"The 7 Most Important Steps to Cyber protection for SME's -"
or " Software that can cost less than a Latte and could get you Enterprise Level Cyber Security !..."
Updated List of Software /Services
http://vciso.co/lattesecurity
1. @1davidclarke Email cio@vciso.co for list of links
• IBM Interconnect
26th
March 2015
Sunderland Software Centre
"Thank You
to the IBM Team
for puttng this event together.“
http://www.slideshare.net/IBMInterconnect/inter-connect-sunderland-agenda?
qid=cbafb915-e826-4d62-9e21-b1f837afc3fa&v=&b=&from_search=5
Th
2. @1davidclarke Email cio@vciso.co for list of links
David Clarke
• Created CERT on a Financial Intranet trading $3.5
Trillion a day ,CPNI Member 10 Years.
• Managed Global Managed Security Services with a
$100-$300 million Global install base 500 + Customers
with $3.4 Billion dollar Contracts.
• Created , maintained and improved regulatory and
compliance commitments including Global PCI-DSS,
ISO 27001 (10,000+ Security Devices/Systems ).
4. @1davidclarke Email cio@vciso.co for list of links
• "....that can cost less
than a Latte and
could get you
Enterprise Level
Cyber Security !..."
• Updated List of Software /Service
vciso.co/lattesecurity
7. @1davidclarke Email cio@vciso.co for list of links
How does this affect Small
Business
• Cyber attacks third biggest risk for UK
firms, as supply chain disruption remains
top concern - See more at: Jan 15th 2015
• http://www.supplymanagement.com/news/2015/cyber-attacks-third-biggest-risk-for-uk-firms-as-supply-chain-
disruption-remains-top#sthash.iHZoSvDS.dpuf
8. @1davidclarke Email cio@vciso.co for list of links
Impact for Small Business
• To Supply IT services to HMG Compliant
with Cyber Essentials.
• Potentially Suppliers to suppliers will need
to demonstrate cyber security practices
• Suppliers to larger compnanies are
already being asked.
10. @1davidclarke Email cio@vciso.co for list of links
1. System Misconfiguration
2. Patch Management
3. Default Passwords
4. Easy to Guess Passwords
5. Lost Devices
6. Disclosure of info via incorrect email address
7. Double Clicking Attachment/URL
11. @1davidclarke Email cio@vciso.co for list of links
Re- Arrange this List
1. Easy to Guess Passwords
2. Default Passwords
3. Disclosure of info via incorrect email address
4. Patch Management
5. Lost Devices
6. Double Clicking Attachment/URL
7. System Misconfiguration
12. @1davidclarke Email cio@vciso.co for list of links
Passwords
Two Main Types Types
• Master Passwords
Access to PC's and Servers and Appliances <10
• Constant Use Passwords
Email,Ebay,Dropbox etc >100's
13. @1davidclarke Email cio@vciso.co for list of links
Master Passwords
If you have this Card nothing to remember Cost One Time <£5.00
https://www.qwertycards.com/
14. @1davidclarke Email cio@vciso.co for list of links
Constant Use Passwords
If you have this Software nothing to remember Cost Yearly $12.00
Auto Fill
Creates Password
Saves Site
Free
$12/Year for Mobile
15. @1davidclarke Email cio@vciso.co for list of links
If you have a Large Team
If you have this Software nothing to remember Cost Monthly about $10
Auto Fill
Creates Password
Saves Site
$10/A month
16. @1davidclarke Email cio@vciso.co for list of links
Email Passwords
• Gmail 2 Stage Authentication
• Password and a text
• Yahoo On time password
• They will text you new password
• If you have this Software nothing to remember FREE
17. @1davidclarke Email cio@vciso.co for list of links
List 1
1. Easy to Guess Passwords
2. Default Passwords
3. Disclosure of info via incorrect email address
4. Patch Management
5. Lost Devices
6. Double Clicking Attachment/URL
7. System Misconfiguration
18. @1davidclarke Email cio@vciso.co for list of links
Disclosure of Information
• https://www.prot-on.com/tryIt.html
Basic Version is Free
Easy to use ,Quick
Create a list of people allowed
to see document.
