SlideShare a Scribd company logo

I’ve been hacked  the essential steps to take next

Download as PPTX, PDF
Brian Pichman
Brian Pichman

It happens. A place you shop at frequently gets its data stolen. Someone was able to get access to one of your accounts. Or a system you manage gets compromised. No matter how the data breach happened, it is important be prepared ahead of time before the worst happens. Join Brian Pichman as he helps you put a proactive plan in place and what to do after you or your organization has been hacked. Attendees will walk away from this webinar with a toolbox for their library and to use to educate their users.

Technology
1 of 37
I’ve Been Hacked The Essential Steps to Take Next BRIAN PICHMAN | EVOLVE PROJECT
 It happens. A place you shop at frequently gets its data stolen. Someone was able to get access to one of your accounts. Or a system you manage gets compromised. No matter how the data breach happened, it is important be prepared ahead of time before the worst happens. Join Brian Pichman as he helps you put a proactive plan in place and what to do after you or your organization has been hacked. Attendees will walk away from this webinar with a toolbox for their library and to use to educate their users.
Myths  I’m not worth being attacked.  Hackers won’t guess my password.  I have anti-virus software.  I’ll know if I been compromised.
Understanding Breaches and Hacks  A hack involves a person or group to gain authorized access to a protected computer or network  A breach typically indicates a release of confidential data (including those done by accident)  Both of these require different responses if breaches/hacks occur.
Examples of Hacks/Breaches  An employee/family member allows a hacker to access their machine through:  Email Attachments  Social Engineering  Walking away from their computer unattended  An employee/family member sends information to someone thinking they are someone else  “Hi, I’m the CFO assistant, he needs me to collect all the W2s”  Or more intrusive –  There is an attack on a database or server that then allowed a hacker in (SQL Injection)  There is a brute force attack or someone guessed the password on a key admin account, on servers/networks, etc.
The Costs Of Breaches  This year’s study found the average consolidated total cost of a data breach grew from $3.8 million to $4 million. The study also reports that the average cost incurred for each lost or stolen record containing sensitive and confidential information increased from $154 to $158 [IBM 2016 http://www-03.ibm.com/security/data-breach/]  Data Breached Companies Experience…  People loose faith in your brand  Loss in patrons  Financial Costs  Government Requirements, Penalties, Fees, etc.  Sending of Notifications  Payment of Identity Protection or repercussions. https://betanews.com/2016/02/10/the-economic-cost-of-being-hacked/
Agenda  What you (as a library) should do if you’re hacked or compromised*  What you (as a person) should do if you’re hacked or compromised.  Protecting yourself from future attacks *Always seek legal advice before moving forward on any action – from how you communicate to what parties you involve during a breach.
You as a Library - Obligations  You are obligated to protect the data and privacy of:  Employees  Patrons  Business Partners/Vendors/Etc.  Sometimes, we forget we house a lotof personal and identifying information about our employees and patrons.  Employees Social/Payroll/HR  Patron Records/Accounts/Catalog History(?)  What employees/patrons are accessing on the web  A sniffing tool, key logger, or fake DNS redirects can monitor not only the sites people are accessing but what they use for their username / password
Steps – Communication and Speed!  Communicate  People will ask “How long did you know XYZ happened” before communicating to them an attack occurred.  If you discover a breach, hack, or any other compromise that may have the impact of data being stolen or viewed, you MUST communicate quickly and effectively.  While every scenario is different and has different factors – groups that move faster with the information they know (as soon as they know it) they are generally better off long term (ie don’t’ wait months as you “investigate” the issue. Give people time to protect themselves)  Don’t over communicate and have one spokesperson  Be clear and concise. Too many details can be harmful.
Other Points on Communication  Once you know a breach has occurred, by law you are required to inform customers if their data has been compromised.  Some states have deadlines of when the announcement has to be made  Every impacted person must be told that a data breach has occurred, when it occurred, and what kind of information was compromised.  Answer: what are you doing to provide a remedy and should they do  (next slide)
what are you doing to provide a remedy and should they do You as the Library  Build a website with information about the breach  Offer a Toll Free number people to call in for questions  If the possibility of social information provide contact information for Equifax, Experian and Transunion, and the quick links for fraud protection. Them as Impacted Parties  Fraud Protection (if necessary)  Request them to change their passwords if their password was compromised  Highlight if they use this password on OTHER sites to change those passwords too
Step 2 - Investigate  You will most likely need to hire an outside cyber security firm – they have the tools and resources to track what might have been stolen and who stole it.  Solve which computers and accounts were compromised, which data was accessed (viewed) or stolen (copied) and whether any other parties – such as clients, customers, business partners, users, employees. Was the stolen data encrypted or unencrypted?  Also involve folks from the people you pay for services (depending on where the breach occurred) such as ISPs, Web Hosting Providers, Security Software, Firewall Vendors, etc.  Contact your local, county or state police computer crimes unit and the FBI, which can do forensic analyses and provide valuable guidance
