![Page 1: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/1.jpg)
![Page 2: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/2.jpg)
Today’s presenters:
Ryan Kriger, CIPP/US
Office of the Vermont Attorney General
Assistant Attorney General, Public Protection Division
Bill Carrigan, CFE
Vermont Department of Financial Regulation
Deputy Commissioner, Securities Division
Investor Education Coordinator
Jonathan Rajewski, MS, CCE, EnCe, CISSP, CFE, TJFC
Champlain College
Founder & Director, the Senator Patrick Leahy Center for Digital Investigation
Associate Professor of Cyber Security and Digital Forensics
Sona Makker, CIPP/US and Claire Gartland
Facebook, Privacy and Public Policy
![Page 3: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/3.jpg)
Ryan Kriger, CIPP/US
Office of the Vermont Attorney General
Assistant Attorney General
Public Protection Division
![Page 4: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/4.jpg)
Data Security for
Small BusinessesRyan Kriger, CIPP/US
Assistant Attorney General, Public Protection Division
October 20, 2017
![Page 5: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/5.jpg)
Takeaways:
1. Know what laws affect you
2. Train your employees
3. Think data security before you get hit
4. Have response plan for after you get hit
5. Get Cyber Insurance
6. Vendors/Contractors/Cloud Providers
![Page 6: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/6.jpg)
Know What Laws You Have To Comply With
Consumer Protection Act: EVERYONE
Security Breach Notice Act: EVERYONE
SSN Protection Act: Do you Collect SSN
HIPAA: Do you do medical work?
FERPA: Do you work with schools/universities?
COPPA: Do you sell to kids under 13?
GLB: Do you work with financial institutions?
![Page 7: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/7.jpg)
Three Numbers
14Days: Time to Confidentially
Provide Preliminary Notice
of Breach to AG
45Days: Maximum Time to
Send Notice to Consumers
(It Can Often Be Sooner)
10,000 Dollars: Maximum Civil
Penalty Per Violation
![Page 8: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/8.jpg)
DON’T CLICK
THE LINK.
![Page 9: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/9.jpg)
What Sort of Data Should You Be Protecting?
Credit Card info
Social Security Numbers
Financial Information
Passwords
Anything sensitive that someone might not want
to fall into the wrong hands
![Page 10: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/10.jpg)
Have Data Collection Policies:
Don’t collect data you don’t need
Only keep data as long as you need it
Consider using a 3rd party vendor to handle
sensitive data
![Page 11: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/11.jpg)
Technology Suggestions
Credit Cards:
Search your systems to make sure you’re not
storing data
Search for key loggers
Frequent system scans
Watch your employees
Consider scanners that encrypt at swipe
NO web browsing on POS Systems
![Page 12: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/12.jpg)
Watch Out For Portable Data:
Cell Phones
Tablets
Laptops
External Hard Drives
Thumb Drives
Data In Transit (including E-Mail)
And Don’t Forget Back-up Tapes
![Page 13: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/13.jpg)
Protect Portable Data:
Password Protection
Remote Wipe Capability
Encryption
Ask yourself: Should this be in a portable medium?
![Page 14: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/14.jpg)
I’ve Had a Data Breach, What Next?
1. Secure Your Data
2. Contact Law Enforcement
3. Contact Cyber Insurance
4. Contact Entities From Which You Obtained the Data
5. Notify the Attorney General’s Office Of The Breach
6. Notify Consumers Of The Breach
7. Notify the Credit Reporting Agencies (if more than 1,000
consumers)
![Page 15: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/15.jpg)
Online Resources
VT Attorney General Site (ago.vermont.gov/focus/consumer-
info/privacy-and-data-security1.php)
OnGuardOnline.gov
business.ftc.gov
IAPP: www.privacyassociation.org
![Page 16: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/16.jpg)
CYBER INSURANCE
CYBER INSURANCE
CYBER INSURANCE.
![Page 18: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/18.jpg)
Bill Carrigan, CFE
Vermont Department of Financial Regulation
Deputy Commissioner, Securities Division
Investor Education Coordinator
![Page 19: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/19.jpg)
19 of 19 © 2014 Association of Certified Fraud Examiners, Inc.
DFR Overview
▪ Department is made up of four Divisions
• Banking, Insurance, Securities, Captive Ins.
▪ All Divisions may deal with different
aspects of fraudulent activity.
▪ The opinions and comments made today
are mine and are not the position of the
Department.
Vermont Department of Financial Regulation
![Page 20: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/20.jpg)
20 of 19 © 2014 Association of Certified Fraud Examiners, Inc.
Introduction
▪ Fraud, in all its forms, costs billions in
damage each year.
▪ Fraud involves taking something from
someone else through deception or
concealment.
▪ Occupational frauds are those committed
in connection with the fraudster’s
occupation.
