How to safe your company from having a security breach
1 like504 views
To prevent security breaches, companies must address root causes like human error, abuse/fraud, and problems in processes. The document recommends that companies get board support, identify risks, classify data, secure perimeters, implement policies, and provide user training. It also suggests choosing a security approach that fits the company's structure, finding and solving issues like access control and insider threats, and developing a culture of responsibility through openness and ongoing training.
How to safe your company from having a security breach
- 1. How to save your company from having a security breach Matej Zachar Project & Security Manager Ota Čermák Business Development Manager
- 2. SAFETICA TECHNOLOGIES • ESET Technology Alliance Partner • Czech company • 60 employees • Developing security software since 2009 • 30 000 protected devices in 50 countries with over 300 customers
- 4. • Human error • Abuse / fraud • Problems in processes ROOT CAUSES OF DATA LEAKAGE
- 5. • Chelsea and Westminster Hospital NHS Foundation Trust has been fined £180,000 after revealing the email addresses of more than 700 users of HIV service. The incident happened when a member of staff was sending newsletter and used field CC: instead of BCC: • (9.5.2016, ico.org.uk) HUMAN ERROR
- 6. • 78 % of companies have already had a data leak caused by an internal source • 50 % of employees take sensitive data with them when leaving a job • 80 % of these plan to use this data in their new job • (Ponemon Institute) ABUSE / FRAUD
- 7. • Missing policies / guidelines • E.g. data transfer • Insufficient user awareness • Lack of control mechanisms PROCESSES
- 9. • June 2016: Massive data leak • 1.2 million customer records • Insider sold the data • 133.000€ Fine • Front page headlines
- 10. • They admitted incident • (But played it down) X • Crisis communication • Remediation • Transparency
- 11. AUTOMOTIVE
- 12. ENGINEERING
- 13. • Every company. WHO IS THE TARGET?
- 14. • Production companies and manufacturing • Private Health care • Logistics • Automotive • Public sector • Financial sector, insurance, advisory • Law firms • Security forces, military and suppliers • Utilities • Services • Pharmacy • Food and Beverages WHO IS THE TARGET?
- 15. • Every company. • Personal data - GDPR • Know-how • Financial data • Employees WHO IS THE TARGET?
- 16. • Get support from board • Identify risks • Classify the data • Secure their perimeter • Implement policies • Provide training HOW TO DO IT
- 17. • „Open“ companies • Agile development • „Closed“ firms • Hybrid approach • Startups, young companies CHOOSE THE RIGHT APPROACH
- 18. • Access to data • Secure transfer • User behavior • Insider threat FIND AND SOLVE ISSUES
- 19. • Be open to your employees • Implement policies • Train users • Be aware of new and leaving staff • Discuss everything! DEVELOP RESPONSIBILITY
- 20. • Data Loss Prevention • Security audit • Encryption • Mobile security IMPLEMENT TECHNOLOGY
- 21. • Based in Czech republic • Creating products for physical security • Management realizes the importance of data
- 22. 1. Policies 2. Training using DLP notifications 3. Step-by-step protection of know-how 4. Monitoring of leaving employees
- 23. Q & A
- 24. THANK YOU FOR YOUR TIME ota.cermak@safetica.com Matej Zachar Project & Security Manager Ota Čermák Channel Sales Manager matej.zachar@safetica.com