Step 3 – More Communication and Follow Up  If you notify more than 500 impacted people from a breach, many states will also require you to file a notice with your state attorney general’s office.  HIPPA, FERPA, CIPA, and all those other scary acronyms have requirements and regulations – make sure none of those rules are violated.
Step 4 Solve It  Through the investigation and hiring of consultants and engagement of local/state/federal groups – find out what happened and how to prevent it from happening again  Removing infected computers or servers (if it was from a virus/malware)  Consider reformatting hacked computers and restoring data with clean backups or replacements  Removing access from the outside world to your network (or specific applications)  If the breach occurred because of non patch system or software – patch it, then put a policy in place to check patches.  If the breach was done through a stolen or weak passwords, secure those accounts and set new, complex passwords that will be hard to crack.  Communicate the resolution and promise to the users impacted
Repercussions  Depending on the severity of the hack and type of hack you may:  Need to pay a fine/penalty from a governing body if it was because of lack of security or no reasonable efforts to defend users data  Pay for identity protection for those impacted users (usually at least a year)  Pay a settlement
Moving Forward / Preventon  Make sure your security defenses are running properly and that data is being backed up securely.  You should run activity logs and tracking on all network devices and public facing servers. These logs should be checked and monitored for unwanted access or sudden activity.  Follow up with vendors to see what they are doing to protect your/their data – and share with customers best practices for their own security (like strong passwords).  Create a disaster recovery plan and train employees so everyone can respond quickly and calmly if they know of an attack or see something that could be indicative of being attacked.
cyber-insurance  Policies can be purchased from most major insurance carriers for between $5,000 and $10,000 per $1 million in protection.  Policies will generally cover:  Legal Fees  Forensic Fees  Costs for providing customer credit monitoring for those impacted  Any court costs related to civil litigation and class actions.  Some policies include access to portals/support so if and when an attack occurs, you can get guidance and support on what to do.
Training for Staff  Not installing software on the machine  You could put secure rules in place to prevent installations  Not opening attachments or clicking on links from senders you don’t recognize.  Teach staff that IT support will only email communications in a specific template from a specific address. Any other emailing claiming to be “IT” isn’t them.  Have staff either take an assessment after training and/or sign a document agreeing to practice best practices for security.  Checking Non-Work Related Functions (like emails) – caution users from accessing personal email or personal information while at work – as the IT team will not be monitoring that email for malicious messages.
You – As A Person (If Infected Machine)  If you think you infected your machine (through an email, virus, etc)  Disconnect it from the internet.  Immediately shut down the computer  If you notice an odd message take a photo first so an IT person (or you) could do more research  You can remove your drive from your computer and using another computer (that’s not network connected) run scans on the drive.  Depending on the severity – you may need to wipe your computer.  If this is a work computer – always inform IT Security or IT. They rather have a false alarm than an actual issue leak to the entire organization.
If Your Email Got HiJacked  If its your personal email  Send an email to all your contacts letting them know (if a fake message was sent out) that it wasn’t you who sent the message and to delete it.  Change your email password.  Google will tell you what sites you have connected your Google Account too:  https://myaccount.google.com/intro/secureaccount  If it’s your work email  Inform IT / Security – and ask them the best course of action.
You Heard Of A Breach  Change Your Passwords!!  And I’m hoping you don’t use the same password for all your accounts  Do some investigatory work of your own  Do you use this username on other systems?  Check to see if other sites you use have you logging in when you haven’t  Many websites allow you to get an audit of when and where you’ve logged in. Contact those sites support pages for details.
Tips N Tricks
Your Library  Administrative Accounts are easy to figure out if they are something like “administrator” ”root” or “power users”. At the same time, no employee should have their account as a full admin.  Instead, give them their own username for admin access (like brian.admin)  Change the default “login” pages for sites to something that’s not www.mysitename.com/login. Bots look for this and attack.  My Drupal Site login page is www.evolveproject.org/catpower  User Awareness is key to any secure organization. Teach users how to identify potential threats and how to respond quickly.  Avoid shared accounts. One account should only be used by one person.
You  Sites to protect yourself all the time (not free)  IdentiyGuard.com  LifeLock.com  Sites to monitor when breached data gets related (this is free)  Haveibeenpwned.com  Password Management Sites (like lastpass.com)  Don’t have the same password for all your sites.  Don’t write your passwords down on a post-it-note and leave it at your desk
Dual Factor Authentication  After logging in; verify login via Email, SMS, or an app with a code.
Credit Card Tools for Online Shopping  Check out Privacy.Com  https://privacy.com/join/473XB shameless plug
Contact Me!  Brian Pichman  Bpichman@evolveproject.org  Twitter: @bpichman

