SlideShare a Scribd company logo

The CISO’s Guide to Being Human

C
Clearswift

The document discusses how human error is a major cause of data breaches and security incidents, despite malicious hacking being the primary threat. It notes that 97% of breaches were avoidable through basic controls and outlines strategies for organizations to help prevent accidental data leakage by employees, such as creating clear security policies, providing regular security awareness training, and avoiding overly long checklists of rules.

Technology
Related topics:
Data Security
1 of 22
Downloaded 13 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
The CISO’s Guide to Being Human How to prevent and cope with accidental data leakage
The CISO’s guide to being human The issue of data security is becoming ever more pressing for the public and private sectors: • Sensitive data that has been lost or leaked by Britain’s private and public sectors has risen by 1,014% between August 2007 and August 2012 • From 2011/2012, the UK logged 821 data breaches • 58% of IT professionals polled by Computer Weekly admit to not using Data Loss Protection products SOURCE: The Register2012 Verizon Data Breach Investigation Report While malicious hacking is the number one threat to your data security, there is one element that still accounts for making much of it possible – staff making mistakes that can lead to costly data leakage...
The CISO’s guide to being human The issue of data security is becoming ever more pressing for the public and private sectors: • Sensitive data that has been lost or leaked by Britain’s private and public sectors has risen by 1,014% between August 2007 and August 2012 • From 2011/2012, the UK logged 821 data breaches • 58% of IT professionals polled by Computer Weekly admit to not using Data Loss Protection products SOURCE: The Register2012 Verizon Data Breach Investigation Report While malicious hacking is the number one threat to your data security, there is one element that still accounts for making much of it possible – staff making mistakes that can lead to costly data leakage... 97% 97% of breaches were avoidable through simple or intermediate controls
According to ISACA’s 2012 Governance of Enterprise IT (GEIT) Survey of over 3,700 of its members, of the security challenges that a company is likely to face in the next 12 months:
According to ISACA’s 2012 Governance of Enterprise IT (GEIT) Survey of over 3,700 of its members, of the security challenges that a company is likely to face in the next 12 months: 16% 16% will be mistakes made by employees 13% 13% will be incidents relating to employees’ personal devices (BYOD)
According to ISACA’s 2012 Governance of Enterprise IT (GEIT) Survey of over 3,700 of its members, of the security challenges that a company is likely to face in the next 12 months: 16% 16% will be mistakes made by employees 13% 13% will be incidents relating to employees’ personal devices (BYOD) VIEW INFOGRAPHIC
According to ISACA’s 2012 Governance of Enterprise IT (GEIT) Survey of over 3,700 of its members, of the security challenges that a company is likely to face in the next 12 months: 16% 16% will be mistakes made by employees 13% 13% will be incidents relating to employees’ personal devices (BYOD) But are companies doing enough to tackle data compliance issues? According to the same report: • Nearly 1/4 of respondents said management’s level of involvement in governance is low • 49% of enterprises will be increasing investments in IT over the next 12 months. But will they be increasing their data security budgets too? VIEW INFOGRAPHIC
SOURCE: FlashRouters, Mashable While DLP solutions are available, there are several basic lessons that can be instilled into staff to act as your first line of defense against data leakage: • More than 60% of people use the same password across a multitude of accounts; this can make life easy for hackers • Use a secure password generator that will create difficult-to-crack passwords http://www.pctools.com/guides/password/ Facepalm Passwords According to SplashData, the worst passwords of 2012 were: 5. ‘qwerty’ 4. ‘abc123’ 3. ‘12345678’ 2. ‘123456’ 1. ‘password’
SOURCE: FlashRouters, Mashable While DLP solutions are available, there are several basic lessons that can be instilled into staff to act as your first line of defense against data leakage: • More than 60% of people use the same password across a multitude of accounts; this can make life easy for hackers • Use a secure password generator that will create difficult-to-crack passwords http://www.pctools.com/guides/password/ Facepalm Passwords According to SplashData, the worst passwords of 2012 were: 5. ‘qwerty’ 4. ‘abc123’ 3. ‘12345678’ 2. ‘123456’ 1. ‘password’ Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months. Clifford Stoll, data security guru
“Speared by phishing” SOURCE: Websense, Mashable SOURCE: Verizon Spear-phishing is the latest trend in sucker- punching naive employees; it’s the specific targeting of particular groups or individuals via socially-engineered content: • Combat phishing through employee education. Facebook holds an annual ‘Hacktober’ where employees are treated to simulated security threats for a month. Those who report fake phishing attempts and other security attacks are given prizes – while those who fail to do so are given further training.