![Page 21: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/21.jpg)
21 of 19 © 2014 Association of Certified Fraud Examiners, Inc.
Examples of Occupational Fraud
▪ Stealing money or inventory
▪ Claiming overtime for hours not worked
▪ Filing fraudulent expense reports
▪ Giving friends or relatives unauthorized
discounts on company merchandise or
services
▪ Adding ghost employees to the payroll
![Page 22: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/22.jpg)
22 of 19 © 2014 Association of Certified Fraud Examiners, Inc.
Types of Fraud
Asset Misappropriation: schemes in which the
employee steals or misuses an organization’s
assets
▪ Skimming cash receipts
▪ Falsifying voids and refunds
▪ Tampering with company checks
▪ Overstating expenses
![Page 23: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/23.jpg)
23 of 19 © 2014 Association of Certified Fraud Examiners, Inc.
Types of Fraud
Corruption: schemes in which a fraudster
wrongfully uses his influence in a business
transaction for the purpose of obtaining a
benefit for himself or another person
▪ Conflicts of interest
▪ Illegal gratuities
▪ Bribery
![Page 24: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/24.jpg)
24 of 19 © 2014 Association of Certified Fraud Examiners, Inc.
Types of Fraud
Fraudulent statements: fraud schemes
involving the intentional misreporting of an
organization’s financial information with the
intent to mislead others
▪ Creating fictitious revenues
▪ Concealing liabilities or revenues
![Page 25: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/25.jpg)
25 of 19 © 2014 Association of Certified Fraud Examiners, Inc.
Common Frauds by Employees
▪ Stealing incoming cash
▪ Fraudulent disbursements
• Check tampering
• Register disbursement
• Billing
• Expense reimbursement
• Payroll
▪ Inventory fraud schemes
![Page 26: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/26.jpg)
26 of 19 © 2014 Association of Certified Fraud Examiners, Inc.
Common Frauds by Vendors
▪ Bid-rigging
▪ Price-fixing
▪ Overbilling
▪ Kickbacks
▪ Shell companies
![Page 27: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/27.jpg)
27 of 19 © 2014 Association of Certified Fraud Examiners, Inc.
What Causes People to Commit Fraud?
![Page 28: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/28.jpg)
28 of 19 © 2014 Association of Certified Fraud Examiners, Inc.
What Causes People to Commit Fraud?
Pressure
▪ A gambling or drug
habit
▪ Personal debt or poor
credit
▪ A significant financial
loss
▪ Peer or family
pressure to succeed
![Page 29: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/29.jpg)
29 of 19 © 2014 Association of Certified Fraud Examiners, Inc.
What Causes People to Commit Fraud?
Opportunity
▪ Lack of supervision
▪ Poor internal controls
▪ Poor record keeping
▪ Extreme trust in a single individual
▪ Lack of disciplinary action for previous frauds
![Page 30: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/30.jpg)
30 of 19 © 2014 Association of Certified Fraud Examiners, Inc.
What Causes People to Commit Fraud?
Rationalization
▪ I was only “borrowing” the money and planned to repay it.
▪ The company won’t even realize this amount is gone; it’s not
that much.
▪ My boss does it all the time.
![Page 31: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/31.jpg)
31 of 19 © 2014 Association of Certified Fraud Examiners, Inc.
What Causes People to Commit Fraud?
Rationalization
▪ I’ve been working with the company for 15 years. They owe it
to me.
▪ I’ll stop once I pay off my debts.
▪ I deserved this after the way the company has treated me.
![Page 32: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/32.jpg)
32 of 19 © 2014 Association of Certified Fraud Examiners, Inc.
How Fraud Affects You and
Your Organization
▪ Fewer pay increases
▪ Increased layoffs
▪ Greater pressure to increase sales and
revenue
▪ Decreases in employee benefits
▪ Low employee morale
▪ Negative publicity for the company
![Page 33: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/33.jpg)
33 of 19 © 2014 Association of Certified Fraud Examiners, Inc.
Red Flags of Fraud
▪ Living beyond means
▪ Financial difficulties
▪ Serious addiction to
drugs, alcohol, or
gambling
![Page 34: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/34.jpg)
34 of 19 © 2014 Association of Certified Fraud Examiners, Inc.
Other Warning Signs of Fraud
▪ An unwillingness to share duties
▪ A refusal to take vacations
▪ A close personal relationship with vendors or
customers
▪ Complaints about low pay
▪ Family problems
▪ Excessive pressure within the company
▪ Rule breakers
![Page 35: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/35.jpg)
35 of 19 © 2014 Association of Certified Fraud Examiners, Inc.
What to Do if You Suspect Fraud
▪ Be aware of warning signs
▪ Report irregularities, specifically:
• If someone you work with asks you to do something that is illegal or
unethical
• If you suspect that someone— regardless of rank or position—is
committing fraud or abuse
![Page 36: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/36.jpg)
36 of 19 © 2014 Association of Certified Fraud Examiners, Inc.
