Run this video while people enter https://www.integrityky.com/piiprotect/
https://www.integrityky.com/piiprotect/
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Are you a marathon runner? Yes, crushing it!
26.2
No, wish I could. No Way!
It appears you are all great at marathon learning! Thank you for making it to the end of the conference and still have interest in learning more!
Cyber-Safe Culture Bryan Pryor bpryor@integrityky.com
Jennifer Erena jerena@integrityky.com
Hello and Thank you for joining us. We are‌ So, why are we talking to HR professionals?
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
For many years, IT security was managed by the IT department. “Our IT Guys handle that” Gone are those days. The IT department can implement all kinds of cool technology to monitor and block malicious activity, but weakest link are your employees. Hackers prey upon the vulnerabilities of human being because it works. Hackers steal your data because it’s valuable. Data has become an industry.
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
“Information security is one of the few spots in the business where you can be involved in almost every part of the business.”
Technically, Security Is All About People Cybersecurity used to be about technology - TODAY is about people. Technology is not perfect, it will always have flaws. People also have “flaws”. People require knowledge and training, not software and padlocks. IT professionals are rarely (good) trainers in the organization.
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
HR knows employee training and does it well. IT and HR professionals must work together to address this need. Over a quarter (28%) of attacks involved insiders. The insider threat can be particularly difficult to guard against—it’s hard to spot the signs if someone is using their legitimate access to your data for nefarious purposes.
Life in 2018 comes at us at 90 miles per hour. We talk a lot about change when it comes to cyberthreats and cyber security. Cyber Threats Change Daily - 60-100 new threats are identified weekly Technology evolves and changes. It’s a crazy cycle that might not slow anytime soon.
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
How Much Change? How much change is your company / your position experiencing? Small Amount Medium Amount Large Amount I am incapacitated by change
Another question for you‌.
Change is disruptive, no doubt, but the alternative can kill your business. Since KY is not big on natural disasters, cyber-attacks might be your companies biggest risk for failing. Your weakest link can be turned into your greatest asset. Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Experienced loss of personal data? Yes No Unsure
Have you experienced loss of personal data? What kind? Examples of personal breaches • Equifax, LinkedIn, Dropbox, Target, Anthem • Credit Card Skimmers / Credit Card Theft
Experienced loss of business data? Yes No Unsure Multiple Times!
Have you experienced loss of business data? What kind? Examples of business data breaches • Ransomware, Lost devices Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Boost Your Defense
We want to boost your defense. EVERYONE needs to have a basic understanding of cyberthreats and actions to protect self and employer. Think of this as a train the trainer session. We empower you to defend yourself and your organization. Let’s start with working on the basic understanding of threats.
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Breach Statistics
All Types of Insider Risks are increasing. IBM 13th Annual Cost of Data Breach Study, 2018 2018 Cost of Insider Threats (ObserverIT and Ponemon Institute) Hackers and Criminal Insiders Cause the Most Data Breaches At least HALF of company breaches involve an employee – whether intentional or accidental, employees are involved. Some statistics say 97%. Our experience has been 100%. Usually, the Negligent Insider It’s not just the big companies being targeted. You just don’t hear about all the local small/medium businesses.
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Verizon Data Breach Incident Report ► 61% of breaches hit smaller businesses last year, up from the previous year’s 53%.
► Cyber attacks cost small businesses between $84,000 and $148,000. ► 68% of breaches took months or longer to discover. It will probably be you one day Most cybercriminals are motivated by cold, hard cash. And they don’t care who they take it from. Ignore the stereotype of sophisticated cybercriminals targeting billion-dollar businesses. Most attacks are opportunistic and target not the wealthy or famous, but the unprepared. 76% of breaches were financially motivated. It takes an average of 3 months to detect a breach. 90% of small business don’t use any data protection at all for company and customer information.
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
HealthCare Employee theft of patient information is one of the leading causes of HIPAA breaches.
STANDARD § 164.308(a)(5) Security awareness and training. Implement a security awareness and training program for all members of its workforce (including management).
