River Run Computers Team
Paul Riedl, Jr. - CEO
Paul Riedl, Jr. is a founding member of River Run Computers that started in March of 1993. In the early years at River Run, he took on the position of Sales Manager and assumed responsibility for developing River Run's sales staff and marketing efforts. In 1998, he took over as the CEO of River Run and since that time, him and his business partner, Joe Skotarzak have grown the
company into a successful IT Firm servicing clients throughout the Southeast Milwaukee area to keep them up and running.
Bob Marx - CIO Consultant
Bob is a licensed engineer who has owned and operated 3 companies. He has been intimately involved in the evolution, implementation, and maintenance of Information Technologies, so he understands both the struggles of ownership and the challenges small and medium size enterprises face in the IT space.
Today, Bob leads River Run Computers Consulting Department, filling the gap between their client’s questions and their proficient staff of engineers and support personnel.
• River Run Computers is an IT Managed Services Firm specializing in support of small and mid-sized organizations. Founded in 1993, we currently have a staff 57 employees that include skilled and certified Engineers, Sales & Marketing Professionals and experienced Operations Professionals.
• River Run has been rewarded with MMAC’s Future 50 Award, the Bravo Award, the Fastest Growing Firms award as well as the Top Workplace in Southeastern Wisconsin in 2014.
• Vision: To become the most sought after Managed Services Firm, partnering with our clients in order to maximize the positive effects technology has on their organization.
• Focus:
Network design, maintenance, and administration. Advisory and consulting services
Application Training and software support
• Featured Services:
Scheduled Visit Program (RSVP)
Backup and Offsite Storage Solution (BOSS) Support Desk
CIO Services
Network Security Reviews and Solutions
•
Introduction
•
Cyber Security Breaches In the News
•
Cyber “Gold/Bounty” and associated costs
•
The True Cyber Offenders
•
Cyber Security Vulnerabilities
•
Workplace Trends Affecting Cyber Security
•
Practical Actions, Behaviors, and Services
•
Questions and Answers
In the News
Source: Forbes.com
Target Credit Card Breach
• 70 million credit and debit cards stolen from Target between Nov. 27 and Dec. 15, 2013.
• $200 million – Estimated cost to credit unions and community banks for reissuing 21.8 million cards
• $100 million Target will spend upgrading their payment terminals.
Krepsonsecurity.com
Home Depot Credit Card Breach
• 56 million debit and credit card numbers
• $33 million on costs to repair
Jimmy John’s Security Breach
• 216 stores affected June-Sept 2014
JP Morgan/Chase Data Breach
• 76 million households & 7 million small businesses affected
• $250 million for security improvements
to protect accounts.
Sony Data Hack
• Trade Secrets & Product Development • 6500 Employees Affected
• HOW? They stole a single password that belonged to a high-level IT worker at Sony. • $35 million in IT repairs
Attacks on the U.S. Government
18 Million Affected at U.S. Government - Office of Personnel Management
CNN, 2015
Russian Hackers Breach White House through State Department
CNN, 2015
Security Problems at NSA.
Edward Snowden-leaked top secret information about NSA surveillance activities
Cyber Criminals will…
Cyber Criminals Steal Company Data Destroy Data Store their data Steal Services Hold Data for Ransom Tarnish ReputationsCyber Criminals Gold
Personal Information
•
Names
•
Social Security numbers
•
Birth dates
•
Passwords
•
Personal connections
•
Medical History
•
Credit Card information
& expiration dates
Business Information
•
Employee information
•
Confidential records
•
Financial information
•
Proprietary
Info/Formulas
Costs of Security Breaches
Example costs of data breaches by IBM & Ponemon Institute
• Reputation of company
• Sales – client relationships (trust) • Loss of employees
• Missed deadlines • Loss of clients • Fines & penalties
• Loss of time to resolve
Additional damaging effects of breach
Direct Costs:
• Engaging forensic experts,
• Outsourcing hotline support,
• Providing free credit monitoring subscriptions
• Discounts for future products & services Indirect Costs:
• In-house investigation & communication
• Value of customer loss resulting from turnover or diminished customer acquisition rates.