“Speared by phishing” SOURCE: Websense, Mashable SOURCE: Verizon Spear-phishing is the latest trend in sucker- punching naive employees; it’s the specific targeting of particular groups or individuals via socially-engineered content: • Combat phishing through employee education. Facebook holds an annual ‘Hacktober’ where employees are treated to simulated security threats for a month. Those who report fake phishing attempts and other security attacks are given prizes – while those who fail to do so are given further training. 84% 84% of victims unknowingly possessed evidence of a breach in their logs 2012 Verizon Data Breach Investigation Report
Research has revealed that half of the surveyed companies had lost a device with important business data on it, causing security implications for over a fifth of organizations. If correct encryption procedures had been followed, such security implications would have been eliminated. [SOURCE: Business Computing World]
Research has revealed that half of the surveyed companies had lost a device with important business data on it, causing security implications for over a fifth of organizations. If correct encryption procedures had been followed, such security implications would have been eliminated. [SOURCE: Business Computing World] Encrypt laptops, mobile devices and removable media to ensure that if tech is lost out in the field (or in a pub), its data remains inaccessible.
[SOURCE: Ernst Young] Take extra care... … and consider controlling the use of removable media such as USB flash drives – and enforce the ban by using software that will not allow unauthorized drives to be accessed when plugged in.
[SOURCE: Ernst Young] Worst case scenario An international oil and gas company lost an unencrypted laptop containing the personal information of 13,000 US individuals including their names, Social Security numbers and addresses. The sting in the tail? The information lost was for claimants who had already filed against the company... Take extra care... … and consider controlling the use of removable media such as USB flash drives – and enforce the ban by using software that will not allow unauthorized drives to be accessed when plugged in.
[SOURCE: Ernst Young] Scorched Earth Policy Always have the ability to remotely wipe lost or stolen devices available to you as your last line of defense... Worst case scenario An international oil and gas company lost an unencrypted laptop containing the personal information of 13,000 US individuals including their names, Social Security numbers and addresses. The sting in the tail? The information lost was for claimants who had already filed against the company... Take extra care... … and consider controlling the use of removable media such as USB flash drives – and enforce the ban by using software that will not allow unauthorized drives to be accessed when plugged in.
“Being Human” Remember: serious data leakage could be caused by something as simple as sending an email to the wrong person by accident (auto-complete in the ‘To:’ field has made slips ups easier than ever). Help employees care about data compliance and leakage:
“Being Human” Remember: serious data leakage could be caused by something as simple as sending an email to the wrong person by accident (auto-complete in the ‘To:’ field has made slips ups easier than ever). Help employees care about data compliance and leakage: Create clear, understandable policies that list prohibited behaviors and what is expected from employees when it comes to handling company data
“Being Human” Remember: serious data leakage could be caused by something as simple as sending an email to the wrong person by accident (auto-complete in the ‘To:’ field has made slips ups easier than ever). Help employees care about data compliance and leakage: Create clear, understandable policies that list prohibited behaviors and what is expected from employees when it comes to handling company data Provide regular mandatory training on security awareness for employees – especially for those who are regularly handling highly sensitive data
“Being Human” Remember: serious data leakage could be caused by something as simple as sending an email to the wrong person by accident (auto-complete in the ‘To:’ field has made slips ups easier than ever). Help employees care about data compliance and leakage: Create clear, understandable policies that list prohibited behaviors and what is expected from employees when it comes to handling company data Avoid long, waffly checklists of dos and don’ts that don’t engage employees but simply turn them off Provide regular mandatory training on security awareness for employees – especially for those who are regularly handling highly sensitive data
“Being Human” Remember: serious data leakage could be caused by something as simple as sending an email to the wrong person by accident (auto-complete in the ‘To:’ field has made slips ups easier than ever). Help employees care about data compliance and leakage: Create clear, understandable policies that list prohibited behaviors and what is expected from employees when it comes to handling company data Avoid long, waffly checklists of dos and don’ts that don’t engage employees but simply turn them off Provide regular mandatory training on security awareness for employees – especially for those who are regularly handling highly sensitive data If a new data threat emerges, keep staff informed so they know what to look for
Return to our Cyber Hub for more useful content VISIT NOW!