How many work in healthcare? Any bit of information is a problem – weave fragments together to create a person
The urgency to train your employees is reflected in the next statistic….
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
I want to keep my job.
Example: Hacking for $$ Lexington Business Perfect Recipient Targeted: HR Director Targeted Perfect Timing: End of January (W-2 release) Urgency: “As soon as you get them” Outcome: All employee W2s emailed to criminal
Lexington Business Employee with access to medical record Employee prints massive number of medical records Employee’s husband carries them out after hours
Companies often think of protecting trade secrets and financials, but what about data on individuals?
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Example: Hacking for $$ Lexington Business Ransomware Ransom Paid Files Destroyed Anyway Notifying Clients $$$$
Lexington Business Email Hacked Email Monitored (stolen) Process and Approval for Wire Transfers Discovered Banking Account Created in Same Bank Fraudulent Emails Sent $500,000 Outcome?
Cute Kittens and Puppies
OK, let’s take a moment to bring joy back into our lives. Our intent is not to scare you, but to empower you.
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Pathway of Disaster
It’s all about the individual now. Hackers use “Social Engineering”, which are means to taps into human’s tendencies, exploit them as they exploit vulnerabilities in hardware and software. Did you know that roughly 93% of successful data breaches are executed through social engineering attacks? That essentially means cybercriminals received access to sensitive data simply by asking for it!
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Example: Know Your Status
https://haveibeenpwned.com/
Has your data been hacked? Perhaps….Most likely…. Equifax LinkedIn Dropbox Netprospex – acquired by Dun & Bradstreet in June 2015 https://haveibeenpwned.com/
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
It is sold on the Dark Web! It’s held for ransom!
Netprospex Example of data collected on dark web https://www.zdnet.com/article/millions-of-records-leaked-from-hugecorporate-database/ https://www.troyhunt.com/weve-lost-control-of-our-personal-dataincluding-33m-netprospex-records/
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
It Can Be a Prosperous Business! Social Security Number
Online Pay Service
Drivers License
$1
$20-200
$20
Passport
Medical Record
Diploma $100-400
$10002000
$1-1000
Credit or Debit Card With CVV $5 With Bank Info $15 Fullz Info $30
From Experian - https://www.experian.com/blogs/ask-experian/heres-howmuch-your-personal-information-is-selling-for-on-the-dark-web/ Fullz info contains a “full package” for fraudsters – SSN, BD, Account Numbers, other Old data? Yes. According to a 2017 Javelin strategy and research presentation the amount of fraud committed based on data breach data that is 2-6 years old has increased by nearly 400% over the last 4 years to $3.7B in 2016.
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Hackers Love …. Weak/Reused Passwords They steal them Sell them on the Dark Web Used them to Login to Your Email “Sprayed” all over to see if they open other sites Use them, along with your access, to move around your network
Vulnerabilities Software “holes” (vulnerabilities) Ignored updates (patching) Firmware “holes” Mergers Server misconfigurations Cloud misconfigurations
40% of companies merging find cybersecurity problems after the deal is signed. We will focus on the passwords.
Now, let’s talk about something that annoys everyone – passwords.
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Password Poll What is the frequency of password changes (your company, or a client company) 30 Days 45 Days 90 Days 180 Days 365 Days Never
VOTE NOW:
www.presentain.com/cybersafeky
Password Strength The Changing Landscape of Password Management Password Expiration
https://www.integrityky.com/nistguidelines/ National Institute of Standards and Technology (a division of US Dept. of Commerce), revised the 14-year-old guidelines last November with final updates issued in June 2017. The now retired 72-year-old author of the original 2003 NIST, Bill Burr, was quoted in The Wall Street Journal as saying, “Much of what I did I now regret.” Great Britain’s National Cyber Security Centre has also chimed in with similar updated recommendations on Password Security.
