1 of 29

Slide Notes

Welcome to the session on the human firewall, which is unfortunately a major risk to your business.

IoD Briefing - cybersecurity

A guide to cybersecurity and the issue of the human firewall which we all face in our businesses. @robmay70 @ramsac_ltd

PRESENTATION OUTLINE

IoD director briefing

cyber security is the biggest risk to your business
Welcome to the session on the human firewall, which is unfortunately a major risk to your business.

rob may

My name is Robert May and I am the managing director at ramsac, our mission is to make IT simple.

staff value?

your security
What cost is your IT security?

Survey for Infosec at Liverpool St Station

70% gave password

34% without bribe

79% gave info used for identity theft
Photo by comedy_nose

digital trail blazers

  • In 2016 23% of retail transactions in UK were online
  • Germany is half of that
  • G20 average is just 6%
  • One Tenth of GB Economy is online
23% of retail transactions online

Twice that of Germany our closest rival

In addition 1/10th of the British economy is online

We are digital streets ahead but with that comes Increased RISKS
Photo by phsymyst

it's BIG business

No one really knows the actual size of the cybercrime business but estimates are $3trn +

Cybercrime is now worth more than the international drugs trade.

It pays!

There are 3 types of business, those that have been breached, those that will be and those that will be again.
Photo by obviously_c

employee behaviour

the heart of the problem & the path to improved security
The thing we need to be acutely aware of is that the behaviour of our staff and colleagues is both the heart of the problem and also the path to improving the situation.
Photo by Nick Sherman

Untitled Slide

cyber in the boadroom

Photo by wohlford

education

Do you have an education program for this?

If so what does it look like, who runs it, who keeps up to date with the weekly changes and how effective is it?

policies

A word of caution, written policies are not enough, they are needed but please don't rely on them.

Leaders put 85% effort in to written content which has been shown to have a 3-5% impact on staff!

main focus today

The following are examples of some of the common themes your staff education needs to include.

malware

MAL-icious soft-WARE
MAL-icious soft-WARE

Viruses - reproducing software causing harm

Worms - move from machine to machine automatically

Trojans - disguised as useful but malicious

Don't browse the web as admin user
Make sure you have the latest Anti-Virus software
Have different accounts for all users
Use Proper passwords

social engineering

Photo by luc legay

password security

We ask for complex passwords for a reason
Don't write them down or store them in a clear text file.

Change your passwords at home too in the same way as you do on the corporate network.
Password protect your router!

email security

Talk to your staff about:

How to properly handle emails

What information to send via email

How to recognise fraud emails

Untitled Slide

This email sent to Sally is fake and she readily noticed this as she is aware that I don't have a gmail account.

Untitled Slide

One week later she got the same email but this time it looks like it is from me (note the email address).

Untitled Slide

In your email (assuming Outlook for this example) click File and choose Properties. Note the Internet Headers section.

Untitled Slide

As you can see, whilst the From: field is me, the X-Sender and the Reply-To fields most definitely aren't.

physical security

Photo by Louis Abate

mobile devices

These are an extension of the office

Enforce Passwords

Email

Avoid insecure wifi

Enable all security features.
Photo by eGuidry

phishing

Phishing is an email fishing for info

Fraud/misrepresentation

Phishing emails often use CAPS!

Generic sign off - customer service

If it looks Too good to be true.....
Photo by akeii

hotel scam

Photo by marcp_dmoz

brexit scam

Great example of a current scam is the pay rise scam and a similar post Brexit scam is based on redundancy nominations.
Photo by robpatrick

front door security

Photo by assortedstuff

before I wrap up

If you have any questions on this subject please feel free to get in touch. Contact me directly robert.may@ramsac.com or talk to your ramsac relationship manager.
Photo by Siebuhr

cyber awareness

Has to be a constant on-going exercise!
USA lists cyber crime as the NO 1 security threat to national security ahead of terrorism.

The education of your staff needs to be ongoing

A one off exercise or document is not going to protect you. You need to drip feed this info on an on-going basis.
Photo by OiMax

how do you determine value?

thank you!

Thank you for your time.

I hope that this information is useful.

Be safe!
Photo by swisscan