19. @1davidclarke Email cio@vciso.co for list of links
List 3
1. Easy to Guess Passwords
2. Default Passwords
3. Disclosure of info via incorrect email address
4. Patch Management
5. Lost Devices
6. Double Clicking Attachment/URL
7. System Misconfiguration
21. @1davidclarke Email cio@vciso.co for list of links
List 4
1. Easy to Guess Passwords
2. Default Passwords
3. Disclosure of info via incorrect email address
4. Patch Management
5. Lost Devices
6. Double Clicking Attachment/URL
7. System Misconfiguration
22. @1davidclarke Email cio@vciso.co for list of links
Lost Devices
• Mobile Phones
• Apple Icloud
• Lock/Phone/Track Phone
• Android
• Lock/Phone/Track Ring, Lock, or Erase AVG/Google
• https://www.avgmobilation.com/
23. @1davidclarke Email cio@vciso.co for list of links
Lost PC's
• Dropbox
• Sugarsync
• Google Drive
• Real Time Back Up
• Use Cloud encryption
PerfectCloud.io to Encrypt Free Account
24. @1davidclarke Email cio@vciso.co for list of links
List 5
1. Easy to Guess Passwords
2. Default Passwords
3. Disclosure of info via incorrect email address
4. Patch Management
5. Lost Devices
6. Double Clicking Attachment/URL
7. System Misconfiguration
25. @1davidclarke Email cio@vciso.co for list of links
Double Clicking Attachment/URL
• Use Gmail/Yahoo to filter out the Worst.
• Panda Security Plugin warns against sites
• http://www.pandasecurity.com/homeusers/downloads/wot/
• Chrome Safe Browsing enabled
26. @1davidclarke Email cio@vciso.co for list of links
Who are You Going To Call?
• https://www.cert.gov.uk/what-we-
do/responding-to-a-cyber-issue/getting-
help/
27. @1davidclarke Email cio@vciso.co for list of links
What Are you Going to do?
• https://www.malwarebytes.org/
• http://housecall.trendmicro.com/uk/
Am I really Vulnerable?
https://breachalarm.com
BreachAlarm monitors the Internet for your passwords being
compromised and posted online.
29. @1davidclarke Email cio@vciso.co for list of links
Bonus Slide
• Kids, Controlling Access.
• http://www.netgenie.net/global/ Around £100
• Free SIEM Security Incident Event Managment
• https://siemless.com/
• Take Credit Cards with Free CC Reader
• https://www.izettle.com/gb/service
• Free Invoicing on The Web
• https://www.waveapps.com/
30. @1davidclarke Email cio@vciso.co for list of links
• Breach Legislation, IT or Legal?
• " the proposed regulation of up to 5% of
annual worldwide turnover, or €100"
31. @1davidclarke Email cio@vciso.co for list of links
• Information Sharing , Who,When, How
• "The ICO has imposed a monetary penalty
of £200000 on the British Pregnancy
Advice Service (BPAS) for exposing
thousands of personal"
32. @1davidclarke Email cio@vciso.co for list of links
• Compliance is the best protection?
• "Resistance is futile" Gartner
• "Brighton and Sussex University Hospitals NHS
Trust fined £325k after hard drives with highly-
sensitive patient data were sold on eBay, - "
33. @1davidclarke Email cio@vciso.co for list of links
• Best Practice or is this Compliance ?
• "The ICO can issue fines of up to
£500,000 for serious breaches of the Data
Protection Act and Privacy and Electronic
Communications Regulations." ICO
34. @1davidclarke Email cio@vciso.co for list of links
• Incident Response,Strategy
• "There are two kinds of big companies in the
U.S. Those who’ve been hacked by the Chinese
and those who don’t know they’ve been hacked.”
FBI