Recommended

Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Don Grauel
 
The Legal Aspects of Cyberspace
The Legal Aspects of CyberspaceThe Legal Aspects of Cyberspace
The Legal Aspects of Cyberspacetimmcguinness
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1NetWatcher
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentationashishjoshi
 
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model RulesData Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model Rulessaurnou
 
3.6 legislation and regulations
3.6 legislation and regulations3.6 legislation and regulations
3.6 legislation and regulationsmrmwood
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber InsuranceHB Litigation Conferences
 

Recommended

Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Don Grauel
 
The Legal Aspects of Cyberspace
The Legal Aspects of CyberspaceThe Legal Aspects of Cyberspace
The Legal Aspects of Cyberspacetimmcguinness
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1NetWatcher
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentationashishjoshi
 
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model RulesData Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model Rulessaurnou
 
3.6 legislation and regulations
3.6 legislation and regulations3.6 legislation and regulations
3.6 legislation and regulationsmrmwood
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber InsuranceHB Litigation Conferences
 
MA Privacy Law
MA Privacy LawMA Privacy Law
MA Privacy Lawtravismd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWPICPE
 
Data breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundationData breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundationBradley Arant Boult Cummings LLP
 
Managing and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesManaging and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesIISPEastMids
 
Webinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWebinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWithum
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?CBIZ, Inc.
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackMekhi Da ‘Quay Daniels
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response PlanThomas Christopher Ty
 
Threats
ThreatsThreats
ThreatsLarry Nelson
 
Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Lawguest8b10a3
 
Cyber Liability - Insurance Risk Management and Preparation
Cyber Liability - Insurance Risk Management and PreparationCyber Liability - Insurance Risk Management and Preparation
Cyber Liability - Insurance Risk Management and PreparationEric Reehl
 
Dlp notes
Dlp notesDlp notes
Dlp notesanuepcet
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threatzhihaochen
 
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01Donna Koger
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentationBradford Bach
 
20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet LawKlemchuk LLP
 
Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...Enterprise Management Associates
 
I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextBrian Pichman
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...cyberprosocial
 

