SlideShare a Scribd company logo

Data Security For SMB - Fly first class on a budget

Flaskdata.io, profile picture
Flaskdata.io

The document discusses essential data security concerns for small and medium-sized businesses (SMBs), highlighting threats like insider theft, targeted attacks, and the inadequacies of anti-virus software and firewalls. It emphasizes the importance of protecting intellectual property and using professional services for hosting to mitigate risks. Additionally, it suggests implementing policies and training for employees to ensure the safety of digital assets.

1 of 19
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Data security for an SMB Fly first class on a budget Licensed under the Creative Commons Attribution License Danny Lieberman http://www.dannylieberman.info  dannyl@controlpolicy.com http://www.controlpolicy.com/     
“Any large company is made up of a large  number of small businesses.” Bill Gates, circa 1998.  Explaining why Microsoft workgroup products were a good fit for big enterprises.    
Agenda • What threats should concern an SMB? • SMB awareness of data security • Cultural factors • What data should an SMB protect? • Is anti-virus enough? • Is a firewall enough? • Servers in the office or in the cloud? • Planning for disasters • Fly first class for cheap    
•What threats should concern an SMB? • Data security is Ugly – Loss of IP • Trusted insider theft – Mail, Web, IM – Smart phones • Front-door attacks – Lost passwords makes it easy • Back-door attacks – Spyware, Trojans – Piggy back on legit sessions    
•SMB awareness of data security • Market research performed by Infowatch in September 09 – 99% of 190 SMBs were aware of data breach issues. Infowatch CEO Natalya Kaspersky   – Over half focused on IP protection    
Cultural factors • Americans – Rule-based – Technology – Lots of regulation that doesn't work • Europeans – Principles-based – Discipline – Regulation that appears to work    
•What data should an SMB protect? • Credit cards – Usually not an issue for SMB merchants • Most have less than 1 million transactions/year • Most outsource payment processing • Can comply to PCI DSS with a self-assessment • Intellectual property – A small firm can have extremely valuable IP • Manufacturer, design house, hi-tech startup • Designs, algorithms,commercial agreements • IP theft can put a SMB out of business    
Is anti-virus enough? • The good news – Good AV software can detect and prevent certain kinds of attacks that steal data • The bad news – Anti-virus software is worthless against trusted insiders, phishing, man-in-the- middle attacks.    
Is my firewall enough? • There is no good news – Firewall creates false sense of security – Cannot stop trusted insiders – Anyone can violate privacy of other employees – Cannot stop targeted Trojans from stealing data on open FTP or high- numbered ports • If you shut them down, employees will take their data home....    
In the office or in the cloud?  Wake up and smell the hummus – Hosting your own mail/Web servers in the office is a bad idea • Attracts attackers like flies to honey – Use service like Google Apps • They may read, but they won't steal    
Planning for disasters • Take regular backups • Use a professional hosting service – Calculate cost of loss of business – Spend the right amount • Build employee ERT – Emergency response team – Train once every 3 months – Know where the keys are    
Fly first class for cheap • Policy • Enforcement    
Fly first class for cheap • Policy: the 10 commandments are free. • An AUP reduces the number of employee options by default – No “opt-in” check box    
AUP read and understand agreement An Approved Usage Policy states that:  “Digital channels are to be used to further the  company’s business and improve customer service  and not for personal entertainment or gain”  “Employees will protect the company's digital and  physical assets”    
Digital Assets • Any computerized information that the firm uses to compete or accomplish it’s missions – Customer pricing – Intellectual property – Biz dev plans    
Enforcement • Corporate culture – A little fear in the workplace is not a bad idea  (Andy Grove) • Everyone signs, owner first • DLP “Light” – Mail and Web – Alert and/or block violations – SMB solutions available for $10k    
DLP “Light” for SMB Database File Server Server Interception SMTP HTTP Policies Alert or Block Reporting Forensics    
Coming attractions Register online for: • Oct 8: SMB data security • Oct 15: Data security as a business objective • Oct 22: A holistic approach to security and compliance http://www.controlpolicy.com/workshops/    
Learn more • Read the Data Security Blog http://www.software.co.il/wordpress/ • Presentation materials and resources http://www.controlpolicy.com/workshops/data-security-workshops/    