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Password expiration was leading to weaker passwords and to people recording them in an unsecure manner to help them remember. Research discovered that when a password is compromised, it is used within a week and frequent password expiration changes really offer no protection. The new recommendations are that system administrators monitor failed password attempts as an indication of possible compromise and also that systems notify the end-user when their password is used in an unexpected manner. Google does this, for example, when your login is detected from a new device. These alerts may be indications that a user needs to change their password. Some experts are suggesting an annual password change should still be part of good “password hygiene�.
Password Strength The Changing Landscape of Password Management
Password Complexity
https://www.integrityky.com/nistguidelines/ Also, many users thought they were being clever by using number and special character substitutions to increase password complexity. What has been uncovered is that they were being lulled into a false sense of security as we now know that hackers are using sophisticated password cracking software that allows them to account for common letter substitutions. An example is my password might be H1gh3r$3cur1ty but password cracking tools account for common substitutions so they look for common substitutions like 1 for i and 3 for e, for example.
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Password Strength The Changing Landscape of Password Management
Password Length / Pass-phrase
I really like kraut and dogs
https://www.integrityky.com/nistguidelines/ Password length is also a key to password security, however with a required complexity, users had less chance of having a memorable password. The new recommendations relax the complexity but promote password length in the form of more memorable “passphrases”. The goal is for users to remember passphrases without recording them in an insecure manner (writing them down; adding them to an electronic note). The longer the password, the more difficult and longer it takes for automated password cracking tools to guess them. The recommended minimum length of passwords is growing due to this correlation of length and compromise. The 8-character limit is being expanded and recently 12 characters and even 16 characters have been suggested as new standards for minimum length. What is a good “passphrase”? Creating a passphrase of a few disconnected words that you can remember is the best practice, so an example might be “eagleflagstormjupiter”. Notice that the character complexity has been relaxed. Some common sense must still apply in avoiding the use of your name, address or other easily discovered personal details in your passphrase. Also, the use of “common” passwords in your passphrase are to be discouraged and there are recommendations that system administrators blacklist these. An example would be to never word “password” or “12345”.
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Check Password Strength https://howsecureismypassword.net/
“Passwords are like underwear: make them personal, make them exotic, and change them on a regular basis.�
The Story of Bryan and His Favorite PW
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Password Management Don’t do this LastPass 1Password Enterprise Password Management
Passwords are Not Enough Multi-Factor Authentication Something You Know – Passwords Something You Have – a device with a temporary code Something You Are – biometrics
https://www.integrityky.com/2fa/ Two-factor authentication is a second layer of security for your application and online access. Take advantage of this option and set it up where ever it is offered. Something You Know: your password is the most common first layer, but as we know, passwords are easy to steal, hack and sometimes we just give them away by sharing and by creating lousy passwords like 123456. But a Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
strong password is an important line of defense that you must embrace learn more about building strong passwords here. Something You Have: a common second layer comes from a text message or email sent with a code to enter to complete your access, or a code from an application on your device. You have to get this code from a device that someone trying to log in as you would most likely not have in their possession - or also not have the password to open the device. SIDE NOTE always use a passcode/login on your devices and consider the implications of giving the code to your child to access your phone. More sites are offering this as an extra layer of authentication that is worth the few additional seconds to log in. Something You Are: you can also have this as a second or third layer (MultiFactor Authentication), which would include bio-metrics, like a fingerprint. Unlike using your fingerprint to unlock your phone, this would be used in combination with at least a password or access code for 2FA or both for Multi-Factor Authentication. As for apps, the most popular ones include Authy Google Authenticator Microsoft Authenticator If your application or website supports use of authentication apps, they provide a QR code to scan for quick and easy set up. If you want to implement 2FA company-wide, our security experts at Integrity IT can help you with that decision and offer solutions that best fit your needs - just reach out.
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
So, what are you protecting?
HR Departments Maintain Sensitive Data SSN Bank Account Address Birthday
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Do you ever work remotely? Always Most of the Time Some of the Time Never
Understand your connection to your work files. Do not access or transmit sensitive data over public wifi.
How is the Data Protected? Encrypted Devices? Email Back Up? Secure Connections Remote to Server (VPN, Citrix)? Two-Factor Authentication?