More Related Content

What's hot

MA Privacy Law
MA Privacy LawMA Privacy Law
MA Privacy Lawtravismd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWPICPE
 
Managing and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesManaging and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesIISPEastMids
 
Webinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWebinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWithum
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?CBIZ, Inc.
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackMekhi Da ‘Quay Daniels
 
Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Lawguest8b10a3
 
Cyber Liability - Insurance Risk Management and Preparation
Cyber Liability - Insurance Risk Management and PreparationCyber Liability - Insurance Risk Management and Preparation
Cyber Liability - Insurance Risk Management and PreparationEric Reehl
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threatzhihaochen
 
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01Donna Koger
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentationBradford Bach
 
20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet LawKlemchuk LLP
 
Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...Enterprise Management Associates
 

What's hot (20)

MA Privacy Law
MA Privacy LawMA Privacy Law
MA Privacy Law
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentation
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
 
Data breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundationData breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundation
 
Managing and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesManaging and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policies
 
Webinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWebinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the Trenches
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response Plan
 
Threats
ThreatsThreats
Threats
 
Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Law
 
Cyber Liability - Insurance Risk Management and Preparation
Cyber Liability - Insurance Risk Management and PreparationCyber Liability - Insurance Risk Management and Preparation
Cyber Liability - Insurance Risk Management and Preparation
 
Dlp notes
Dlp notesDlp notes
Dlp notes
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
 
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentation
 
20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law
 
Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...
 

Similar to I’ve been hacked  the essential steps to take next

I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextBrian Pichman
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...cyberprosocial
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guideMark Bennett
 
12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)Patrick Garrett
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small BusinessesWilkins Consulting, LLC
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingmentAswani34
 
Replies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docxReplies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docxsodhi3
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach SecurityMetrics
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4stevemeltzer
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4stevemeltzer
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4stevemeltzer
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end usersNetWatcher
 
Data Breach Response: A Guide for Business
Data Breach Response: A Guide for BusinessData Breach Response: A Guide for Business
Data Breach Response: A Guide for Business- Mark - Fullbright
 
FBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from RansomwareFBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from RansomwareDavid Sweigert
 
Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.jayceewong1
 
The New Massachusetts Privacy Rules (February 2, 2010)
The New Massachusetts Privacy Rules (February 2, 2010)The New Massachusetts Privacy Rules (February 2, 2010)
The New Massachusetts Privacy Rules (February 2, 2010)stevemeltzer
 

Similar to I’ve been hacked  the essential steps to take next (20)

I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take Next
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guide
 
12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingment
 
Replies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docxReplies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docx
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
CYBER ATTACK RECOVERY GUIDE
CYBER ATTACK RECOVERY GUIDECYBER ATTACK RECOVERY GUIDE
CYBER ATTACK RECOVERY GUIDE
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end users
 
Data Breach Response: A Guide for Business
Data Breach Response: A Guide for BusinessData Breach Response: A Guide for Business
Data Breach Response: A Guide for Business
 
FBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from RansomwareFBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from Ransomware
 
Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.
 
cybersecurity-101_4
cybersecurity-101_4cybersecurity-101_4
cybersecurity-101_4
 
The New Massachusetts Privacy Rules (February 2, 2010)
The New Massachusetts Privacy Rules (February 2, 2010)The New Massachusetts Privacy Rules (February 2, 2010)
The New Massachusetts Privacy Rules (February 2, 2010)
 

More from Brian Pichman

AI Coding, Tools for Building AI (TBLC AI Conference)
AI Coding, Tools for Building AI (TBLC AI Conference)AI Coding, Tools for Building AI (TBLC AI Conference)
AI Coding, Tools for Building AI (TBLC AI Conference)Brian Pichman
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024Brian Pichman
 
Community Health & Welfare: Seniors & Memory Care
Community Health & Welfare: Seniors & Memory CareCommunity Health & Welfare: Seniors & Memory Care
Community Health & Welfare: Seniors & Memory CareBrian Pichman
 
