy to stay safe online.pdfExecutive Directors Chat:It's easy to stay safe online.pdf
Executive Directors Chat:It's easy to stay safe online.pdf
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook Security
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCybersecurity 5 road_blocks
Cybersecurity 5 road_blocks
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
 

Mehr von Legal Services National Technology Assistance Project (LSNTAP)

Mehr von Legal Services National Technology Assistance Project (LSNTAP) (20)

Language Access Webinar
Language Access WebinarLanguage Access Webinar
Language Access Webinar
 
Free and Low Cost Technology Tools for Legal Aid
Free and Low Cost Technology Tools for Legal AidFree and Low Cost Technology Tools for Legal Aid
Free and Low Cost Technology Tools for Legal Aid
 
50 Tech Tips
50 Tech Tips50 Tech Tips
50 Tech Tips
 
Sharelaw + Video Tips
Sharelaw + Video TipsSharelaw + Video Tips
Sharelaw + Video Tips
 
Intro to UX
Intro to UXIntro to UX
Intro to UX
 
Online Dispute Resolution
Online Dispute ResolutionOnline Dispute Resolution
Online Dispute Resolution
 
Supporting Mobile Pro Bono Attorneys
Supporting Mobile Pro Bono AttorneysSupporting Mobile Pro Bono Attorneys
Supporting Mobile Pro Bono Attorneys
 
Guide to Office 365
Guide to Office 365Guide to Office 365
Guide to Office 365
 
The State of E-Filing 2017
The State of E-Filing 2017The State of E-Filing 2017
The State of E-Filing 2017
 
Intro to Data Analysis Framework
Intro to Data Analysis Framework Intro to Data Analysis Framework
Intro to Data Analysis Framework
 
Language Access for Legal Aid Websites
Language Access for Legal Aid WebsitesLanguage Access for Legal Aid Websites
Language Access for Legal Aid Websites
 
Teaching Your Staff About Phishing
Teaching Your Staff About PhishingTeaching Your Staff About Phishing
Teaching Your Staff About Phishing
 
Data Visualization Tools
Data Visualization ToolsData Visualization Tools
Data Visualization Tools
 
Data Visualization Tools
Data Visualization Tools Data Visualization Tools
Data Visualization Tools
 
Creating a Technology Disaster Plan
Creating a Technology Disaster PlanCreating a Technology Disaster Plan
Creating a Technology Disaster Plan
 
Factors in Software Selection
Factors in Software SelectionFactors in Software Selection
Factors in Software Selection
 
Can i work remotely
Can i work remotelyCan i work remotely
Can i work remotely
 
Intro to data analysis framework april 25 2017
Intro to data analysis framework april 25 2017Intro to data analysis framework april 25 2017
Intro to data analysis framework april 25 2017
 
LSC Tech Baselines
LSC Tech BaselinesLSC Tech Baselines
LSC Tech Baselines
 
Legal Aid Tech Baseline 2016
Legal Aid Tech Baseline 2016 Legal Aid Tech Baseline 2016
Legal Aid Tech Baseline 2016
 

Kürzlich hochgeladen

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Kürzlich hochgeladen (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Assessing Your security