Indirect Costs + Direct costs = average cost of data breaches
Average for a US company data breach:
Cyber Security Breaches
• Over 666,000 internal
security breaches took place in US businesses in the last 12 months
• 55% of insider misuse came from privilege
abuse-employees abusing the access they were entrusted with.
•$445 billion annual cost to the world economy.
• Over 348 million identities were exposed in 2014
• Ransomware saw an explosive 113% growth over last year
• 317 new pieces of malware were created in 2014
Internal Breaches
External Breaches
Source: Internet Security Threat Report 2015
JOHN GORDON BADEN
• He is on the FBI most wanted cyber criminals list for stealing the identities of 40,000 people and then using the stolen info to
siphon funds from their brokerage or bank accounts & purchasing expensive electronic items using their credit. • The losses are estimated to be in the millions of dollars. • He was recently arrested in Mexico
You and Your Employees!
Cyber Access Points
HACKERS
Malware/Downloads Weak Passwords
Unsecured Wireless Access Targeted Attacks (IP Spoofing) Open/Vulnerable Firewall Ports Lost or Stolen Equipment
Smart Phones or Tablets Weak Access Control Lists Non IT centric systems
Cyber Attack Methods
• Botnet
- a network of software robots, or bots, that automatically
spread malware
• Fast Flux
- moving data quickly among the computers in a botnet to make it
difficult to trace the source of malware or phishing websites
• Zombie Computer
- a computer that has been hacked into and is used to
launch malicious attacks or to become part of a botnet
• Social Engineering
- using lies and manipulation to trick people into
revealing their personal information.
Phishing is defrauding an online
account holder of financial information by posing as a legitimate
company.
• Denial-of-Service
(DOS) attacks - flooding a network or server with traffic in
order to make it unavailable to its users
• Skimmers
- Devices that steal credit card information when the card is
swiped through them.
How do they gain access?
Unsecured documents? Unsecured passwords?
Unsecured reception area? Unsecured dumpsters?
1
2
3
Stop Cyber Criminals!
HACKERS
Spam/Downloads/Popups
Weak Passwords
Unsecured Wireless Access Targeted Attacks (IP Spoofing) Open/Vulnerable Firewall Ports
Lost or Stolen Equipment
Smart Phones or Tablets Weak Access Control Lists
•
Physical Security
•
Strong passwords –
changed frequently
•
Encryption (Data & Email)
•
Anti-virus/Spam software
•
Access control lists
•
Real-time Monitoring
•
Firewall with Intrusion
Detection
•
Maintenance & patching
•
Educate End Users
•
Shred documents
•
Audit and Test
Security Statistics
•
27%
of IT professionals work for a company that does not have security policies. • Only39%
are confident in their organization’s ability to defend against cyber attacks. • Only31%
of security professionals surveyed believe their senior leadership views ITsecurity as a priority.
Business Trends
• Bring your own devices: smart phones • Company growth
• Changes in the workforce (Gen X/Y/V/M/C)
• Outsourced business processes • Big data explosion
With Company growth, comes
Underdeveloped Operational Infrastructure & Processes More access to data Technology usage Lack of security training Fast paced•
Consistent knowledge of what assets exist, where
they reside, what they are providing you.
Critical Security Objectives
Visibility
Strong Access Control
•
Effective layered controls enabling authorized
access and denial.
Enforced IT Governance
•
Day to day management of technologies and
processes to ensure security and compliance.
•
Continuous detection and elimination of issues that
exploit weaknesses.
Critical Security Objectives
Vulnerability and Compromise Monitoring
Data Protection
•
Encryption of critical data while stored and in use or
transfer.
•
What can you afford to lose?
•
Where do attacks come from?
•
Where is your data stored?
•
How accessible does your data need to be?
•
How does data travel within your organization?
•
How secure do you need and want to be?
•
What are you willing to invest in time and money?
Determining network security needs
• Secured and managed wireless access • Secured server room
• System wide Antivirus and SPAM system
• Individual Passwords for network and application login
• Secured and managed Firewall • Regular maintenance and updates
• Do not plug anything into the network that is not approved by the network administrator first!
