Fundamentals about how to secure your small business, with an emphasis on companies that use or host CRM information. This includes checklists & step-by-step recommendations

1. Page 1 © 2018 InterWorks
Caston Thomas, cthomas@iworkstech.com
Would You Rather Wait for Your
Bank Account to be Emptied
- or -
Spend $29 on Anti-Malware?

2. Page 2 © 2018 InterWorks
If It’s Such a Big Problem!?!
Why aren’t businesses
doing more about
cyber security?

3. Page 3 © 2018 InterWorks
It’s a Big Problem
Why aren’t we doing more
about cybersecurity?

4. Page 4 © 2018 InterWorks
The Reason We Aren’t Doing More
by Options…
by Complexity…
by Uncertainty…
by “Where Do I Even Start?”

5. Page 7 © 2018 InterWorks
If Only…
it could be…
…simple
…easy
…understandable

6. Page 9 © 2018 InterWorks
Everyone Needs… (NO Exceptions!!!)
Commitment @ the Top!
Inventory
User Awareness
Malware/Ransomware
Passwords & MFA
Email & Web Protection
Public Website Protection
Firewall
Reputation Protection
Cyber Insurance?

7. Page 10 © 2018 InterWorks
What if passwords walk out the door with an ex-employee,
or if criminals get access?
How long would it take to change all our passwords?
(Do we even know what they all are?)
What would it cost us if a hacker brought us down
for hours/days/permanently?
How much sensitive information do we have?
What are the consequences if it is made public?
Would it affect our credibility with customers?
How would it affect our ability to gain new customers in the aftermath?
How fast can we restore our systems to working condition? How much data would we
lose?
Have we violated regulations or made ourselves legally liable by not having
better control over passwords?
Do I Need Good “Pass-wording”?

8. Page 11 © 2018 InterWorks
Protecting the CRM
Choose a trusted CRM provider
Use passwords effectively
Educate employees
Secure the data
Create written policies
Audit activity regularly
Plan ahead for recovery

9. Page 12 © 2018 InterWorks
 LONG passwords (12-15+ characters)
 Avoid only words or phrases
 Use Symbols & Numbers
 Should be different than username
 No kids, parents, pets, sports teams, city name, etc.
 Change every 3-6 months
 Email is frequently used as user name for logins
 Use multi-factor authentication for important data
 If you write it down, secure it & use hints only YOU know
 Unique password for each important site (never use twice!) e-commerce, bank
 Never use email nor financial passwords on other sites
 Passwords stored in browsers are visible (Chrome/IE/Brave/Firefox/mobile devices)
 DON’T SHARE PASSWORDS!
Password Policy Tips (Best Practices)

10. Page 13 © 2018 InterWorks
10/27/2016
Use a Password Manager
“So Many Options”…

11. Page 15 © 2018 InterWorks
 Deploy reputable anti-Malware
 Keep it up to date
 Keep offline backups
 Keep all other software up to date
 Teach employees to recognize social
engineering
Preventing Malware

12. Page 16 © 2018 InterWorks
Why I REALLY Need a VPN
When you use public Wi-Fi, mobile & other networks, it can…
• Learn your habits… learn about you, your browsing habits,
and even your personal preferences
• Gather info to sell to third parties
• use it to influence what you read, hear & watch
(or that of your employees or customers)
VPNs
• provide private, encrypted connection
• hide your business’s “digital fingerprint”
• protect you (and your employees) away from the office
• safeguard your reputation
• help you avoid “evil twins”