  • 2. Introductions Joshua Peskay Idealware Expert Trainer Vice President, RoundTable Technology
  • 3. Introductions Peter Campbell Chief Information Officer, Legal Services Corporation
  • 5. WhatWe’ll Cover Today • Imperfect Security • Assessing Your Risk • Common Risky Practices • What Do You Do if You Experience a Data Breach? • Establishing Policies for Your Organization
  • 6. Poll Question On a scale of 1-5, how concerned are you with your data security?
  • 7. A False Sense of Security
  • 8. Why Is Everyone Talking About Security? In the digital age, data risk is the new normal.
  • 9. A False Sense of Security Some are overwhelmed. Others are just gambling that their number won’t come up. Survey link:
  • 11. Neither Will Your Nonprofit Status Survey link: Data thieves are usually pros—they don’t care who their target is. If they can steal valuable information, they will.
  • 12. Small Nonprofits Are Attractive Targets • Fewer resources • Limited IT security • Not likely to notice an attack until much later
  • 13. What Are Your Risks? And what should you do about them? Photo Credit: Women of Color in Tech Chat
  • 15. It’s a Process To understand the risks and your comfort with them, you need to carry out a thorough assessment of your data.
  • 16. Inventory Your Data Make a list on sticky notes and group them by where the data is stored (e.g., case management system).
  • 17. Classify Your Information • Confidentiality: Data that can’t be exposed. • Integrity: Data you can’t lose. • Availability: Data you can’t lose access to for any period of time. If you have data that’s not very high in any of these categories, then it’s likely not essential to your organization.
  • 18. Consider the Risks Think through: • What could happen to your data? • How likely is it to happen? • How bad would it be if something happened? Photo Credit: Women of Color in Tech Chat
  • 19. Into the Chat: What Risks Worry You? Are there specific risks that keep you up at night?
  • 20. 8 Common Risky Practices
  • 21. 1. Unmanaged Personal Devices Do staffers use their personal devices for work?
  • 22. You Can’t Control Access • A personal device may have additional users. • Terminated employees are likely to still have organizational information after leaving.
  • 23. Virus/Malware Risk How do you know personal computers and devices have basic protections?
  • 24. Software Ownership Your nonprofit might purchase the software, but not control the license.
  • 25. What Can You Do? • Provide virus and malware software. • Establish software licensing policies. • Provide devices for work, if possible. • Mobile Device Management exists, but is expensive.
  • 26. 2. Lack of Password Management Are a lot of people using weak passwords?
  • 27. Bad Habits • Sharing passwords. • Reusing Passwords • Not changing default passwords. • Writing passwords on post-it notes. • Trying to keep it too simple.
  • 30. What Can You Do? • Implement password management software such as OneLogin. • Dual-factor authentication. • Establish password creation policies. • Provide training.
  • 31. 3. Consumer-Grade Cloud Storage Is there a difference between Dropbox and Dropbox for business?
  • 32. Hard to Control Access to Data • Convenience • Cost Savings • Staff preference
  • 33. Less Security You often get what you pay for with free Cloud storage.
  • 34. What Can You Do? • Use business-grade Cloud storage and set controls that limit access to your data. • Add-on services such as BetterCloud can also give you deeper audit and policy controls.
  • 35. 4. Poor Backup Infrastructure What if your office experiences a disaster?
  • 36. Data Needs to Be in a Safe Place If you have to store it physically, take your backup off site. The Cloud is a great option for backup.
  • 37. Think Beyond Backup It’s just one of many business continuity challenges. What will you do if the data is unavailable for a period of time or you experience a data breach?
  • 38. What Can You Do? • Regularly schedule backups. • Create incident response, business continuity, and disaster recovery plans—and test them!
  • 39. 5. Poor Software Management Is the software your team is using safe?
  • 40. DIY Downloads Don’t Happen It’s inconvenient, so people are likely to skip downloading patches and updates.
  • 41. Out of Date Software Hackers keep up to date on security holes and are always looking for opportunities to exploit them.
  • 42. Unwanted Applications They can affect both productivity and machine health. And some carry malware.
  • 43. What Can You Do? • Establish patch management procedures. • Manage software installations. • Perform regular tune-ups.
  • 44. 6. Overlooking Physical Security Is your office protected?
  • 45. What if Someone Walks in the Door? Would it be easy to access or steal computers?
  • 46. What Can You Do? • Take basic office security measures. • Lock computers to desks. • Institute a check out policy for shared devices and keep them locked away.
  • 47. 7. Unsafe Wi-Fi Is your connection secure?
  • 48. Office Wi-Fi Needs to Be Protected You can’t just plug in a router and assume everything is fine.
  • 49. Coffee Shops Can Be Risky Is that connection vulnerable to spying?
  • 50. What Can You Do? • Make sure your network is protected by a firewall and a password. • Avoid working in unsecure environments.
  • 51. 8. Security Training Your staff members are your most important security measure.
  • 52. Awareness Can Prevent Many Incidents People want to do the right thing, but they often don’t know what that is or why it’s important.
  • 53. What Can You Do? • Regularly provide short training sessions. • Incorporate security issues/discussi ons in existing meetings.
  • 55. Form a Committee A diverse committee can help you see risk from multiple angles and come up with smart ways to deal with those risks.
  • 56. Ask Tough Questions Anything you overlook has the potential to be a hazard in the future.
  • 57. What Will Prevent a Breach? Think of all the ways a breach might occur. Write rules that govern activities such as how to create and handle passwords or how files can be stored and shared.
  • 58. How Will You Respond if a Breach Occurs? Map out a response plan that includes steps and roles for data recovery, business continuity, and communications.
  • 59. BYOD? Write clear usage guidelines for things such as what security software needs to be installed and whether your organization provides IT support.
  • 60. Policy Making Is Iterative You’ll need to review your rules and update them periodically to make sure they’re addressing your needs.
  • 61. Policy Examples Go to http://bit.ly/SecurityPolicyExamples to find examples and templates that you can use as your starting point.
  • 62. Additional Resources Idealware and RoundTable technology have many resources that can help you better secure your technology and data. • What Nonprofits Need to Know About Security: A Practical Guide to Managing Risk (Idealware) • Incident Report Form (RoundTable) • Backup, Data Recovery, and Business Continuity Primer (RoundTable) • Information Identification and Classification Template (RoundTable)
  • 63. Perfect Security Isn’t Possible There will always be risks out there.
  • 64. Practical Security Is Within Reach
  • 65. Into the Chat: What Resonated? What security steps will you take over the next month?
  • 66. Questions? Ask Idealware… On Twitter: @idealware On Facebook: /idealware