Robotics in Libraries - Education and Automation
Robotics in Libraries - Education and AutomationRobotics in Libraries - Education and Automation
Robotics in Libraries - Education and AutomationBrian Pichman
 
NCompass Live - Pretty Sweet Tech - Evolve Project
NCompass Live - Pretty Sweet Tech - Evolve ProjectNCompass Live - Pretty Sweet Tech - Evolve Project
NCompass Live - Pretty Sweet Tech - Evolve ProjectBrian Pichman
 
AI tools in Scholarly Research and Publishing
AI tools in Scholarly Research and PublishingAI tools in Scholarly Research and Publishing
AI tools in Scholarly Research and PublishingBrian Pichman
 
Tech Trends 2024 and Beyond - AI and VR and MOre
Tech Trends 2024 and Beyond - AI and VR and MOreTech Trends 2024 and Beyond - AI and VR and MOre
Tech Trends 2024 and Beyond - AI and VR and MOreBrian Pichman
 
Content Creation and Social Media Tools for Libraries
Content Creation and Social Media Tools for LibrariesContent Creation and Social Media Tools for Libraries
Content Creation and Social Media Tools for LibrariesBrian Pichman
 
Artificial Intelligence (AI) – Powering Data and Conversations.pptx
Artificial Intelligence (AI) – Powering Data and Conversations.pptxArtificial Intelligence (AI) – Powering Data and Conversations.pptx
Artificial Intelligence (AI) – Powering Data and Conversations.pptxBrian Pichman
 
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleCybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleBrian Pichman
 
NCompass Live: AI: The Modern Day Pandora's Box
NCompass Live: AI: The Modern Day Pandora's BoxNCompass Live: AI: The Modern Day Pandora's Box
NCompass Live: AI: The Modern Day Pandora's BoxBrian Pichman
 
Lets Chat AI - and Not Just ChatGPT
Lets Chat AI - and Not Just ChatGPTLets Chat AI - and Not Just ChatGPT
Lets Chat AI - and Not Just ChatGPTBrian Pichman
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupBrian Pichman
 
Lets Chat AI – And Not Just ChatGPT
Lets Chat AI – And Not Just ChatGPTLets Chat AI – And Not Just ChatGPT
Lets Chat AI – And Not Just ChatGPTBrian Pichman
 
STEM Programming Ideas at the Library.pdf
STEM Programming Ideas at the Library.pdfSTEM Programming Ideas at the Library.pdf
STEM Programming Ideas at the Library.pdfBrian Pichman
 
Getting Started With Using AI In Libraries (PLAN)
Getting Started With Using AI In Libraries (PLAN)Getting Started With Using AI In Libraries (PLAN)
Getting Started With Using AI In Libraries (PLAN)Brian Pichman
 

More from Brian Pichman (20)

AI Coding, Tools for Building AI (TBLC AI Conference)
AI Coding, Tools for Building AI (TBLC AI Conference)AI Coding, Tools for Building AI (TBLC AI Conference)
AI Coding, Tools for Building AI (TBLC AI Conference)
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024
 
Community Health & Welfare: Seniors & Memory Care
Community Health & Welfare: Seniors & Memory CareCommunity Health & Welfare: Seniors & Memory Care
Community Health & Welfare: Seniors & Memory Care
 
Robotics in Libraries - Education and Automation
Robotics in Libraries - Education and AutomationRobotics in Libraries - Education and Automation
Robotics in Libraries - Education and Automation
 
NCompass Live - Pretty Sweet Tech - Evolve Project
NCompass Live - Pretty Sweet Tech - Evolve ProjectNCompass Live - Pretty Sweet Tech - Evolve Project
NCompass Live - Pretty Sweet Tech - Evolve Project
 
AI tools in Scholarly Research and Publishing
AI tools in Scholarly Research and PublishingAI tools in Scholarly Research and Publishing
AI tools in Scholarly Research and Publishing
 