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Where is it Stored? On a Work Laptop? In Email? On a Server? In the Cloud?
On removable flash drives? In text messages? Unknown?
HR Professionals already protect sensitive data – our goal is to make sure you question all the electronic data that is sent and received and stored. Document other companies with access to your data.
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Visiting Breach Statistics Again Average Cost of EACH lost or stolen record containing PII/PHI
Healthcare Data Breach Costs Highest of Any Industry at $408 Per Record (IBM Sutdy) https://www.hipaajournal.com/healthcare-data-breach-costs-highest-ofany-industry-at-408-per-record/ Do a quick calculation for your number of records.
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
What Can Increase The Cost? Being in the United States Third Party Involvement in the Breach Extensive Cloud Migration at the Time of the Breach
A supply chain attack, or third-party attack, occurs when someone infiltrates your system through an outside partner or provider with access to your systems and data. According to a survey conducted this fall by the Ponemon Institute, 56 percent of organizations have had a breach that was caused by one of their vendors. Only 35 percent of companies had a list of all the third parties they were sharing sensitive information with. The 2014 Target breach was caused by lax security at an HVAC vendor. https://www.csoonline.com/article/3191947/data-breach/what-is-a-supplychain-attack-why-you-should-be-wary-of-third-party-providers.html https://www.cybergrx.com/resources/blog/top-11-third-party-breachesof-2018-so-far-data-breach-report/ BestBuy, Sears, Kmart, Delta Exposed records: unknown Reported April & May 2018 Electronics, home goods, mom jeans, and air travel – these companies don’t have much in common – except for a big weak link. [24]7.ai, a chat and customer services vendor for many brand names, was hacked via malware, Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
compromising credit card information, addresses, CVV numbers, card expiration dates, and other personal data across multiple customer groups. Hundreds of thousands of customers were affected per company hacked. “[These] breaches illustrate how intertwined our ecosystems are. If our attack surfaces are connected, our mitigation strategy should be too, and that means we need to start collaborating with each other more,� Fred Kneip commented. Cloud migration is the process of moving data, applications or other business elements from an organization's onsite computers to the cloud, or moving them from one cloud environment to another.
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
What Can Lower The Cost? Prompt Identification and Containment Incident Response Plans and Teams Extensive Use of Encryption Employee Training
It takes an Average of MORE THAN 2 months to contain an insider incident. Companies that train their employees in information security best practices spend 76% less on security incidents than their non-training counterparts,
How Much Cost Savings?
Training on information security best practices saves you‌.
Prevention Quickly identifying and reporting Reduced number of records involved Fewer people to notify Possible not even reportable 76%
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Employee Role in Breaches Causing
Email Compromise Clicking Malicious Links Opening Malicious Attachments Entering Credentials on a Fake Website Downloading Malicious Software Theft of Data for Personal Gain
Preventing
Learning about Risks Identifying Suspicious Emails, Links and Websites Questioning Unexpected Requests Verifying Unusual Requests Protecting the Environment
In any system, humans are the weakest link. We have some technology that helps humans not make mistakes, but often it comes down to training, workflow and policies. Max story no challenges No Technology can prevent this
HR Professionals Role Be a Leader in Data Protection Facilitate Employee Training o Onboarding o Ongoing
Increase Your Knowledge of Cybersecurity Threats and Prevention Work with IT/Security Leadership o Policies o Procedures
Enforcing Security Policies
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Policies Password Email Security Locking Computers Using Company Device for Personal Use Blocking Certain Websites and Apps Accessing Confidential Data Recognizing Threats Mobile Device Use and Management
HR Professionals are experts at policies. Make polices that work. Train well. Enforce. Security must be applied to all processes – products, services, solutions, all departments. Use personal language in training and policies. Do not say “the employee”, say “you” – example” “YOU are our number 1 defense” Can someone share an example of a policy that simply does not work? Why? PII Protect – Show Policies Sample Handbook
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Creating a Cyber-Safe Culture
Culture defines the proper way to behave within an organization.