How to Report Suspected Fraud
▪ Hotlines or other anonymous reporting
mechanism
▪ Anonymous letter to company official
▪ Share your concern with company’s internal
auditors or anti-fraud specialists
![Page 37: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/37.jpg)
37 of 19 © 2014 Association of Certified Fraud Examiners, Inc.
Conclusion
▪ Everyone in an organization is responsible for
fighting fraud.
▪ Be alert to potential fraud.
▪ Report any suspicions to your organization.
![Page 38: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/38.jpg)
Jonathan Rajewski, MS, CCE, EnCe, CISSP, CFE, TJFC
Champlain College
Associate Professor of Cyber Security and Digital
Forensics
Founder & Director
Senator Patrick Leahy Center for Digital Investigation
![Page 39: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/39.jpg)
s
"Behind this glass is incredible
talent and this country in
general and the FBI in particular
needs those folks,"
-FBI Director James
Comey
s
![Page 40: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/40.jpg)
![Page 41: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/41.jpg)
Do you think your data is safe?
databasesemailspreadsheetsdocumentspicturesvideos
laptops / tabletscomputersremovable devicesserverscloud
Personal Identifiable InformationProtected Health InformationPrivate / Sensitive Information
What Where Specifically
![Page 42: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/42.jpg)
Why isn't the data on
our networks secure?
SecurityUsability
SecurityUsability
![Page 43: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/43.jpg)
Total security is a myth
![Page 44: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/44.jpg)
Ask your IT staff two
questions…
When was the last time they experienced a data breach?
Are they currently breached?
![Page 45: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/45.jpg)
Executive Management
Our job is to manage
Security is both a legal
and IT problem
Legal
Our job is to shift liability
Security is a technical problem
Human Resources
Our job is to avoid trouble
Security is trouble
Information Technology
Our job is to make it work
Employee behavior is not
our problem
![Page 46: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/46.jpg)
Executive Management
Our job is to manage
Security is both a legal
and IT problem
Legal
Our job is to shift liability
Security is a technical problem
Human Resources
Our job is to avoid trouble
Security is trouble
Information Technology
Our job is to make it work
Employee behavior is not
our problem
Effective/Clear/Accountable Policy
![Page 47: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/47.jpg)
Demystify cyber security
![Page 48: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/48.jpg)
![Page 49: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/49.jpg)
![Page 50: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/50.jpg)
So how do we reduce the risk to a reasonable level?
![Page 51: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/51.jpg)
It’s not if you’re going to have a
cyber related event, it’s when
![Page 52: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/52.jpg)
https://techcrunch.com/2016/06/13/cyber-insurance-is-changing-the-way-we-look-at-risk/
Part of the plan should be
insurance...
![Page 53: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/53.jpg)
2016 Breach costs - $290 - $15MMCrisis services costs (forensics, notification, credit monitoring and legal counsel), Legal damages (defense and settlement), Business interruption costsFines (PCI and regulatory) by the type of data exposed
https://netdiligence.com/wp-content/uploads/2016/10/P02_NetDiligence-2016-Cyber-Claims-Study-ONLINE.pdf
2016 Average Claim $495,000
2016 Typical breach cost $5,822 - 1.6MM 80% - 10th-90th percentile
Part of the plan should be
insurance...
![Page 54: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/54.jpg)
https://netdiligence.com/wp-content/uploads/2016/10/P02_NetDiligence-2016-Cyber-Claims-Study-ONLINE.pdf
N=176
Part of the plan should be
insurance...
![Page 55: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/55.jpg)
https://netdiligence.com/wp-content/uploads/2016/10/P02_NetDiligence-2016-Cyber-Claims-Study-ONLINE.pdf
Part of the plan should be
insurance...
![Page 56: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/56.jpg)
It’s not just about shifting risk…
![Page 57: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/57.jpg)
Practical Takeaways
![Page 58: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/58.jpg)
![Page 59: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/59.jpg)
![Page 60: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/60.jpg)
Being proactive is smart
![Page 61: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/61.jpg)
People
Process Tools
Determine where you need helpWhere are your risks?
Budget accordingly
![Page 62: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/62.jpg)
Do you have mandatory trainings?
![Page 63: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/63.jpg)
Stop Drop and Roll
Look both ways before crossing
STOP THINK CONNECT ™
https://www.stopthinkconnect.org/
![Page 64: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/64.jpg)
PLEASE use a separate passphrase for work and
compartmentalize accordingly
https://www.pwnieexpress.com/hubfs/password_vs_passphrase.jpg
![Page 65: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/65.jpg)
https://www.lockdownyourlogin.org/strong-authentication/
Use Multifactor
Authentication
![Page 66: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/66.jpg)
![Page 67: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/67.jpg)
![Page 68: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/68.jpg)
“CEO fraud,” or “business email compromise.”