More Related Content

PPT
Managing insider threat
milliemill
 
PPTX
Case study presentation
englettk
 
PDF
DATA PROTECTION & BREACH READINESS GUIDE 2014
- Mark - Fullbright
 
PDF
InformationSecurity_11141
sraina2
 
PDF
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud
 
PDF
2010 report data security survey
Carlo Del Bo
 
PDF
IRJET- Data Leak Prevention System: A Survey
IRJET Journal
 
PDF
wp-us-cities-exposed
Numaan Huq
 
Managing insider threat
milliemill
 
Case study presentation
englettk
 
DATA PROTECTION & BREACH READINESS GUIDE 2014
- Mark - Fullbright
 
InformationSecurity_11141
sraina2
 
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud
 
2010 report data security survey
Carlo Del Bo
 
IRJET- Data Leak Prevention System: A Survey
IRJET Journal
 
wp-us-cities-exposed
Numaan Huq
 

What's hot (20)

PDF
The Top Ten Insider Threats And How To Prevent Them
Enterprise Technology Management (ETM)
 
PDF
Cybersecurity: The New Priority for Business
Leanne Fuith
 
PDF
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
FitCEO, Inc. (FCI)
 
PDF
A foundation for breach data analysis
Alexander Decker
 
PDF
Clearswift f5 information_visibility_reducing_business_risk_whitepaper
Marco Essomba
 
PDF
2014 ota databreachguide4
Meg Weber
 
PPTX
Corporate Data: A Protected Asset or a Ticking Time Bomb?
Varonis
 
PDF
Portal Authentication: A Balancing Act Between Security Usability and Complia...
PortalGuard
 
PDF
5 Technology Trends Construction Contractors Can't Afford To Ignore
Gross, Mendelsohn & Associates
 
PDF
The growing mandatory requirements to protect data- secure PostgreSQL
Rajni Baliyan
 
PDF
Keep Student information protected while improving services
CloudMask inc.
 
PDF
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC
 
PDF
White Paper - Nuix Cybersecurity - US Localized
Stuart Clarke
 
PDF
3rd Part Cyber Risk Report - 2018
NormShield
 
PDF
WhiteHat’s Website Security Statistics Report 2015
Jeremiah Grossman
 
PDF
Cybersecurity update 12
Jim Kaplan CIA CFE
 
PPTX
Data Security for Nonprofits
NPowerCR
 
PDF
Forcepoint Whitepaper 2016 Security Predictions
Kim Jensen
 
PDF
Top 6 things_small_businesses_q12015
anpapathanasiou
 
PDF
Secure Wall - how should companies protect themselves from cyber crime?
Browne Jacobson LLP
 
The Top Ten Insider Threats And How To Prevent Them
Enterprise Technology Management (ETM)
 
Cybersecurity: The New Priority for Business
Leanne Fuith
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
FitCEO, Inc. (FCI)
 
A foundation for breach data analysis
Alexander Decker
 
Clearswift f5 information_visibility_reducing_business_risk_whitepaper
Marco Essomba
 
2014 ota databreachguide4
Meg Weber
 
Corporate Data: A Protected Asset or a Ticking Time Bomb?
Varonis
 
Portal Authentication: A Balancing Act Between Security Usability and Complia...
PortalGuard
 
5 Technology Trends Construction Contractors Can't Afford To Ignore
Gross, Mendelsohn & Associates
 
The growing mandatory requirements to protect data- secure PostgreSQL
Rajni Baliyan
 
Keep Student information protected while improving services
CloudMask inc.
 