Tech Trends 2024 and Beyond - AI and VR and MOre
Tech Trends 2024 and Beyond - AI and VR and MOreTech Trends 2024 and Beyond - AI and VR and MOre
Tech Trends 2024 and Beyond - AI and VR and MOre
 
Content Creation and Social Media Tools for Libraries
Content Creation and Social Media Tools for LibrariesContent Creation and Social Media Tools for Libraries
Content Creation and Social Media Tools for Libraries
 
Artificial Intelligence (AI) – Powering Data and Conversations.pptx
Artificial Intelligence (AI) – Powering Data and Conversations.pptxArtificial Intelligence (AI) – Powering Data and Conversations.pptx
Artificial Intelligence (AI) – Powering Data and Conversations.pptx
 
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleCybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
 
40 Day Challenge
40 Day Challenge40 Day Challenge
40 Day Challenge
 
NCompass Live: AI: The Modern Day Pandora's Box
NCompass Live: AI: The Modern Day Pandora's BoxNCompass Live: AI: The Modern Day Pandora's Box
NCompass Live: AI: The Modern Day Pandora's Box
 
Lets Chat AI - and Not Just ChatGPT
Lets Chat AI - and Not Just ChatGPTLets Chat AI - and Not Just ChatGPT
Lets Chat AI - and Not Just ChatGPT
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library Setup
 
CES 2023
CES 2023CES 2023
CES 2023
 
Lets Chat AI – And Not Just ChatGPT
Lets Chat AI – And Not Just ChatGPTLets Chat AI – And Not Just ChatGPT
Lets Chat AI – And Not Just ChatGPT
 
STEM Programming Ideas at the Library.pdf
STEM Programming Ideas at the Library.pdfSTEM Programming Ideas at the Library.pdf
STEM Programming Ideas at the Library.pdf
 
Getting Started With Using AI In Libraries (PLAN)
Getting Started With Using AI In Libraries (PLAN)Getting Started With Using AI In Libraries (PLAN)
Getting Started With Using AI In Libraries (PLAN)
 

Recently uploaded

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 

Recently uploaded (20)

