small business, big threat: creating cyber safe culture in your … · 2019-10-30 · small...
TRANSCRIPT
In partnership with:
Small Business, Big Threat: Creating Cyber Safe Culture in
Your Small BusinessMichigan Small Business
Development Center
Today’s Topics
Introductions
National & International Crisis
Why Culture?
People, Process, & Technology
Interactive session
The Michigan SBDC
Funded through a cooperative agreement with the
• U.S. Small Business Administration (SBA)
• Michigan Economic Development Corporation (MEDC)
• Matching funds from Local Network partners in each region.
Scott Taber
Cybersecurity Awareness Specialist
Latchezara Smith
Strategic Programs Manager
Michigan SBDC Services
• No cost 1:1 business consulting
• Business education
• Information-based planning through (secondary) market research
• Technology commercialization
Michigan SBDC Business Education
Take advantage of in-person and online learning opportunities for entrepreneurs. The MI-SBDC offers a variety of trainings presented by experienced professionals who can help you start and grow your business.
Register at SBDCMichigan.org/training
Topics Include:
• Starting a Business
• Business Plan
• Financial and Accounting
• Customer Relations
• Government Contracting
• Internet and Social Media
• Legal
• Management
• Marketing and Sales
• Cybersecurity
Globally reported complaints to IC3
0.00
50,000.00
100,000.00
150,000.00
200,000.00
250,000.00
300,000.00
350,000.00
400,000.00
2014 2015 2016 2017 2018
269,422288,012
298,728 301,580
351,937
352,000 complaints
Complaints
Source: Internet Crime Complaint Center 2019
Globally reported losses to IC3
$0.00
$500,000,000.00
$1,000,000,000.00
$1,500,000,000.00
$2,000,000,000.00
$2,500,000,000.00
$3,000,000,000.00
2014 2015 2016 2017 2018
$800,500,000
$1,700,000,000
$1,450,000,000$1,418,700,000
$2,706,400,000
$2.7 billion in losses
Losses in Dollars
Source: Internet Crime Complaint Center 2019
Reported complaints in Michigan to IC3
5,800
6,000
6,200
6,400
6,600
6,800
7,000
7,200
7,400
7,600
2016 2017 2018
6,384 6,400
7,533
Michigan ranked 15th nationally
Reported Victims
Source: Internet Crime Complaint Center 2019
Reported losses in Michigan to IC3
$0
$10,000,000
$20,000,000
$30,000,000
$40,000,000
$50,000,000
$60,000,000
$70,000,000
$80,000,000
$90,000,000
2016 2017 2018
$24,174,754 $25,362,646
$80,929,815
Michigan ranked 8th most in losses
Reported Losses
Source: Internet Crime Complaint Center 2019
Estimated costs of data breaches
• $175B in the U.S.• Source: McAfee 2018
• $600B Globally• Source: McAfee 2018
• $6 TRILLION globally by 2021• Source: Cyber Security Ventures 2017
• $117,000 per breach for small
businesses• Source: Kaspersky Lab 2017
The reasons behind the attacks
Source: Verizon DBIR 2019
$1.5 trillion in
cybercrime revenuesSource: Bromium 2018
71%
25%
Data breaches impact small business
Source: Verizon DBIR 2019
Cybersecurity Framework
People
Technology Process
Office culture
Culture is the character and personality of your organization. It's what makes your business unique and is the sum of its values, traditions, beliefs, interactions, behaviors, and attitudes.
Successful Phishing Campaign
1 min • 11% of Users
5 min• 25% of Users
60 min• 52% of Users
Proofpoint’s The Human Factor 2018 Report
“Culture eats strategy for breakfast.”- Peter Drucker
It’s All About People
Employees …
• Stability
• Predictability
• Communication
• Overbearing managers
• No input
• Lack of support
Focus on
• Stability• Trust in leadership
• Understand the why
• Predictability• What to look out for
• How to recognize it
• Oops, now what?
• Communication• Awareness
• Openness
• Trust
How?
• Awareness campaign
• Fun
• Communication
• Reward behavior
• Play games
• Management buy-in
• Do not be discouraged
Examples
Pop Quiz!
Scenario (phishing)
Subject and Sender
Supposed Authority
Asking you to click a
link
Spelling and Grammar
Sense of Urgency
Scenario (phishing)
Subject and Sender
Sense of Urgency
Asking you to
click a link
Scenario (phishing)
Subject and Sender
Asking you to
click a link
Sense of Urgency
Scenario (phishing)
Subject and Sender
Asking you to
click a link
Sense of Urgency
Scenario (phishing)Subject and Sender
Sense of
Urgency
Asking you to click
a link
Asking you to click a
link
Scenario (vishing)
• St. Mary’s Prayer
• US Treasury
• IRS Tax Crime
• Watching You
Culture change takes time…
People
Technology Process
Cyber policies
• Cybersecurity Policy• Formal business policy stating the process of
safeguarding data & technology from corruption, loss, & compromise
• Other important cybersecurity policies• Acceptable Use• Data Classification• Mobile Device• Email• Clean Desk• Disaster Recovery• Data Breach• Data Protection
Policy complications
People
Technology Process
Technology
Basic practices (the musts)
• Backup your data daily
• Properly configure your network(s)
• Deploy anti-virus & anti-malware solutions
• Use strong user credentials
• Update software & hardware regularly
• Train yourself and employees regularly
Thank you!