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC
 
White Paper - Nuix Cybersecurity - US Localized
Stuart Clarke
 
3rd Part Cyber Risk Report - 2018
NormShield
 
WhiteHat’s Website Security Statistics Report 2015
Jeremiah Grossman
 
Cybersecurity update 12
Jim Kaplan CIA CFE
 
Data Security for Nonprofits
NPowerCR
 
Forcepoint Whitepaper 2016 Security Predictions
Kim Jensen
 
Top 6 things_small_businesses_q12015
anpapathanasiou
 
Secure Wall - how should companies protect themselves from cyber crime?
Browne Jacobson LLP
 
Ad

Viewers also liked (6)

PPT
Security Services Diagram for PowerPoint by PoweredTemplate.com
PoweredTemplate.com
 
PDF
2010 za con_stephen_kreusch
Johan Klerk
 
PPTX
How classification augments data loss prevention
Watchful Software
 
PDF
The Definitive Guide to Data Loss Prevention
Digital Guardian
 
PPTX
Data leakage detection
Vikrant Arya
 
PPT
Data loss prevention (dlp)
Hussein Al-Sanabani
 
Security Services Diagram for PowerPoint by PoweredTemplate.com
PoweredTemplate.com
 
2010 za con_stephen_kreusch
Johan Klerk
 
How classification augments data loss prevention
Watchful Software
 
The Definitive Guide to Data Loss Prevention
Digital Guardian
 
Data leakage detection
Vikrant Arya
 
Data loss prevention (dlp)
Hussein Al-Sanabani
 
Ad

Similar to The CISO’s Guide to Being Human (20)

PPTX
11 19-2015 - iasaca membership conference - the state of security
Matthew Pascucci
 
PPTX
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Rishi Singh
 
PPTX
Microsoft DATA Protection To Put secure.
jayceewong1
 
PDF
Securité : Le rapport 2Q de la X-Force
Patrick Bouillaud
 
PDF
IBM X-Force.PDF
Ban Selvakumar
 
PDF
1. introduction to cyber security
Animesh Roy
 
PPTX
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Eric Vanderburg
 
PDF
A Survey On Data Leakage Detection
IJERA Editor
 
PDF
5 Questions Executives Should Be Asking Their Security Teams
Arun Chinnaraju MBA, PMP, CSM, CSPO, SA
 
PDF
DataGravity Security Pop Quiz
DataGravity
 
PDF
INT 1010 07-4.pdf
Luis R Castellanos
 
PPTX
Need for Data Protection Training - How E-learning Can Help?
CommLab India – Rapid eLearning Solutions
 
PPTX
Information Security For Small Business
Julius Clark, CISSP, CISA
 
PPTX
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
dianadvo
 
PPTX
Information security
AlaaMahmoud108
 
PDF
Potential Advantages Of An Insider Attack
Susan Kennedy
 
PPSX
November 2017: Part 6
seadeloitte
 
PDF
Data loss prevention by using MRSH-v2 algorithm
IJECEIAES
 
PPT
Eileen Presentation
jc06442n
 
PPTX
Data breach
Burhan Ahmed
 
11 19-2015 - iasaca membership conference - the state of security
Matthew Pascucci
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Rishi Singh
 
Microsoft DATA Protection To Put secure.
jayceewong1
 
Securité : Le rapport 2Q de la X-Force
Patrick Bouillaud
 
IBM X-Force.PDF
Ban Selvakumar
 
1. introduction to cyber security
Animesh Roy
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Eric Vanderburg
 
A Survey On Data Leakage Detection
IJERA Editor
 
5 Questions Executives Should Be Asking Their Security Teams
Arun Chinnaraju MBA, PMP, CSM, CSPO, SA
 
DataGravity Security Pop Quiz
DataGravity
 
INT 1010 07-4.pdf
Luis R Castellanos
 
Need for Data Protection Training - How E-learning Can Help?
CommLab India – Rapid eLearning Solutions
 
Information Security For Small Business
Julius Clark, CISSP, CISA
 
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
dianadvo
 
Information security
AlaaMahmoud108
 
Potential Advantages Of An Insider Attack
Susan Kennedy
 
November 2017: Part 6
seadeloitte
 
Data loss prevention by using MRSH-v2 algorithm
IJECEIAES
 
Eileen Presentation
jc06442n
 
Data breach
Burhan Ahmed
 

Recently uploaded (20)

PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
project resource management chapter-09.pdf
ssuser00e6e21
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PDF
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
PPTX
A Presentation on Touch Screen Technology
memembruh336
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
project resource management chapter-09.pdf
ssuser00e6e21
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
A Presentation on Artificial Intelligence
memembruh336
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
A Presentation on Touch Screen Technology
memembruh336
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Approach and Philosophy of On baking technology
30anthuong17
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 

