SlideShare ist ein Scribd-Unternehmen logo

Data Protection, Humans and Common Sense

Als PPT, PDF herunterladen
U
usbcopynotify

Data Theft Prevention for the SME / SMB is more about humans, common sense and policies. Data Loss Prevention Software is just one of the means and definitely not the end.

Technologie
1 von 24
It is about common sense not software ! Data Theft Prevention for the SME. Data Protection … Keeping it simple.
Do you have important data on the computer ? • • • • • • Customer Information Technical Drawings / Source Code Financials / Employee Information Marketing / Contact Information Quotations / Agreements / Contracts Personal Information Data Protection … Keeping it simple.
What will happen if the data gets stolen ? • • • • • • Loss of Business Financial / Revenue Losses Productivity Losses Intellectual Property Losses Loss of Reputation Legal Liabilities Data Protection … Keeping it simple.
Cause of a Data Breach Root Cause of Data Breach 35% 36% Malicious or Criminal Attack System Glitch Human Factor 29% Data Breach Study 2013 – Ponemon Institute Data Protection … Keeping it simple.
Higher Risk of insider Data Theft. • • • • • Sudden resignation of employee / partner Employees joining competitors Family relations in competing company Staff starting their own similar business Employees being layed off / fired Data Protection … Keeping it simple.
Some Possible Signs of Data Theft • • • • Request for purchase of USB Pen Drives Working when no one else is there Personal Devices being brought to office Your information appearing in the public domain • Identical Products and all your customers being contacted suddenly Data Protection … Keeping it simple.
Common Ways of Copying Data • • • • • Physical Theft Print Outs USB, CD/DVDs, Hard Disks Laptops / Tablets / Smart Phones / Mobiles Internet / Remote Access / Messengers Data Protection … Keeping it simple.
Industry Wise Data Theft 3% 1%1% 2% 2% Distribution 17% 3% 3% 8% 14% 9% 11% 14% 12% Financial Public Services Retail Services Consumer Industrial Technology Communications Hospitality Pharmaceuticals Transportation Energy Healthcare Media Data Breach Study 2013 – Ponemon Institute Data Protection … Keeping it simple.
Costs of Data Breach • • • • Number of Records Breached : 26,586 Cost of Data Breach : Rs. 5.4 crores Average Notification Cost : Rs. 12 lacs Average Cost of Lost Business : Rs 1.5 crores Data Breach Study 2013 – Ponemon Institute Data Protection … Keeping it simple.
Legal Liability Cost • IT Act. (2008) – 43A : Compensation for failure to protect client data can be up to 5 crores. Data Protection … Keeping it simple.
Legal Liability Cost • IT Act. (2008) – 72A : Punishment for Disclosure of Information in Breach of Lawful Contract. – Imprisonment of 3 years and/or a fine up to Rs. 5 lacs. Data Protection … Keeping it simple.
So now what ? Do not think ‘software’ only ... Think first what happens to data in office. Data Protection … Keeping it simple.
Do you even know what data you have ? • • • • • Where is your data stored ? Which information is considered sensitive ? Who has access to it ? Do all PCs require all the data ? What about data on portable storage ? Data Protection … Keeping it simple.
Data Theft without software. (1) • Education of employees / contractors about IP / Company Data / Customer Data • Agreements and Understanding of Non Disclosure • Strict Action to non adherence of company policies Data Protection … Keeping it simple.
Data Theft without software. (2) • Secure Physical Devices / PCs / Laptops • Secure Offices Portable Storage Devices (USB , CD/DVDs) • Who can sit on which computer • Disallow Unauthorized Devices/PCs if possible. Data Protection … Keeping it simple.
You can not steal what is not there..!! • Archive / Backup Data not being used • Delete Data not being used Data Protection … Keeping it simple.
What about inventory ? • How many PCs / laptops ? • What is the h/w configuration of each PC ? • What is loaded on each PC - OS, software and data. ? • Inventory of removable / portable storage. • Inventory of portable modems. Data Protection … Keeping it simple.
What about the basic network ? • • • • • • Do you have a Server ? List of Machine Names / IP addresses Does everyone have user name / passwords Do you allow Remote Access ? Wifi / Wired ? Internet Connection Single Entry ?. Data Protection … Keeping it simple.
User Account Policies Dynamite against data theft. • • • • • • No empty / default passwords Passwords should expire Strong Passwords No Common Passwords. Privileges / Account Deletion Remote Access Data Protection … Keeping it simple.
Reckless Wireless Routers. • • • • • No SSID Broadcast No Wireless Configuration MacIDs User Name / Password Security Change Default Password Data Protection … Keeping it simple.
‘MUST’ Software • Anti Virus / Anti Malware / Anti Spam / Anti Phishing Software • Regular Updates of AV / Operating Systems • Regular Patches of OS and Software • User Access / Privilege Management Data Protection … Keeping it simple.
But Anti Virus is NOT enough to stop employees stealing data ! Data Protection … Keeping it simple.
Stepping towards Basic DLP. • Internet Access Control – Websites, Protocols, Firewalls, Proxies • Device Control – USB , CD/DVDs, Modems , Blue tooth • Upload of Data – Browser Based Uploads • Encryption Data Protection … Keeping it simple.
Humans, Common Sense and Policies ! It will surely help – all the best ! Data Protection … Keeping it simple.