More Related Content

PDF
Writing An Effective Security Procedure in 2 pages or less and make it stick
Flaskdata.io
 
PDF
Protecting Data on Laptops
Product Marketing Services
 
PPTX
Limitations E - Commerce Security measures
Jeril Peter
 
PDF
Information Security: A mindset, not a product
jaymemcree
 
PDF
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
Rui Miguel Feio
 
PDF
Cyber security and the mainframe (v1.3)
Rui Miguel Feio
 
PDF
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Rui Miguel Feio
 
PDF
(2017) GDPR – What Does It Mean For The Mainframe v0.2
Rui Miguel Feio
 
Writing An Effective Security Procedure in 2 pages or less and make it stick
Flaskdata.io
 
Protecting Data on Laptops
Product Marketing Services
 
Limitations E - Commerce Security measures
Jeril Peter
 
Information Security: A mindset, not a product
jaymemcree
 
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
Rui Miguel Feio
 
Cyber security and the mainframe (v1.3)
Rui Miguel Feio
 
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Rui Miguel Feio
 
(2017) GDPR – What Does It Mean For The Mainframe v0.2
Rui Miguel Feio
 

What's hot (17)

PDF
IOT & BYOD – The New Security Risks (v1.1)
Rui Miguel Feio
 
PDF
(2017) Cybercrime, Inc. (v3.2)
Rui Miguel Feio
 
PDF
Security Audit on the Mainframe (v1.0 - 2016)
Rui Miguel Feio
 
PDF
Selling SaaS in a product world
SVPMA
 
PDF
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
Rui Miguel Feio
 
PPTX
Presentation infra and_datacentrre_dialogue_v2
Claus Cramon Houmann
 
PPTX
Yammer session
Ankit Kumar Saxena
 
PDF
Week 6
1140160
 
PDF
2017 - Data Privacy and GDPR (v1.1)
Rui Miguel Feio
 
PDF
Comprehensive Portfolio Management
Frisina & Smith
 
PPT
Fast-teks Remote Managed Services
Joe Hanold
 
PPTX
Webinar: Be Cyber Smart – Stories from the Trenches
Withum
 
PPTX
Selling to The IT Department
3VR Inc.
 
PDF
Designing a Base Building Network – The Integrator's Role
NJ_OTI
 
PPTX
Introduction presentation
ZipNFC
 
PDF
Security and SMBs
GFI Software
 
PPTX
Pace IT - Network Devices (part 2)
Pace IT at Edmonds Community College
 
IOT & BYOD – The New Security Risks (v1.1)
Rui Miguel Feio
 
(2017) Cybercrime, Inc. (v3.2)
Rui Miguel Feio
 
Security Audit on the Mainframe (v1.0 - 2016)
Rui Miguel Feio
 
Selling SaaS in a product world
SVPMA
 
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
Rui Miguel Feio
 
Presentation infra and_datacentrre_dialogue_v2
Claus Cramon Houmann
 
Yammer session
Ankit Kumar Saxena
 
Week 6
1140160
 
2017 - Data Privacy and GDPR (v1.1)
Rui Miguel Feio
 
Comprehensive Portfolio Management
Frisina & Smith
 
Fast-teks Remote Managed Services
Joe Hanold
 
Webinar: Be Cyber Smart – Stories from the Trenches
Withum
 
Selling to The IT Department
3VR Inc.
 
Designing a Base Building Network – The Integrator's Role
NJ_OTI
 
Introduction presentation
ZipNFC
 
Security and SMBs
GFI Software
 
Pace IT - Network Devices (part 2)
Pace IT at Edmonds Community College
 
Ad

Viewers also liked (20)

PPTX
The smb dilemma
SecureFLO, LLC
 
PPTX
7 Data Analytics Dashboards for Small Business
Trent Meyer
 
PPTX
How Big Data Can Enable Analytics from the Cloud (Technical Workshop)
Cloudera, Inc.
 