The CISO’s Guide to Being Human

  • 1. The CISO’s Guide to Being Human How to prevent and cope with accidental data leakage
  • 2. The CISO’s guide to being human The issue of data security is becoming ever more pressing for the public and private sectors: • Sensitive data that has been lost or leaked by Britain’s private and public sectors has risen by 1,014% between August 2007 and August 2012 • From 2011/2012, the UK logged 821 data breaches • 58% of IT professionals polled by Computer Weekly admit to not using Data Loss Protection products SOURCE: The Register2012 Verizon Data Breach Investigation Report While malicious hacking is the number one threat to your data security, there is one element that still accounts for making much of it possible – staff making mistakes that can lead to costly data leakage...
  • 3. The CISO’s guide to being human The issue of data security is becoming ever more pressing for the public and private sectors: • Sensitive data that has been lost or leaked by Britain’s private and public sectors has risen by 1,014% between August 2007 and August 2012 • From 2011/2012, the UK logged 821 data breaches • 58% of IT professionals polled by Computer Weekly admit to not using Data Loss Protection products SOURCE: The Register2012 Verizon Data Breach Investigation Report While malicious hacking is the number one threat to your data security, there is one element that still accounts for making much of it possible – staff making mistakes that can lead to costly data leakage... 97% 97% of breaches were avoidable through simple or intermediate controls
  • 4. According to ISACA’s 2012 Governance of Enterprise IT (GEIT) Survey of over 3,700 of its members, of the security challenges that a company is likely to face in the next 12 months:
  • 5. According to ISACA’s 2012 Governance of Enterprise IT (GEIT) Survey of over 3,700 of its members, of the security challenges that a company is likely to face in the next 12 months: 16% 16% will be mistakes made by employees 13% 13% will be incidents relating to employees’ personal devices (BYOD)
  • 6. According to ISACA’s 2012 Governance of Enterprise IT (GEIT) Survey of over 3,700 of its members, of the security challenges that a company is likely to face in the next 12 months: 16% 16% will be mistakes made by employees 13% 13% will be incidents relating to employees’ personal devices (BYOD) VIEW INFOGRAPHIC
  • 7. According to ISACA’s 2012 Governance of Enterprise IT (GEIT) Survey of over 3,700 of its members, of the security challenges that a company is likely to face in the next 12 months: 16% 16% will be mistakes made by employees 13% 13% will be incidents relating to employees’ personal devices (BYOD) But are companies doing enough to tackle data compliance issues? According to the same report: • Nearly 1/4 of respondents said management’s level of involvement in governance is low • 49% of enterprises will be increasing investments in IT over the next 12 months. But will they be increasing their data security budgets too? VIEW INFOGRAPHIC
  • 8. SOURCE: FlashRouters, Mashable While DLP solutions are available, there are several basic lessons that can be instilled into staff to act as your first line of defense against data leakage: • More than 60% of people use the same password across a multitude of accounts; this can make life easy for hackers • Use a secure password generator that will create difficult-to-crack passwords http://www.pctools.com/guides/password/ Facepalm Passwords According to SplashData, the worst passwords of 2012 were: 5. ‘qwerty’ 4. ‘abc123’ 3. ‘12345678’ 2. ‘123456’ 1. ‘password’
  • 9. SOURCE: FlashRouters, Mashable While DLP solutions are available, there are several basic lessons that can be instilled into staff to act as your first line of defense against data leakage: • More than 60% of people use the same password across a multitude of accounts; this can make life easy for hackers • Use a secure password generator that will create difficult-to-crack passwords http://www.pctools.com/guides/password/ Facepalm Passwords According to SplashData, the worst passwords of 2012 were: 5. ‘qwerty’ 4. ‘abc123’ 3. ‘12345678’ 2. ‘123456’ 1. ‘password’ Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months. Clifford Stoll, data security guru
  • 10. “Speared by phishing” SOURCE: Websense, Mashable SOURCE: Verizon Spear-phishing is the latest trend in sucker- punching naive employees; it’s the specific targeting of particular groups or individuals via socially-engineered content: • Combat phishing through employee education. Facebook holds an annual ‘Hacktober’ where employees are treated to simulated security threats for a month. Those who report fake phishing attempts and other security attacks are given prizes – while those who fail to do so are given further training.
  • 11. “Speared by phishing” SOURCE: Websense, Mashable SOURCE: Verizon Spear-phishing is the latest trend in sucker- punching naive employees; it’s the specific targeting of particular groups or individuals via socially-engineered content: • Combat phishing through employee education. Facebook holds an annual ‘Hacktober’ where employees are treated to simulated security threats for a month. Those who report fake phishing attempts and other security attacks are given prizes – while those who fail to do so are given further training. 84% 84% of victims unknowingly possessed evidence of a breach in their logs 2012 Verizon Data Breach Investigation Report