Creating a Cyber-Safe Culture Include in the Company Core Values Must Flow from the TOP Demonstrated by Leaders Communicated to All Reinforced Rewarded
Shared Beliefs and values Established by leaders Communicated to all Reinforced / Rewarded Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Core Values
Include it in the highest level – values, vision and mission. Where people get their direction. Link cyber safety to shared beliefs and values.
Creating a Cyber-Safe Culture
Any company culture must come from the TOP. Cyber-Safe is not a grassroots effort. Cybersecurity does not belong to the IT Department. Cybersecurity belongs to everyone. Tailor training to each role so the leaders and the employee can see exactly how they impact the overall safety of the company. Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Communicated to All Include in Daily Huddle Include in Internal Newsletters Remember to Include Contract Employees and Services What are your ideas?
Training Theories Must be presented in a fun and positive way Employees must be aware before they can be held accountable. Not fear-driven or punitive o Look first at workflow, policies and training o De-identify reports / incidents and use for training
Reward for time and effort Reward for doing the right thing Training effort has an ROI Use personal language – YOU are our number 1 defense
Do not hide incidents, use them as training tool. Use personal language in training and policies. Do not say “the employee”, say “you” – example” “YOU are our number 1 defense”
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Example: Score Card
https://www.pii-protect.com/login
https://www.pii-protect.com/login
Example: Score Card
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Training Theories Use Videos Use Posters – simple, change regularly Repetition is the mother of learning Learning Curve / Forgetting Curve
Adult learning research consistently shows that videos help provide an enjoyable learning experience, boost engagement, and improve the transfer of knowledge. Repetition is the mother of learning We’ve heard of the learning curve – there is also a forgetting curve. Research on the forgetting curve shows that within one hour, people will have forgotten an average of 50 percent of the information you presented. Within 24 hours, they have forgotten an average of 70 percent of new information, and within a week, forgetting claims an average of 90 percent of it.
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Example: 2 min Video Training
https://www.pii-protect.com/login Preventing Peeping Toms
Example: 4 Question Micro Quiz
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
What I hear, I forget. What I see, I remember. What I do, I understand.
https://www.presentation-guru.com/what-is-visual-learning/ Research on the forgetting curve shows that within one hour, people will have forgotten an average of 50 percent of the information you presented. Within 24 hours, they have forgotten an average of 70 percent of new information, and within a week, forgetting claims an average of 90 percent of it. Theory – Demo - Practice Transferring knowledge to their job - Weaise • • • • •
Explicit teaching – how to apply Group Learning – working together doing what Reflection – what things help them learn and understand Analogy and Metaphor Ask learners to generalize
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
People Remember What They‌
https://www.learningsolutionsmag.com/articles/1379/brain-science-theforgetting-curvethe-dirty-secret-of-corporate-training Email is a convenient form of mass communication, but it is the least effective.
People tend to remember the first thing they hear or see and the last thing they hear or see.
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Training Ideas Utilize an established online cyber security training platform o PII Protect / HIPAA Portal (Integrity IT) o Many Others
Online Resources o Stop. Think. Connect. – www.StaySafeOnline.org o http://rebecca-ricks.com/paypal-data/
Phishing Campaigns Use Incidents as Training Tool
Many online training programs, use practice and scenarios instead of just providing information. They utilize proven method – instant feedback, prompting behavioral change, enjoyable learning experience. Do not hide incidents, use them as training tool.
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Training Ideas Gift Card for scoring 100% on Annual Training Module Points for scoring 100% on weekly modules Prize for achieving the highest safety score For those who champion security, establish ways to advance their role o Security Team Lead, Security Mentor, Member of Security Team, etc.