PDF
Get Featured: So You Want to be on the Front Page of SlideShare?
Venngage
 
PDF
The New CSS Layout - dotCSS
Rachel Andrew
 
PPTX
Holy Crap! You Can Get Fired For Social Media Posts?
Eric T. Tung
 
PDF
Design in Tech Report 2015
John Maeda
 
PDF
SpringOwl's 99 Page Presentation On How To Best Turnaround Yahoo!
Eric Jackson
 
PPTX
Search Ranking Factors in 2015
Rand Fishkin
 
PDF
What is strategy?
Dr. Marc Sniukas
 
PDF
Five Tips To Help You Tackle Programming
Wiley
 
PDF
State of Startups 2015
First Round Capital
 
PDF
How to build a great coding culture
Mark Halvorson
 
PDF
Blitzscaling Session 1: Household Stage
Greylock Partners
 
PDF
The Real Life Social Network v2
Paul Adams
 
PDF
A Product Manager's Job
joshelman
 
PDF
Visualising Data with Code
Ri Liu
 
PDF
Sass Code Reviews - How one code review changed my life #SassConf2015
Stacy Kvernmo
 
PDF
Final venture outlook 2016
Mark Suster
 
PDF
2016 A-Z Culture Glossary
sparks & honey
 
The smb dilemma
SecureFLO, LLC
 
7 Data Analytics Dashboards for Small Business
Trent Meyer
 
How Big Data Can Enable Analytics from the Cloud (Technical Workshop)
Cloudera, Inc.
 
Get Featured: So You Want to be on the Front Page of SlideShare?
Venngage
 
The New CSS Layout - dotCSS
Rachel Andrew
 
Holy Crap! You Can Get Fired For Social Media Posts?
Eric T. Tung
 
Design in Tech Report 2015
John Maeda
 
SpringOwl's 99 Page Presentation On How To Best Turnaround Yahoo!
Eric Jackson
 
Search Ranking Factors in 2015
Rand Fishkin
 
What is strategy?
Dr. Marc Sniukas
 
Five Tips To Help You Tackle Programming
Wiley
 
State of Startups 2015
First Round Capital
 
How to build a great coding culture
Mark Halvorson
 
Blitzscaling Session 1: Household Stage
Greylock Partners
 
The Real Life Social Network v2
Paul Adams
 
A Product Manager's Job
joshelman
 
Visualising Data with Code
Ri Liu
 
Sass Code Reviews - How one code review changed my life #SassConf2015
Stacy Kvernmo
 
Final venture outlook 2016
Mark Suster
 
2016 A-Z Culture Glossary
sparks & honey
 
Ad

Similar to Data Security For SMB - Fly first class on a budget (20)

PPT
SMBs: The Threat Ahead
martin_lee1969
 
PDF
A Guide To SMB Network Security Compliance Research Group(1)
GuardEra Access Solutions, Inc.
 
PDF
Security Guide For Small Business
BrendanRose
 
PPTX
Security on a budget
nCircle - a Tripwire Company
 
PPTX
Why SMBs Outsource IT to MSPs
The TNS Group
 
PDF
mcafee-10-steps-infographic-d2
Monica Hamilton
 
PPTX
Data Breach from the Inside Out
The Lorenzi Group
 
PDF
Choosing the Right Data Security Solution
Protegrity
 
PPTX
2013 PMA Business Security Insights
gotopaz
 
PDF
White Paper: Mobile Security
Rogers Communications
 
PPTX
Continuing Education Conferance
Tommy Riggins
 
PPTX
Ulf mattsson webinar jun 7 2012 slideshare version
Ulf Mattsson
 
PDF
"Thinking diffrent" about your information security strategy
Jason Clark
 
PPTX
Information Security For Small Business
Julius Clark, CISSP, CISA
 
PDF
Small Business Technology Challenges
Infinity Technologies
 
PDF
Ten Top Tips on Keeping Your Business Secure
BurCom Consulting Ltd.
 