  • 12. Research has revealed that half of the surveyed companies had lost a device with important business data on it, causing security implications for over a fifth of organizations. If correct encryption procedures had been followed, such security implications would have been eliminated. [SOURCE: Business Computing World]
  • 13. Research has revealed that half of the surveyed companies had lost a device with important business data on it, causing security implications for over a fifth of organizations. If correct encryption procedures had been followed, such security implications would have been eliminated. [SOURCE: Business Computing World] Encrypt laptops, mobile devices and removable media to ensure that if tech is lost out in the field (or in a pub), its data remains inaccessible.
  • 14. [SOURCE: Ernst Young] Take extra care... … and consider controlling the use of removable media such as USB flash drives – and enforce the ban by using software that will not allow unauthorized drives to be accessed when plugged in.
  • 15. [SOURCE: Ernst Young] Worst case scenario An international oil and gas company lost an unencrypted laptop containing the personal information of 13,000 US individuals including their names, Social Security numbers and addresses. The sting in the tail? The information lost was for claimants who had already filed against the company... Take extra care... … and consider controlling the use of removable media such as USB flash drives – and enforce the ban by using software that will not allow unauthorized drives to be accessed when plugged in.
  • 16. [SOURCE: Ernst Young] Scorched Earth Policy Always have the ability to remotely wipe lost or stolen devices available to you as your last line of defense... Worst case scenario An international oil and gas company lost an unencrypted laptop containing the personal information of 13,000 US individuals including their names, Social Security numbers and addresses. The sting in the tail? The information lost was for claimants who had already filed against the company... Take extra care... … and consider controlling the use of removable media such as USB flash drives – and enforce the ban by using software that will not allow unauthorized drives to be accessed when plugged in.
  • 17. “Being Human” Remember: serious data leakage could be caused by something as simple as sending an email to the wrong person by accident (auto-complete in the ‘To:’ field has made slips ups easier than ever). Help employees care about data compliance and leakage:
  • 18. “Being Human” Remember: serious data leakage could be caused by something as simple as sending an email to the wrong person by accident (auto-complete in the ‘To:’ field has made slips ups easier than ever). Help employees care about data compliance and leakage: Create clear, understandable policies that list prohibited behaviors and what is expected from employees when it comes to handling company data
  • 19. “Being Human” Remember: serious data leakage could be caused by something as simple as sending an email to the wrong person by accident (auto-complete in the ‘To:’ field has made slips ups easier than ever). Help employees care about data compliance and leakage: Create clear, understandable policies that list prohibited behaviors and what is expected from employees when it comes to handling company data Provide regular mandatory training on security awareness for employees – especially for those who are regularly handling highly sensitive data
  • 20. “Being Human” Remember: serious data leakage could be caused by something as simple as sending an email to the wrong person by accident (auto-complete in the ‘To:’ field has made slips ups easier than ever). Help employees care about data compliance and leakage: Create clear, understandable policies that list prohibited behaviors and what is expected from employees when it comes to handling company data Avoid long, waffly checklists of dos and don’ts that don’t engage employees but simply turn them off Provide regular mandatory training on security awareness for employees – especially for those who are regularly handling highly sensitive data
  • 21. “Being Human” Remember: serious data leakage could be caused by something as simple as sending an email to the wrong person by accident (auto-complete in the ‘To:’ field has made slips ups easier than ever). Help employees care about data compliance and leakage: Create clear, understandable policies that list prohibited behaviors and what is expected from employees when it comes to handling company data Avoid long, waffly checklists of dos and don’ts that don’t engage employees but simply turn them off Provide regular mandatory training on security awareness for employees – especially for those who are regularly handling highly sensitive data If a new data threat emerges, keep staff informed so they know what to look for
  • 22. Return to our Cyber Hub for more useful content VISIT NOW!