Security Family Feud, Trivia
Be a Champion in October! National Cyber Security Alliance and our support of their Stop. Think. Connect. initiative staysafeonline.org/ncsam dhs.gov/national-cyber-security-awareness-month
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
www.CyberSafeKY.com
https://www.integrityky.com/blog Free Dark Web Scan
https://www.integrityky.com/free-dark-web-scan/
Free Backup Consult
https://www.integrityky.com/free-backup-consult/
Free vCIO Consult
https://www.integrityky.com/free-vcio-consult/
Free Cyber Security Tips
https://www.integrityky.com/my-security-tips/
Free SRA Consult
https://www.integrityky.com/security-risk-assessment-andanalysis/
Free Hacker Report
https://www.integrityky.com/top-10-ways-hackers/
Search on our blog - https://www.integrityky.com/blog
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
On Inside Threats “We discovered in our research that insider threats are not viewed as seriously as external threats, like a cyberattack. But when companies had an insider threat, in general, they were much more costly than external incidents. This was largely because the insider that is smart has the skills to hide the crime, for months, for years, sometimes forever." — Dr. Larry Ponemon, Chairman, Ponemon Institute, at SecureWorld Boston
Any company culture must come from the TOP. Cyber-Safe is not a grassroots effort. Cybersecurity does not belong to the IT Department. Cybersecurity belongs to everyone. Tailor training to each role so the leaders and the employee can see exactly how they impact the overall safety of the company.
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Get The Slides
Example: How Data is Shared http://rebecca-ricks.com/paypal-data/
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
Example: Tracking Your Online Behavior https://clickclickclick.click
`
While you might think that clearing your browsing history is enough to keep your activity private, a new website could make you think again. A creepy website called ClickClickClick has been developed to show how your online behavior is constantly being measured by your browser. The website details your actions in real-time, from your movements on the page, to the other websites you have visited, in the hope of creating awareness on privacy in a playful manner. Clickclickclick.click was developed by VPRO, a Dutch media company, and Studio Moniker, an interactive design company. We Are Data Project http://wearedata.nl/ The game only captures information that can be gleaned from the browser and user interaction. But in real life, more advanced tracking mechanisms actually follow you around the web, and data brokers sell information about users to companies who want a more complete picture of their visitors. Minute details like the exact size of a browser window can help identify a particular user as he or she visits different sites across the internet. Some particularly creative companies have tried using invisible light or inaudible sound to link all of a person’s devices to them, so that their activity can be tracked from cell phone to computer to TV.
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com
PII PROTECT FREE OFFER from Integrity IT Thank you for stopping by and visiting Integrity IT’s booth during the 34th Annual Kentucky Society of Human Resource Manger’s Conference. As promised in our conference program ad and email prior to the event, we would like to extend to you for free and no obligation our cybersecurity awareness training portal. Why is Integrity IT giving this away? Information Security can be comprised on many layers. 95% of IT cyber security breaches occur due to employee negligence. Your IT resources can put the best technology in place to safeguard company data but if you do not train people, your company remains at a high-risk. We are experts at technology, you are the expert at training and employee compliance. You can share a part in reducing the risk to the companies your serve. How does this work? You or a designated Portal Admin would distribute a simple web link out to your employees. Your employee would self-enroll into this training portal. Once enrolled, your employees take self-directed training courses that cover topics such as Ransomware, Phishing, Spearing, Whaling, Social Engineering, and other deceptive means hackers use to attempt to steal personal and company information for their financial benefit. These courses are interactive and test on the content as the employee proceeds through the short course. Upon completion your employee receives a certificate of achievement. More so, you as an administrator of the portal, can know who has enrolled and completed this course content. Weekly, your employees will receive a short security tip or video to keep them continually involved in their cyber security awareness. You can also determine how often the employee are required (or encouraged) to take this course which is regularly updated with new relevant material. We do not want to just send you a link to this training without further explanation of our offer. You may have put your card in our table bowl not knowing what we were giving away. If you are not the correct person to make this decision we understand and welcome you to have someone else in your company reply. We are serious about cyber security awareness and prevention and we hope your company will entertain this free offer. Upon your reply and confirmation, we will get your company enrolled in our training portal. http://www.integrityky.com/securitytraining We look forward to hearing from you!
Integrity IT | 3080 Harrodsburg Rd, Ste 104 | Lexington, KY 40503 |859-253-42184 | www/integrityky.com