Empfohlen

Hem infotech company profile
Hem infotech company profileHem infotech company profile
Hem infotech company profileHem Infotech
 
Data protection and security
Data protection and securityData protection and security
Data protection and securitysamina khan
 
VTU - MIS Module 8 - Security and Ethical Challenges
VTU - MIS Module 8 - Security and Ethical ChallengesVTU - MIS Module 8 - Security and Ethical Challenges
VTU - MIS Module 8 - Security and Ethical ChallengesPriya Diana Mercy
 
Ecommerce Security
Ecommerce SecurityEcommerce Security
Ecommerce SecurityRebecca Jones
 
Data enrichment
Data enrichmentData enrichment
Data enrichmentFabMinds
 
Pharmaceutical companies and security
Pharmaceutical companies and securityPharmaceutical companies and security
Pharmaceutical companies and securityJuliette Foine
 
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf... Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...Information Security Awareness Group
 
Chapter 8 securing information systems MIS
Chapter 8 securing information systems MISChapter 8 securing information systems MIS
Chapter 8 securing information systems MISAmirul Shafiq Ahmad Zuperi
 

Empfohlen

Hem infotech company profile
Hem infotech company profileHem infotech company profile
Hem infotech company profileHem Infotech
 
Data protection and security
Data protection and securityData protection and security
Data protection and securitysamina khan
 
VTU - MIS Module 8 - Security and Ethical Challenges
VTU - MIS Module 8 - Security and Ethical ChallengesVTU - MIS Module 8 - Security and Ethical Challenges
VTU - MIS Module 8 - Security and Ethical ChallengesPriya Diana Mercy
 
Ecommerce Security
Ecommerce SecurityEcommerce Security
Ecommerce SecurityRebecca Jones
 
Data enrichment
Data enrichmentData enrichment
Data enrichmentFabMinds
 
Pharmaceutical companies and security
Pharmaceutical companies and securityPharmaceutical companies and security
Pharmaceutical companies and securityJuliette Foine
 
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf... Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...Information Security Awareness Group
 
Chapter 8 securing information systems MIS
Chapter 8 securing information systems MISChapter 8 securing information systems MIS
Chapter 8 securing information systems MISAmirul Shafiq Ahmad Zuperi
 
Mobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniMobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniDr Raghu Khimani
 
Chapter1
Chapter1Chapter1
Chapter1charwendel
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceJeff Lemmermann
 
Session#7; securing information systems
Session#7; securing information systemsSession#7; securing information systems
Session#7; securing information systemsOmid Aminzadeh Gohari
 
Information security
Information securityInformation security
Information securityLJ PROJECTS
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
needforsecurity
needforsecurityneedforsecurity
needforsecurityDavid Joao Vieira Carvalho
 