PDF
Ten top tips on keeping your business secure
BurCom Consulting Ltd.
 
PPTX
ISACA New York Metro April 30 2012
Ulf Mattsson
 
PDF
SYMCAnnual
finance40
 
PDF
Homeland Security - strengthening the weakest link
Flaskdata.io
 
SMBs: The Threat Ahead
martin_lee1969
 
A Guide To SMB Network Security Compliance Research Group(1)
GuardEra Access Solutions, Inc.
 
Security Guide For Small Business
BrendanRose
 
Security on a budget
nCircle - a Tripwire Company
 
Why SMBs Outsource IT to MSPs
The TNS Group
 
mcafee-10-steps-infographic-d2
Monica Hamilton
 
Data Breach from the Inside Out
The Lorenzi Group
 
Choosing the Right Data Security Solution
Protegrity
 
2013 PMA Business Security Insights
gotopaz
 
White Paper: Mobile Security
Rogers Communications
 
Continuing Education Conferance
Tommy Riggins
 
Ulf mattsson webinar jun 7 2012 slideshare version
Ulf Mattsson
 
"Thinking diffrent" about your information security strategy
Jason Clark
 
Information Security For Small Business
Julius Clark, CISSP, CISA
 
Small Business Technology Challenges
Infinity Technologies
 
Ten Top Tips on Keeping Your Business Secure
BurCom Consulting Ltd.
 
Ten top tips on keeping your business secure
BurCom Consulting Ltd.
 
ISACA New York Metro April 30 2012
Ulf Mattsson
 
SYMCAnnual
finance40
 
Homeland Security - strengthening the weakest link
Flaskdata.io
 

More from Flaskdata.io (17)

PDF
Flaskdata - Observability for clinical data
Flaskdata.io
 
PDF
The travel industry does real-time. Why doesn't clinical research?
Flaskdata.io
 