13. Page 17 © 2018 InterWorks
Prices start at only $99

14. Page 18 © 2018 InterWorks
Remote Access & Sync to CRM & Security

15. Page 20 © 2018 InterWorks
Zero Trust Networking

16. Page 23 © 2018 InterWorks
What Do I Need?
Third party optimized to support
very small enterprise
Added Technologies & Begin w/
Assessment
InterWorks Assessment & Match
Technologies
Match Technology &
Processes to Assessment
Basics & VPN CIS 20 CIS 20/NIST NIST
Inventory
User Awareness (Basic)
Email & Web Security
Endpoint Security
Firewall
Website Security
Reputation Protection
Cyber Insurance
Inventory
User Awareness
Email & Web Security
Endpoint Security
Firewall
Website Security
Reputation Protection
Cyber Insurance
Map Required Technologies
to the Controls that are
Needed
Match Requirements to
Gaps

17. Page 24 © 2018 InterWorks
What Does a Technical Assessment Look Like?
encrypting sensitive business information?
maintaining & monitoring logs?
planning for disasters & cyber security incidents?
patching operating systems & applications?
continually improving processes & technology?
installing & actively managing firewalls?
Are You …

18. Page 25 © 2018 InterWorks
To get:
• Cybersecurity Self-Assessment Library
• Copy of this slide deck
• Answers about how we might work together
Contact: Caston Thomas cthomas@iworkstech.com
Thanks!

19. Page 26 © 2018 InterWorks
CYBER TIPS FOR BUSINESS
• Assess risk & identify weaknesses – If your sensitive information is linked to the
Internet, then make sure you understand how it’s being protected.
• Create a contingency plan – Establish security practices & policies to protect your
organization’s sensitive information & its employees, patrons, & stakeholders.
• Educate employees – Make sure that employees are routinely educated about new &
emerging cyber threats & how to protect your organization’s data. Hold them accountable
to the Internet security policies & procedures, & require that they use strong passwords &
regularly change them.
• Back up critical information – Establish a schedule to perform critical data backups to
ensure that critical data is not lost in the event of a cyber attack or natural disaster. Store
all backups in remote locations away from the office, & encrypt sensitive data about the
organization & its customers. Invest in data loss protection software & use two-factor
authentication where possible.
• Secure your Internet connection – Use & regularly update antivirus software &
antispyware on all computers. Automate patch deployments across your organization, use
a firewall, encrypt data in transit, & hide your Wi-Fi network. Protect all pages on your
public-facing websites.
• Create a continuity plan – A continuity plan ensures that of nature, accidents, &
technological or attack-related emergencies. Business functions can continue to be
performed during a wide range of emergencies, including localized acts templates for this
type of plan at http://www.fema.gov/planning-templates.

20. Page 27 © 2018 InterWorks
Cybersecurity Awareness 10 Tips
• Protect against viruses, spyware, & other malicious code
• Secure your networks Safeguard internet by using a firewall & encrypting
information
• Establish security practices & policies to protect sensitive information
• Educate employees about cyber-threats & hold them accountable
• Require employees to use strong passwords & to change them often
• Employ best practices on payment cards
• Make backup copies of important business data & information
• Control physical access to computers & network components
• Create a mobile device action plan
• Protect all pages on your public-facing websites, not just the checkout &
sign-up pages

21. Page 28 © 2018 InterWorks
CYBER TIPS FOR PERSONAL USE
Personal devices
(computers, laptops, tablets,
mobile phones)
•Enable automatic updates
•Enable your firewall
•Update your anti-virus/anti-
malware software
•Perform a manual backup
or enable automatic backups
if available
•Require a password/PIN to
unlock your screen
•Uninstall unused software
•Clear browser history and
saved data
Home network
•Update administrative password for router,
wireless access points, and/or Internet of Things
(IoT) devices
•Select a strong passphrase (create a sentence that
is at least 12 characters long)
•Check that the firmware is up-to-date
•Change default network name or SSID (don't use
personal information)
•Create two separate Wi-Fi networks - home and
guest
•Guest Wi-Fi is to allow visitors to access the
Internet only and not your home network
•Ensure strong wireless encryption such as WPA2
•Consider segmenting IoT devices from the rest of
the home network or connect them to the
separated guest Wi-Fi