• Be aware of where you are on the Internet • Be aware of who is around you
• Be aware of what you leave on your desk • Be aware of who uses your equipment
• Watch for alerts from your network administrator • Review icons at the bottom of your screen
• If support members need to log in as you log them in or change the password for them and then change it after work is done.
• Never share your password with anyone else. • Change Passwords on a regular basis.
• Do not put passwords anywhere near or on your desk.
• Use different passwords for your network login and for your applications or online services.
• Passwords need to be a minimum of 8 characters and should include letters, numbers and symbols
• Choose a favorite saying or song lyric or something you remember easily.
• Example: “Once upon a midnight dreary, while I
pondered, weak and weary.”
• Take initial Letters, “OUAMDWIPWAW” • Add symbols, substitutions, and capitals • Results: “
1uamd-Wipw&w
”• Choose between:
• Capturing automatically • Stand alone reference
• Choose a Master Key Carefully, Secure it. • Consider two factor authentication
• Something you know (Password)
• Something you have (device, fingerprint, USB drive) • Choose one of the better, more secure options
• KeePass, Kaspersky Password Manager, LastPass • 1Password, RoboForm
• When in public places – be aware of “Free” WIFI Access. • Confirm you are on the correct Wireless Access Point. • Within the office is safest
• Use your own hotspot where questionable. • Avoid accessing highly sensitive info
• Watch for onlookers or shoulder surfers.
• If traveling internationally restrict access or confirm access is completely secured.
• When in doubt – ASK and plan ahead!!
• Plan trips and other activities at home • Download from certified/approved sites
only
• Only go to sites you know are secure
• Clear out cookies on a daily basis
• Fill online forms in only when you have to • Confirm Antivirus is activated and updated • Log out of sites properly
• When in doubt ask!!
• Confirm broadcast or group lists are current • Avoid emailing personal information
• Do not open emails from senders you do not recognize
• Do not rely on opt-out or unsubscribe emails • Use encryption if available
• Avoid clicking on unknown links • Confess if you did click.
• When in doubt ask!!
• Ransomware is predominantly found on suspicious websites or email
• Caught through stealth download or through a user clicking on an infected advert.
• Messages are evolving over time. Cybercriminals use different hooks to defraud innocent users (social
engineering).
• Many are now using law enforcement or “Official Looking logos.
• Even if a person does pay the ransom, the
cybercriminals often do not restore functionality. • The only reliable way to restore functionality is to
remove the malware.
Safe Emailing Tips - Ransomware
“This operating system has been locked for security reasons.”
“You have browsed illicit material and must pay a fine.”
• Have and teach good IT policies and practices. • Restrict browsing. Or use of email for personal use. • Use Web Content and Email Spam Filtering
• Have most current security software (definitions) installed.
• Make sure all the software on your system is up to date.
• Suspect email from “Official Sounding Sources”
• Think twice about clicking within emails or “fringe” sites • Have multiple copies of your most important data.
• Pay attention of warning signs from your system • System running slowly
• Start up take more time than usual • Warning boxes
• Offers that are too good to be true – (They are!!) • Unsolicited or surprise emails
• “All you need to do is click here” messages • Any email asking for your personal information • Increase in spam emails
• If using a machine at home to access the office: • Avoid using after an amazing gaming session • Confirm AV is running on the system and up to
date
• Be careful forwarding personal email to the office
• Report anything out of the normal operation levels.
• Limit the services running on the office system • No Music
• Limit your use of personal devices to the “Guest” wifi.
• Log off your system at the end of the day
• Screen saver activated after 5 minutes of no use. • Wipe old phones/computers
• Password protect all mobile devices • Shred – Shred – Shred –documents
HOW WE HELP!
MAINTENANCE• River Run offers network maintenance and management to protect your data SECURE BACK-UPS
• Offsite backup solutions providing Disaster Recovery and Business Continuity FILTERS
• Email filtering and spam protection designed to prevent internal viruses
VULNERABILITY TESTING
• River Run provides vulnerability testing and security audits
NETWORK AUDITS
• We can review your network and determine potential risks
IT Governance
• Helping to establish company policies, best practices, and employee compliance.
River Run Computers – We keep you up and running!
Questions?
For more information on how River Run Computers can assist in with your IT services, give us a call.