PDF
Flaskdata.io automated monitoring for clinical trials
Flaskdata.io
 
PPTX
How to write secure code
Flaskdata.io
 
PDF
The insights that will help your medtech clinical trial succeed
Flaskdata.io
 
PDF
2017 02-05 en-eu-data-security_v2
Flaskdata.io
 
PPTX
Quick user guide to the Clear Clinica Cloud EDC system
Flaskdata.io
 
PPTX
Killed by code 2015
Flaskdata.io
 
PPTX
Killed by code 2015
Flaskdata.io
 
PPTX
Pathcare: Patient-issue oriented healthcare
Flaskdata.io
 
PPTX
The Tao of GRC
Flaskdata.io
 
PDF
Will Web 2.0 applications break the cloud?
Flaskdata.io
 
PPTX
Killed by code - mobile medical devices
Flaskdata.io
 
PPTX
Grc tao.4
Flaskdata.io
 
PPT
Data Security For Compliance 2
Flaskdata.io
 
PDF
Data Security Metricsa Value Based Approach
Flaskdata.io
 
PDF
Selling Data Security Technology
Flaskdata.io
 
Flaskdata - Observability for clinical data
Flaskdata.io
 
The travel industry does real-time. Why doesn't clinical research?
Flaskdata.io
 
Flaskdata.io automated monitoring for clinical trials
Flaskdata.io
 
How to write secure code
Flaskdata.io
 
The insights that will help your medtech clinical trial succeed
Flaskdata.io
 
2017 02-05 en-eu-data-security_v2
Flaskdata.io
 
Quick user guide to the Clear Clinica Cloud EDC system
Flaskdata.io
 
Killed by code 2015
Flaskdata.io
 
Killed by code 2015
Flaskdata.io
 
Pathcare: Patient-issue oriented healthcare
Flaskdata.io
 
The Tao of GRC
Flaskdata.io
 
Will Web 2.0 applications break the cloud?
Flaskdata.io
 
Killed by code - mobile medical devices
Flaskdata.io
 
Grc tao.4
Flaskdata.io
 
Data Security For Compliance 2
Flaskdata.io
 
Data Security Metricsa Value Based Approach
Flaskdata.io
 
Selling Data Security Technology
Flaskdata.io
 

Data Security For SMB - Fly first class on a budget

  • 1. Data security for an SMB Fly first class on a budget Licensed under the Creative Commons Attribution License Danny Lieberman http://www.dannylieberman.info  dannyl@controlpolicy.com http://www.controlpolicy.com/     
  • 2. “Any large company is made up of a large  number of small businesses.” Bill Gates, circa 1998.  Explaining why Microsoft workgroup products were a good fit for big enterprises.    
  • 3. Agenda • What threats should concern an SMB? • SMB awareness of data security • Cultural factors • What data should an SMB protect? • Is anti-virus enough? • Is a firewall enough? • Servers in the office or in the cloud? • Planning for disasters • Fly first class for cheap    
  • 4. •What threats should concern an SMB? • Data security is Ugly – Loss of IP • Trusted insider theft – Mail, Web, IM – Smart phones • Front-door attacks – Lost passwords makes it easy • Back-door attacks – Spyware, Trojans – Piggy back on legit sessions    
  • 5. •SMB awareness of data security • Market research performed by Infowatch in September 09 – 99% of 190 SMBs were aware of data breach issues. Infowatch CEO Natalya Kaspersky   – Over half focused on IP protection    
  • 6. Cultural factors • Americans – Rule-based – Technology – Lots of regulation that doesn't work • Europeans – Principles-based – Discipline – Regulation that appears to work    
  • 7. •What data should an SMB protect? • Credit cards – Usually not an issue for SMB merchants • Most have less than 1 million transactions/year • Most outsource payment processing • Can comply to PCI DSS with a self-assessment • Intellectual property – A small firm can have extremely valuable IP • Manufacturer, design house, hi-tech startup • Designs, algorithms,commercial agreements • IP theft can put a SMB out of business    
  • 8. Is anti-virus enough? • The good news – Good AV software can detect and prevent certain kinds of attacks that steal data • The bad news – Anti-virus software is worthless against trusted insiders, phishing, man-in-the- middle attacks.    
  • 9. Is my firewall enough? • There is no good news – Firewall creates false sense of security – Cannot stop trusted insiders – Anyone can violate privacy of other employees – Cannot stop targeted Trojans from stealing data on open FTP or high- numbered ports • If you shut them down, employees will take their data home....    
  • 10. In the office or in the cloud?  Wake up and smell the hummus – Hosting your own mail/Web servers in the office is a bad idea • Attracts attackers like flies to honey – Use service like Google Apps • They may read, but they won't steal    
  • 11. Planning for disasters • Take regular backups • Use a professional hosting service – Calculate cost of loss of business – Spend the right amount • Build employee ERT – Emergency response team – Train once every 3 months – Know where the keys are    
  • 12. Fly first class for cheap • Policy • Enforcement    
  • 13. Fly first class for cheap • Policy: the 10 commandments are free. • An AUP reduces the number of employee options by default – No “opt-in” check box    
  • 14. AUP read and understand agreement An Approved Usage Policy states that:  “Digital channels are to be used to further the  company’s business and improve customer service  and not for personal entertainment or gain”  “Employees will protect the company's digital and  physical assets”    
  • 15. Digital Assets • Any computerized information that the firm uses to compete or accomplish it’s missions – Customer pricing – Intellectual property – Biz dev plans    
  • 16. Enforcement • Corporate culture – A little fear in the workplace is not a bad idea  (Andy Grove) • Everyone signs, owner first • DLP “Light” – Mail and Web – Alert and/or block violations – SMB solutions available for $10k    
  • 17. DLP “Light” for SMB Database File Server Server Interception SMTP HTTP Policies Alert or Block Reporting Forensics    
  • 18. Coming attractions Register online for: • Oct 8: SMB data security • Oct 15: Data security as a business objective • Oct 22: A holistic approach to security and compliance http://www.controlpolicy.com/workshops/    
  • 19. Learn more • Read the Data Security Blog http://www.software.co.il/wordpress/ • Presentation materials and resources http://www.controlpolicy.com/workshops/data-security-workshops/