27 Tips & Insights from the Knoxville Cyber Security Summit

2014 was a linchpin year for the topic of cyber-security. Significant breaches and increased regulation have propelled it to the forefront of every thoughtful business leader’s mind.

Last week, several companies with a strategic commitment to data privacy and cyber security came together to host the “2015 Knoxville Cyber Summit”. The five speakers covered a range of relevant topics:

• Companies’ privacy and security obligations
• Cyber-security insurance
• Information security programs
• Information technology protection strategies
• Identity theft protection

Out of the wealth of helpful, actionable tips during the half-day event, we have pulled 27 of the most helpful security tips and insights.

Eric Setterlund – Associate, Baker Donelson

“Why All This Matters: Understanding Your Company’s Privacy and Security Obligations”

1. Question: What is Privacy and Security?
   Answer: Privacy is the confidentiality of information. Security is the means of making that information confidential.
2. A data breach is an unauthorized disclosure or unauthorized use of information. This could be inside the organization or outside.
3. The main culprit for data breaches is internal. It’s smart people doing silly things.
4. Privacy and security is achieved with comprehensive privacy and security programs. Security and privacy must be a key component of the company culture, and it must come from the top-down.
5. Understanding your risk. Risk = Threats x Vulnerabilities x Expected Loss
6. How do you handle risk? Mitigate, transfer or accept it.
   

   Hunter Maskill – VP & Regional Underwriting Manager, AIG

   “Cyber Claims and the Rising Cost”

7. Data security is not just an IT Problem, it’s a personnel problem
8. The average data breach costs $195 per record
9. With safeguards in place, the cost-per-record goes down
10. 85% of the time a business has been hacked, there has been a patch available for 18+ months that could have fixed the vulnerability
11. When you store credit card data ask yourself, “Do I have a legitimate business need to keep this information?” If not, get rid of it.
    

    Bill Dean – Director of Security Assessments and Computer Forensics, Sword & Shield Enterprise Security

    “The Real Purpose of Your Information Security Program”

12. You’re not protecting devices. You’re protecting your brand, your cash, your confidential information, customer information, etc.
13. The primary security threats come from Hacktivists, Insiders, Russia and China.
14. Russia wants our money. China wants our Intellectual Property and secrets.
15. People are the primary vulnerabilities. Test them.
16. If it’s mobile, encrypt it.
17. Perform security/risk assessments.
18. The 4th email sent in phishing scams have a 60% success rate.
19. You can’t patch people. You have to train them.
    

    Aaron Sherrill – CTO, Claris Networks

    “Protecting Against the Known and Unknown”

20. Fact or Fiction? “No one would want to hack us. We don’t have anything worth taking.” – FICTION
21. Fact or Fiction? “Security is mainly a technology issue.” – FICTION
22. Remember PEBCAK: Problem Exists Between Computer and Keyboard (ie: the user!)What can I do to be more secure?
23. Train your end users. Training your end users can reduce security risk by as much as 60%
24. Have (and enforce) password policies
25. Ensure former employees’ and vendors’ accounts have been disabled
26. Patch management: Not updating your Malware is the same as not having it.
27. Deploy a multi-layer technology approach
    • Anti-Spam
    • Web Filtering
    • Intrusion Detection & Prevention
    • Antivirus
    • Application Control/IP Reputation

Security has gone from an interesting headline reserved for massive businesses and world governments to a top-of-mind concern for the small and medium sized business leader.  As a result, the discussions are no longer simply “Can I use technology to do this?” They are now, “How can I keep my data secure while we do it?”

Want more information on any of the topics represented here? Click here to reach out to us.

The post 27 Tips & Insights from the Knoxville Cyber Security Summit appeared first on Claris Networks - IT Support Company | Knoxville Chattanooga | Information Technology Services | Consulting | Cloud Computing | Hosting | EMR Solutions.