![Page 69: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/69.jpg)
![Page 70: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/70.jpg)
How to deal with ransomeware• Don’t click or open attachments/links that look
suspicious
• Be careful on social media - videos are not really videos etc…
• Backup your files! (cloud?) & TEST BACKUPS
• Call for help!
![Page 71: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/71.jpg)
How many of you have ever
connected to…
![Page 72: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/72.jpg)
So what can you do?
•Use your phone as a wifi
hotspot
•Ensure you trust which wifi
you are connecting to
•Use a Virtual Private Network
![Page 73: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/73.jpg)
Antivirus
It can be compared to the
flu shot…
![Page 74: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/74.jpg)
A current asset list and network map
Data classification - where do you have the crown jewels
General Cyber Security Tips IT professionals
![Page 75: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/75.jpg)
http://limpehft.blogspot.com/2013/10/why-choose-path-of-least-resistance.html
http://2we26u4fam7n16rz3a44uhbe1bq2.wpengine.netdna-cdn.com/wp-content/uploads/5-14.png
General Cyber Security Tips IT professionals
![Page 76: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/76.jpg)
General Cyber Security Tips IT professionals
![Page 77: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/77.jpg)
Enable logging on internal and external systems
General Cyber Security Tips IT professionals
![Page 78: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/78.jpg)
Collect data that’s important to hunt for evil
System Event LogsProxy Logs
Firewall LogsIntrusion Detection Logs
Anti-Virus LogsFlow Data
DHCP LogsSMTP/Mail Logs
Remote Desktop/VPN LogsActive Directory Logs
Application LogsALL OF THE LOGS?
Data retention? Do you have time? Do you know what to look for?
General Cyber Security Tips IT professionals
![Page 79: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/79.jpg)
![Page 80: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/80.jpg)
![Page 81: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/81.jpg)
Know when it’s appropriate to call for help with security/responseHave an expert on retainer
BackupsConduct them but also test them
Explore regular penetration testing to test your security controls
General Cyber Security Tips IT professionals
![Page 82: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/82.jpg)
Sona Makker, CIPP/US
Claire Gartland
Facebook, Privacy and Public Policy
![Page 83: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/83.jpg)
![Page 84: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/84.jpg)
Privacy Best Practices
Claire Gartland & Sona Makker
Facebook Privacy and Public Policy Team
![Page 85: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/85.jpg)
PRIVACY it's good for business
![Page 86: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/86.jpg)
knowledge
control
security
![Page 87: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/87.jpg)
5 Practical Tips for Getting Privacy Right
![Page 88: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/88.jpg)
#1Designate a "Privacy Advocate"
![Page 89: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/89.jpg)
#2Conduct a Data Audit
![Page 90: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/90.jpg)
understand the
Who? What? When? Where?
Why? How?of your data practices
![Page 91: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/91.jpg)
#3Build Trust Through Transparency
![Page 92: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/92.jpg)
give people the right information at the right time to make the choices that are
right for them
![Page 93: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/93.jpg)
![Page 94: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/94.jpg)
Avoiding surprisesMake sure people understand the audience they’re posting to.
![Page 95: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/95.jpg)
#4Protect What You Collect
![Page 96: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/96.jpg)
put users in control
respect expectations
be proactive, not reactive
Privacy by Design
![Page 97: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/97.jpg)
![Page 98: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/98.jpg)
#5Create a Culture of Privacy
![Page 99: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/99.jpg)
Privacy by Design in Practice
![Page 100: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/100.jpg)
The scenario
Your company is developing "LeafSpotter"—a mobile app to crowdsourceleaf peeping locations
Leaf Spotter
![Page 101: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/101.jpg)
Your TaskDesign the privacy interface for Leaf SpotterIntroduce users to features in a way that’s usable, intuitive, and simple
![Page 102: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/102.jpg)
Considerationswho are your users?
what do people expect?what data do you collect?
be transparent. avoid surprises.
give people control.
![Page 103: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/103.jpg)
Leaf Spotter Data Flowprivacy considerations
who can see mybio?
who can see my posts?does this use my location?
is this public on Leaf Spotter?
![Page 104: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/104.jpg)
Discussion1. What were some of the challenges?
2. How can you implement privacy best practices to build trust for your business?
![Page 105: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/105.jpg)
Thank you!
![Page 106: Today’s presenters › sites › default › files › Consumer... · 20.10.2017 · Watch Out For Portable Data: ... Other Warning Signs of Fraud ... Our job is to manage Security](https://reader035.vdocuments.net/reader035/viewer/2022081612/5f0ff7977e708231d446c73e/html5/thumbnails/106.jpg)