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 

I’ve been hacked  the essential steps to take next

  • 1. I’ve Been Hacked The Essential Steps to Take Next BRIAN PICHMAN | EVOLVE PROJECT
  • 2.  It happens. A place you shop at frequently gets its data stolen. Someone was able to get access to one of your accounts. Or a system you manage gets compromised. No matter how the data breach happened, it is important be prepared ahead of time before the worst happens. Join Brian Pichman as he helps you put a proactive plan in place and what to do after you or your organization has been hacked. Attendees will walk away from this webinar with a toolbox for their library and to use to educate their users.
  • 3.
  • 4. Myths  I’m not worth being attacked.  Hackers won’t guess my password.  I have anti-virus software.  I’ll know if I been compromised.
  • 5. Understanding Breaches and Hacks  A hack involves a person or group to gain authorized access to a protected computer or network  A breach typically indicates a release of confidential data (including those done by accident)  Both of these require different responses if breaches/hacks occur.
  • 6. Examples of Hacks/Breaches  An employee/family member allows a hacker to access their machine through:  Email Attachments  Social Engineering  Walking away from their computer unattended  An employee/family member sends information to someone thinking they are someone else  “Hi, I’m the CFO assistant, he needs me to collect all the W2s”  Or more intrusive –  There is an attack on a database or server that then allowed a hacker in (SQL Injection)  There is a brute force attack or someone guessed the password on a key admin account, on servers/networks, etc.
  • 7.
  • 8.
  • 9. The Costs Of Breaches  This year’s study found the average consolidated total cost of a data breach grew from $3.8 million to $4 million. The study also reports that the average cost incurred for each lost or stolen record containing sensitive and confidential information increased from $154 to $158 [IBM 2016 http://www-03.ibm.com/security/data-breach/]  Data Breached Companies Experience…  People loose faith in your brand  Loss in patrons  Financial Costs  Government Requirements, Penalties, Fees, etc.  Sending of Notifications  Payment of Identity Protection or repercussions. https://betanews.com/2016/02/10/the-economic-cost-of-being-hacked/
  • 10. Agenda  What you (as a library) should do if you’re hacked or compromised*  What you (as a person) should do if you’re hacked or compromised.  Protecting yourself from future attacks *Always seek legal advice before moving forward on any action – from how you communicate to what parties you involve during a breach.
  • 11.
  • 12. You as a Library - Obligations  You are obligated to protect the data and privacy of:  Employees  Patrons  Business Partners/Vendors/Etc.  Sometimes, we forget we house a lotof personal and identifying information about our employees and patrons.  Employees Social/Payroll/HR  Patron Records/Accounts/Catalog History(?)  What employees/patrons are accessing on the web  A sniffing tool, key logger, or fake DNS redirects can monitor not only the sites people are accessing but what they use for their username / password
  • 13. Steps – Communication and Speed!  Communicate  People will ask “How long did you know XYZ happened” before communicating to them an attack occurred.  If you discover a breach, hack, or any other compromise that may have the impact of data being stolen or viewed, you MUST communicate quickly and effectively.  While every scenario is different and has different factors – groups that move faster with the information they know (as soon as they know it) they are generally better off long term (ie don’t’ wait months as you “investigate” the issue. Give people time to protect themselves)  Don’t over communicate and have one spokesperson  Be clear and concise. Too many details can be harmful.
  • 14. Other Points on Communication  Once you know a breach has occurred, by law you are required to inform customers if their data has been compromised.  Some states have deadlines of when the announcement has to be made  Every impacted person must be told that a data breach has occurred, when it occurred, and what kind of information was compromised.  Answer: what are you doing to provide a remedy and should they do  (next slide)
  • 15. what are you doing to provide a remedy and should they do You as the Library  Build a website with information about the breach  Offer a Toll Free number people to call in for questions  If the possibility of social information provide contact information for Equifax, Experian and Transunion, and the quick links for fraud protection. Them as Impacted Parties  Fraud Protection (if necessary)  Request them to change their passwords if their password was compromised  Highlight if they use this password on OTHER sites to change those passwords too
  • 16.
  • 17.
  • 18. Step 2 - Investigate  You will most likely need to hire an outside cyber security firm – they have the tools and resources to track what might have been stolen and who stole it.  Solve which computers and accounts were compromised, which data was accessed (viewed) or stolen (copied) and whether any other parties – such as clients, customers, business partners, users, employees. Was the stolen data encrypted or unencrypted?  Also involve folks from the people you pay for services (depending on where the breach occurred) such as ISPs, Web Hosting Providers, Security Software, Firewall Vendors, etc.  Contact your local, county or state police computer crimes unit and the FBI, which can do forensic analyses and provide valuable guidance
  • 19. Step 3 – More Communication and Follow Up  If you notify more than 500 impacted people from a breach, many states will also require you to file a notice with your state attorney general’s office.  HIPPA, FERPA, CIPA, and all those other scary acronyms have requirements and regulations – make sure none of those rules are violated.