MIS 21 Security and Ethical Challenges
MIS 21 Security and Ethical ChallengesMIS 21 Security and Ethical Challenges
MIS 21 Security and Ethical ChallengesTushar B Kute
 
Ethics and information security 2
Ethics and information security 2Ethics and information security 2
Ethics and information security 2PT Bank Syariah Mandiri
 
Byod
ByodByod
Byodstormshadow24
 
Ctc rick ryan prezi 3 2016
Ctc rick ryan prezi 3 2016Ctc rick ryan prezi 3 2016
Ctc rick ryan prezi 3 2016Courtney King
 
Hki tsecuritysolutionsv1.1
Hki tsecuritysolutionsv1.1Hki tsecuritysolutionsv1.1
Hki tsecuritysolutionsv1.1HK IT solutions... unlimited...
 
Data Protection Presentation
Data Protection PresentationData Protection Presentation
Data Protection PresentationIBM Business Insight
 
Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Donald E. Hester
 
Information Technology policy
Information Technology policyInformation Technology policy
Information Technology policymarindi
 
DLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The ChallengesDLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The ChallengesNapier University
 
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideFLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideBlack Duck by Synopsys
 
e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6annwhyjay
 
IoT_Structure
IoT_StructureIoT_Structure
IoT_StructureBrandon Walston
 
Office 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and UseOffice 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and UseTechSoup
 
11 Cybersecurity Tips to stay safe online
11 Cybersecurity Tips to stay safe online11 Cybersecurity Tips to stay safe online
11 Cybersecurity Tips to stay safe onlineScott Schober
 
Identity Theft Prevention
Identity Theft PreventionIdentity Theft Prevention
Identity Theft PreventionAlan Greggo
 

Weitere ähnliche Inhalte

Was ist angesagt?

Mobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniMobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniDr Raghu Khimani
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceJeff Lemmermann
 
Session#7; securing information systems
Session#7; securing information systemsSession#7; securing information systems
Session#7; securing information systemsOmid Aminzadeh Gohari
 
Information security
Information securityInformation security
Information securityLJ PROJECTS
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
MIS 21 Security and Ethical Challenges
MIS 21 Security and Ethical ChallengesMIS 21 Security and Ethical Challenges
MIS 21 Security and Ethical ChallengesTushar B Kute
 
Ctc rick ryan prezi 3 2016
Ctc rick ryan prezi 3 2016Ctc rick ryan prezi 3 2016
Ctc rick ryan prezi 3 2016Courtney King
 
Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Donald E. Hester
 
Information Technology policy
Information Technology policyInformation Technology policy
Information Technology policymarindi
 
DLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The ChallengesDLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The ChallengesNapier University
 
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideFLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideBlack Duck by Synopsys
 
e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6annwhyjay
 
Office 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and UseOffice 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and UseTechSoup
 

Was ist angesagt? (20)

Mobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniMobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu Khimani
 
Chapter1
Chapter1Chapter1
Chapter1
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 Conference
 
Session#7; securing information systems
Session#7; securing information systemsSession#7; securing information systems
Session#7; securing information systems
 
Information security
Information securityInformation security
Information security
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
needforsecurity
needforsecurityneedforsecurity
needforsecurity
 
MIS 21 Security and Ethical Challenges
MIS 21 Security and Ethical ChallengesMIS 21 Security and Ethical Challenges
MIS 21 Security and Ethical Challenges
 
Ethics and information security 2
Ethics and information security 2Ethics and information security 2
Ethics and information security 2
 
Byod
ByodByod
Byod
 
Ctc rick ryan prezi 3 2016
Ctc rick ryan prezi 3 2016Ctc rick ryan prezi 3 2016
Ctc rick ryan prezi 3 2016
 
Hki tsecuritysolutionsv1.1
Hki tsecuritysolutionsv1.1Hki tsecuritysolutionsv1.1
Hki tsecuritysolutionsv1.1
 
Data Protection Presentation
Data Protection PresentationData Protection Presentation
Data Protection Presentation
 
Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001
 
Information Technology policy
Information Technology policyInformation Technology policy
Information Technology policy
 
DLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The ChallengesDLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The Challenges
 
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideFLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
 
e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6
 
IoT_Structure
IoT_StructureIoT_Structure
IoT_Structure
 
Office 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and UseOffice 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and Use
 

Andere mochten auch

11 Cybersecurity Tips to stay safe online
11 Cybersecurity Tips to stay safe online11 Cybersecurity Tips to stay safe online
11 Cybersecurity Tips to stay safe onlineScott Schober
 
Identity Theft Prevention
Identity Theft PreventionIdentity Theft Prevention
Identity Theft PreventionAlan Greggo
 
History of Computer Virus
History of Computer Virus History of Computer Virus
History of Computer Virus Ammy Vijay
 
15 Tips to Protect Yourself from Cyber Attacks
15 Tips to Protect Yourself from Cyber Attacks15 Tips to Protect Yourself from Cyber Attacks
15 Tips to Protect Yourself from Cyber AttacksThe eCore Group
 
presentation on computer virus
presentation on computer viruspresentation on computer virus
presentation on computer virusYogesh Singh Rawat
 
Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)ainizbahari97
 
Computer Virus powerpoint presentation
Computer Virus powerpoint presentationComputer Virus powerpoint presentation
Computer Virus powerpoint presentationshohrabkhan
 
ANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationabhijit chintamani
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.pptAeman Khan
 

Andere mochten auch (10)

11 Cybersecurity Tips to stay safe online
11 Cybersecurity Tips to stay safe online11 Cybersecurity Tips to stay safe online
11 Cybersecurity Tips to stay safe online
 
Identity Theft Prevention
Identity Theft PreventionIdentity Theft Prevention
Identity Theft Prevention
 
History of Computer Virus
History of Computer Virus History of Computer Virus
History of Computer Virus
 
15 Tips to Protect Yourself from Cyber Attacks
15 Tips to Protect Yourself from Cyber Attacks15 Tips to Protect Yourself from Cyber Attacks
15 Tips to Protect Yourself from Cyber Attacks
 
presentation on computer virus
presentation on computer viruspresentation on computer virus
presentation on computer virus
 
Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)
 
Presentation on computer viruses
Presentation on computer virusesPresentation on computer viruses
Presentation on computer viruses
 
Computer Virus powerpoint presentation
Computer Virus powerpoint presentationComputer Virus powerpoint presentation
Computer Virus powerpoint presentation
 
ANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentation
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.ppt
 

Ähnlich wie Data Protection, Humans and Common Sense

Security in the enterprise - Why You Need It
Security in the enterprise - Why You Need ItSecurity in the enterprise - Why You Need It
Security in the enterprise - Why You Need ItSlick Cyber Systems
 
Security 101 for No- techies
Security 101 for No- techiesSecurity 101 for No- techies
Security 101 for No- techiesBrenton Johnson
 
Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"Sean Bradley
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
IT Security: What an In-Plant Print Center Needs to Know
IT Security: What an In-Plant Print Center Needs to KnowIT Security: What an In-Plant Print Center Needs to Know
IT Security: What an In-Plant Print Center Needs to KnowRochester Software Associates
 
Logs in Security and Compliance flare
Logs in Security and Compliance flareLogs in Security and Compliance flare
Logs in Security and Compliance flarezilberberg
 
Privacy for tech startups
Privacy for tech startups Privacy for tech startups
Privacy for tech startups Marc Gallardo
 
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...infoLock Technologies
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud IBM Security
 
Data compliance - get it right the first time (Black/White printable PDF)
Data compliance - get it right the first time (Black/White printable PDF)Data compliance - get it right the first time (Black/White printable PDF)
Data compliance - get it right the first time (Black/White printable PDF)Peter GEELEN ✔
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyStorage Switzerland
 
Basic_computerHygiene
Basic_computerHygieneBasic_computerHygiene
Basic_computerHygieneEricK Gasana
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Precisely
 
Data compliance - get it right the first time (Full color PDF)
Data compliance - get it right the first time (Full color PDF)Data compliance - get it right the first time (Full color PDF)
Data compliance - get it right the first time (Full color PDF)Peter GEELEN ✔
 
