Ray Gasnick III of Miles Technologies discusses how to protect your business from a major cybersecurity incident. Areas covered include: - What areas constitute the human elements of cybersecurity - Best practices for combating social cyber attacks - Tips for promoting awareness and developing your physical security plan View the full webinar at https://www.youtube.com/watch?v=ScE3g3O6NdQ.

1. ElementsThat Comprise a “Secure Network”
Presenter: Ray Gasnick III
Director of IT Engineering
MilesTechnologies

3.  “Secure” networks aren’t just
those comprised of multi-
factor authentication
mechanisms and multiple
layers of firewalls.

4.  In the past 10 years per the Privacy Rights
Clearinghouse:
 534 breaches were due to insider access
 771 breaches were due to “accidental” disclosure
 1066 breaches were due to hacking or malware
 1822 breaches were due to physical loss
(electronic or non-electronic)
Source: http://www.privacyrights.org/data-breach/new

7.  The biggest risks to most
networks are NOT “evil”
hackers on the internet.
 Most compromises stem
from the users themselves
either misusing their
authority or “leaking” data
accidentally.

8.  In most organizations, access is
governed in a hierarchal fashion.
 Despite this, someone usually
has greater access due to
responsibility.
 The “honor” system is all that
governs this/these users.

9.  If a user isn’t entrusted with access to
sensitive data, he or she may be able to
coerce information leakage with
perceived authority.
 Examples:
 Name dropping of managers to subordinate
employees
 Downright requests for information by hiding
the real purpose

10.  Another very common method for
data leakage is social engineering.
 Takes on the form of:
 Calls
 Phishing Emails
 The most brazen would
show up in person

11.  Leverages some technique to coerce an
employee to divulge information:
 Tailgating
 Outright asking for
the information
 Perceived authority
 Assumed access
 Empathy
 All of these avenues of attack cannot be stopped
even with the most sophisticated firewalls in
the world.

12.  Everybody “assumes”
they could never be
duped into handing
over information from
a social attack.
 Awareness/Education
is the best method for
prevention.

13.  Smaller companies are less susceptible.
 There is generally a higher degree of awareness
when someone/something is out of the ordinary.
 Larger companies are more likely to fall victim to
social tactics.
 There is a higher degree of anonymity between
departments if they do not interact regularly.

14.  Distinguish employees from visitors
(badges, sign in sheet, etc.).
 Promote an environment where it is
acceptable to clarify when a request
sounds unusual.
 Ensure that sensitive “data” is
secured by some means.
 Ensure that those who are
custodians for sensitive data are
known.

15.  Employee awareness is the
best defense but it is not a
one-time deal.
 Recurring training sessions
are the best way to keep
secure practices fresh in
everyone’s minds.