  • 20. Step 4 Solve It  Through the investigation and hiring of consultants and engagement of local/state/federal groups – find out what happened and how to prevent it from happening again  Removing infected computers or servers (if it was from a virus/malware)  Consider reformatting hacked computers and restoring data with clean backups or replacements  Removing access from the outside world to your network (or specific applications)  If the breach occurred because of non patch system or software – patch it, then put a policy in place to check patches.  If the breach was done through a stolen or weak passwords, secure those accounts and set new, complex passwords that will be hard to crack.  Communicate the resolution and promise to the users impacted
  • 21. Repercussions  Depending on the severity of the hack and type of hack you may:  Need to pay a fine/penalty from a governing body if it was because of lack of security or no reasonable efforts to defend users data  Pay for identity protection for those impacted users (usually at least a year)  Pay a settlement
  • 22. Moving Forward / Preventon  Make sure your security defenses are running properly and that data is being backed up securely.  You should run activity logs and tracking on all network devices and public facing servers. These logs should be checked and monitored for unwanted access or sudden activity.  Follow up with vendors to see what they are doing to protect your/their data – and share with customers best practices for their own security (like strong passwords).  Create a disaster recovery plan and train employees so everyone can respond quickly and calmly if they know of an attack or see something that could be indicative of being attacked.
  • 23. cyber-insurance  Policies can be purchased from most major insurance carriers for between $5,000 and $10,000 per $1 million in protection.  Policies will generally cover:  Legal Fees  Forensic Fees  Costs for providing customer credit monitoring for those impacted  Any court costs related to civil litigation and class actions.  Some policies include access to portals/support so if and when an attack occurs, you can get guidance and support on what to do.
  • 24. Training for Staff  Not installing software on the machine  You could put secure rules in place to prevent installations  Not opening attachments or clicking on links from senders you don’t recognize.  Teach staff that IT support will only email communications in a specific template from a specific address. Any other emailing claiming to be “IT” isn’t them.  Have staff either take an assessment after training and/or sign a document agreeing to practice best practices for security.  Checking Non-Work Related Functions (like emails) – caution users from accessing personal email or personal information while at work – as the IT team will not be monitoring that email for malicious messages.
  • 25.
  • 26. You – As A Person (If Infected Machine)  If you think you infected your machine (through an email, virus, etc)  Disconnect it from the internet.  Immediately shut down the computer  If you notice an odd message take a photo first so an IT person (or you) could do more research  You can remove your drive from your computer and using another computer (that’s not network connected) run scans on the drive.  Depending on the severity – you may need to wipe your computer.  If this is a work computer – always inform IT Security or IT. They rather have a false alarm than an actual issue leak to the entire organization.
  • 27. If Your Email Got HiJacked  If its your personal email  Send an email to all your contacts letting them know (if a fake message was sent out) that it wasn’t you who sent the message and to delete it.  Change your email password.  Google will tell you what sites you have connected your Google Account too:  https://myaccount.google.com/intro/secureaccount  If it’s your work email  Inform IT / Security – and ask them the best course of action.
  • 28.
  • 29. You Heard Of A Breach  Change Your Passwords!!  And I’m hoping you don’t use the same password for all your accounts  Do some investigatory work of your own  Do you use this username on other systems?  Check to see if other sites you use have you logging in when you haven’t  Many websites allow you to get an audit of when and where you’ve logged in. Contact those sites support pages for details.
  • 31. Your Library  Administrative Accounts are easy to figure out if they are something like “administrator” ”root” or “power users”. At the same time, no employee should have their account as a full admin.  Instead, give them their own username for admin access (like brian.admin)  Change the default “login” pages for sites to something that’s not www.mysitename.com/login. Bots look for this and attack.  My Drupal Site login page is www.evolveproject.org/catpower  User Awareness is key to any secure organization. Teach users how to identify potential threats and how to respond quickly.  Avoid shared accounts. One account should only be used by one person.
  • 32.
  • 33. You  Sites to protect yourself all the time (not free)  IdentiyGuard.com  LifeLock.com  Sites to monitor when breached data gets related (this is free)  Haveibeenpwned.com  Password Management Sites (like lastpass.com)  Don’t have the same password for all your sites.  Don’t write your passwords down on a post-it-note and leave it at your desk
  • 34.
  • 35. Dual Factor Authentication  After logging in; verify login via Email, SMS, or an app with a code.
  • 36. Credit Card Tools for Online Shopping  Check out Privacy.Com  https://privacy.com/join/473XB shameless plug
  • 37. Contact Me!  Brian Pichman  Bpichman@evolveproject.org  Twitter: @bpichman