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...Data Con LA
 
Community IT Innovators - IT Security Best Practices
Community IT Innovators - IT Security Best PracticesCommunity IT Innovators - IT Security Best Practices
Community IT Innovators - IT Security Best PracticesCommunity IT Innovators
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?Barry Caplin
 

Ähnlich wie Data Protection, Humans and Common Sense (20)

BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPBREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAP
 
Security in the enterprise - Why You Need It
Security in the enterprise - Why You Need ItSecurity in the enterprise - Why You Need It
Security in the enterprise - Why You Need It
 
Security 101 for No- techies
Security 101 for No- techiesSecurity 101 for No- techies
Security 101 for No- techies
 
Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from Symantec
 
Privacy, Encryption, and Anonymity in the Civil Legal Aid Context
Privacy, Encryption, and Anonymity in the Civil Legal Aid ContextPrivacy, Encryption, and Anonymity in the Civil Legal Aid Context
Privacy, Encryption, and Anonymity in the Civil Legal Aid Context
 
IT Security: What an In-Plant Print Center Needs to Know
IT Security: What an In-Plant Print Center Needs to KnowIT Security: What an In-Plant Print Center Needs to Know
IT Security: What an In-Plant Print Center Needs to Know
 
Logs in Security and Compliance flare
Logs in Security and Compliance flareLogs in Security and Compliance flare
Logs in Security and Compliance flare
 
Privacy for tech startups
Privacy for tech startups Privacy for tech startups
Privacy for tech startups
 
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud
 
Data compliance - get it right the first time (Black/White printable PDF)
Data compliance - get it right the first time (Black/White printable PDF)Data compliance - get it right the first time (Black/White printable PDF)
Data compliance - get it right the first time (Black/White printable PDF)
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
 
Can You Tell Me About Some Effective Ways to Prevent Data Leakage?
Can You Tell Me About Some Effective Ways to Prevent Data Leakage?Can You Tell Me About Some Effective Ways to Prevent Data Leakage?
Can You Tell Me About Some Effective Ways to Prevent Data Leakage?
 
Basic_computerHygiene
Basic_computerHygieneBasic_computerHygiene
Basic_computerHygiene
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
 
Data compliance - get it right the first time (Full color PDF)
Data compliance - get it right the first time (Full color PDF)Data compliance - get it right the first time (Full color PDF)
Data compliance - get it right the first time (Full color PDF)
 
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
 
Community IT Innovators - IT Security Best Practices
Community IT Innovators - IT Security Best PracticesCommunity IT Innovators - IT Security Best Practices
Community IT Innovators - IT Security Best Practices
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
 

Kürzlich hochgeladen

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 

Kürzlich hochgeladen (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

Data Protection, Humans and Common Sense

  • 1. It is about common sense not software ! Data Theft Prevention for the SME. Data Protection … Keeping it simple.
  • 2. Do you have important data on the computer ? • • • • • • Customer Information Technical Drawings / Source Code Financials / Employee Information Marketing / Contact Information Quotations / Agreements / Contracts Personal Information Data Protection … Keeping it simple.
  • 3. What will happen if the data gets stolen ? • • • • • • Loss of Business Financial / Revenue Losses Productivity Losses Intellectual Property Losses Loss of Reputation Legal Liabilities Data Protection … Keeping it simple.
  • 4. Cause of a Data Breach Root Cause of Data Breach 35% 36% Malicious or Criminal Attack System Glitch Human Factor 29% Data Breach Study 2013 – Ponemon Institute Data Protection … Keeping it simple.
  • 5. Higher Risk of insider Data Theft. • • • • • Sudden resignation of employee / partner Employees joining competitors Family relations in competing company Staff starting their own similar business Employees being layed off / fired Data Protection … Keeping it simple.
  • 6. Some Possible Signs of Data Theft • • • • Request for purchase of USB Pen Drives Working when no one else is there Personal Devices being brought to office Your information appearing in the public domain • Identical Products and all your customers being contacted suddenly Data Protection … Keeping it simple.
  • 7. Common Ways of Copying Data • • • • • Physical Theft Print Outs USB, CD/DVDs, Hard Disks Laptops / Tablets / Smart Phones / Mobiles Internet / Remote Access / Messengers Data Protection … Keeping it simple.
  • 8. Industry Wise Data Theft 3% 1%1% 2% 2% Distribution 17% 3% 3% 8% 14% 9% 11% 14% 12% Financial Public Services Retail Services Consumer Industrial Technology Communications Hospitality Pharmaceuticals Transportation Energy Healthcare Media Data Breach Study 2013 – Ponemon Institute Data Protection … Keeping it simple.
  • 9. Costs of Data Breach • • • • Number of Records Breached : 26,586 Cost of Data Breach : Rs. 5.4 crores Average Notification Cost : Rs. 12 lacs Average Cost of Lost Business : Rs 1.5 crores Data Breach Study 2013 – Ponemon Institute Data Protection … Keeping it simple.
  • 10. Legal Liability Cost • IT Act. (2008) – 43A : Compensation for failure to protect client data can be up to 5 crores. Data Protection … Keeping it simple.
  • 11. Legal Liability Cost • IT Act. (2008) – 72A : Punishment for Disclosure of Information in Breach of Lawful Contract. – Imprisonment of 3 years and/or a fine up to Rs. 5 lacs. Data Protection … Keeping it simple.
  • 12. So now what ? Do not think ‘software’ only ... Think first what happens to data in office. Data Protection … Keeping it simple.
  • 13. Do you even know what data you have ? • • • • • Where is your data stored ? Which information is considered sensitive ? Who has access to it ? Do all PCs require all the data ? What about data on portable storage ? Data Protection … Keeping it simple.
  • 14. Data Theft without software. (1) • Education of employees / contractors about IP / Company Data / Customer Data • Agreements and Understanding of Non Disclosure • Strict Action to non adherence of company policies Data Protection … Keeping it simple.
  • 15. Data Theft without software. (2) • Secure Physical Devices / PCs / Laptops • Secure Offices Portable Storage Devices (USB , CD/DVDs) • Who can sit on which computer • Disallow Unauthorized Devices/PCs if possible. Data Protection … Keeping it simple.
  • 16. You can not steal what is not there..!! • Archive / Backup Data not being used • Delete Data not being used Data Protection … Keeping it simple.
  • 17. What about inventory ? • How many PCs / laptops ? • What is the h/w configuration of each PC ? • What is loaded on each PC - OS, software and data. ? • Inventory of removable / portable storage. • Inventory of portable modems. Data Protection … Keeping it simple.
  • 18. What about the basic network ? • • • • • • Do you have a Server ? List of Machine Names / IP addresses Does everyone have user name / passwords Do you allow Remote Access ? Wifi / Wired ? Internet Connection Single Entry ?. Data Protection … Keeping it simple.
  • 19. User Account Policies Dynamite against data theft. • • • • • • No empty / default passwords Passwords should expire Strong Passwords No Common Passwords. Privileges / Account Deletion Remote Access Data Protection … Keeping it simple.
  • 20. Reckless Wireless Routers. • • • • • No SSID Broadcast No Wireless Configuration MacIDs User Name / Password Security Change Default Password Data Protection … Keeping it simple.
  • 21. ‘MUST’ Software • Anti Virus / Anti Malware / Anti Spam / Anti Phishing Software • Regular Updates of AV / Operating Systems • Regular Patches of OS and Software • User Access / Privilege Management Data Protection … Keeping it simple.
  • 22. But Anti Virus is NOT enough to stop employees stealing data ! Data Protection … Keeping it simple.
  • 23. Stepping towards Basic DLP. • Internet Access Control – Websites, Protocols, Firewalls, Proxies • Device Control – USB , CD/DVDs, Modems , Blue tooth • Upload of Data – Browser Based Uploads • Encryption Data Protection … Keeping it simple.
  • 24. Humans, Common Sense and Policies ! It will surely help – all the best ! Data Protection … Keeping it simple.