SlideShare une entreprise Scribd logo

A NonProfit Technologist's Guide to CyberSecurity and Data Protection

NetSquared
NetSquared

From NetSquared Houston, June 10, 2014. By: Gerry McGreevy Senior Systems Analyst, MD Anderson Cancer Center http://www.meetup.com/Net2Houston/events/178372942/ Gerry McGreevy, long time Netsquared member, Senior Database Administrator with 15 years experience in IT, and newly re-tooled career as IT Security Consultant, will be our June speaker. The theme for the evening's presentation will be: Know Your Data, and be Aware of Evolving Threats. Gerry's going to talk about CyberSecurity including an overview of the current landscape on how you can protect your organization's and your personal data, whether it be at home, in your pocket, in the cloud, or you are roaming in the wild. Specific tips and pointers to resources will be included!

TechnologieBusiness
1  sur  41
Télécharger pour lire hors ligne
A  NonProfit  Technologist's-­‐  Guide  to   CyberSecurity  and  Data  Protec=on   NetSquared  Houston    6/10/2014   Gerry  McGreevy   CISSP,  MBA,  OCP   Senior  Systems  Analyst,   MD  Anderson  Cancer  Center   gmcgreevy@mdanderson.org   Beiser  IT  Services   gerry.mcgreevy@beiser.us                                                            CommiAee  on  NaConal  Security  Systems  (CNSS)  
State  of  Data  Security  Today   Na=onal  Security  -­‐  Major  Cyber  Wars    China      Eastern  Bloc      Iran      N.  Korea,  South  and  SE  Asia    Mid-­‐East    Drug  Cartels  &  Organized  Crime        (foreign  /  domesCc)   Threats  to  Infrastructure    Electric  &  water  uCliCes    TransportaCon  (air  system,  rail,  traffic  signals)    CommunicaCon  (internet,  phones,  satellites)    Others  (prisons,  hospitals)    Internet  of  Everything    
Threats  to  Commerce    Intellectual  Property,  Trade  secrets    Contracts,  Order  systems    Proprietary  data  and  processes,  General  operaCons    Data  Breaches  and  Leakage  =  Heavy  Fines  +  ResCtuCon  +  Breach  of  Trust     Threats  to  Personal  Digital  Life    IdenCty  Fraud    Credit  Hacking    Tax    Refunds    Medical  Data  Leakage    Embarrassing  Disclosures    LiCgaCon  /  Spousal  surveillance         The  Value  of  Your  Data  
Source:    Mandiant   Source:    PWC  
Source:    Mandiant  
Privacy  ViolaCons  vs     Fraudulent  Access   What  You  Give  Away   Why  does  a  screen  lock     app  need  to  know?  >>     What  They  Steal  
Concepts  in  Data  ProtecCon   What  you  are  protecCng  .  .  .     ConfidenCality   Integrity       Availability   Types  of  Data     Customer  records   Financial  Records   Compliance  Records     Personal  IdenCty  InformaCon  (employee  records,  Credit   Card,)   Trade  Secrets   OperaConal  Records    
Best  PracCces  for  Small  Businesses     (and  Non-­‐Profits)     SuggesCons  from  NaConal  InsCtute  of  Standards  and   Technology   Best  PracCces  for  Small  Businesses  -­‐  NIST  7621   hAp://csrc.nist.gov/publicaCons/nisCr/ir7621/nisCr-­‐7621.pdf   SuggesCons  from  Greater  Houston  Partnership     Greater  Houston  Partnership  –  CyberThreat  Self  Assessment  Tool   hAp://www.houston.org/cybersecurity/pdf/Cyber-­‐Security-­‐Book.pdf  
SuggesCons  from  NIST   “Must  Do’s”   •  Protect  against  viruses,  spyware,  and  other  malicious  code   •  Control  access  to  computer  and  network  (internal  and  external  firewalls)   •  Use  individual  username  /  passwords  across  your  network    (Strong  password  policies,  or  2  Factor  AuthenCcaCon  =  BeAer!)   •  Limit  access  to  important  data     •  Use  segmented  networks   •  Patch  operaCng  systems  and  applica&ons    (Secunia  PSI  hNp://secunia.com    )   •  Make  Regular  Backups  –  Fully  Test  a  Restore   •  Train  employee’s  in  basic  security  principles  
SuggesCons  from  NIST   “Highly  Recommended”   •  Train  to  be  Alert  for  spear-­‐phishing  aAacks,  links  in  emails,  IM,  pop-­‐ ups,    social  Engineering  ,  web  surfing,    downloading.       •  Cau=ons  Against  Online  Business  or  Banking      Not  from  mobile  or  strange  networks,  only  from  secure  computer        Use  VPN,  Remote  Desktop,  or  encrypted  VNC,  GoToMyPC,  etc         •  Properly  Dispose  of  Old  Computers  and  Media   •  How  to  get  help  with  informa=on  security  when  you  need   •  Recommended  Personnel  Prac=ces  in  Hiring  Employees  
AddiConal  SuggesCons     Greater  Houston  Partnership   •  Lockdown  Desktops     •  Disallow  sojware  installaCons,  usb,  other  devices   •  Whitelist  apps  that  are  okay  –install  fro  common  download  area   •  Lockdown  Wifi  and  Mobile  (by  mac  address  and  WPA2  password)   •  Monitor  Web  Usage    and  Report   •  Learn  how  to  Encrypt  Data    (MS  Doc  locks,  TrueCrypt,  BitLocker  )   •  Avoid  Using  Cloud  (  Especially  for  Sensi5ve  Info!  )   •  Classify  Data  &  Separate  Based  on  Content  &  ClassificaCon   •  Formalized  Security  Policies   •  Conduct  Assessments   •  Data  Recovery  Exercises  
Segmented  Your  Network   Not-­‐so  SensiCve   Data  SensiCve  Data   Requires  you  to  know  and  classify  your   data.        <  CriCcal  Exercise    !  
Top  20  Security  Controls   Advanced  /  Enterprise   CriCcal  Security  Controls  -­‐  Version  5   •  Critical Security Controls - Version 5 •  1: Inventory of Authorized and Unauthorized Devices •  2: Inventory of Authorized and Unauthorized Software •  3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers •  4: Continuous Vulnerability Assessment and Remediation •  5: Malware Defenses •  6: Application Software Security •  7: Wireless Access Control •  8: Data Recovery Capability •  9: Security Skills Assessment and Appropriate Training to Fill Gaps •  10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches •  11: Limitation and Control of Network Ports, Protocols, and Services •  12: Controlled Use of Administrative Privileges •  13: Boundary Defense •  14: Maintenance, Monitoring, and Analysis of Audit Logs •  15: Controlled Access Based on the Need to Know •  16: Account Monitoring and Control •  17: Data Protection •  18: Incident Response and Management •  19: Secure Network Engineering •  20: Penetration Tests and Red Team Exercises This  work  is  licensed  under  a  CreaCve  Commons  AAribuCon-­‐NoDerivs  3.0  Unported  License.       hAp://www.sans.org/criCcal-­‐security-­‐controls/    
EncrypCon:  ProtecCng  Microsoj  Docs   File  >  Info  >  Restrict  Permission  by  People   (need  Windows  ID)   Microsoj  Office  360     Good  for  sharing,  not  good  for  sensiCve  data.       Use  Winzip  to  send  the  doc  in  an   encrypted  AES  256  wrapper.     GNU  Privacy  Guard                                               hAps://www.gnupg.org/  
Current  Threat  Trends   Heartbleed                      Ransomware                        Spear-­‐phishing     Other  trends  
Email  Security  AAachments   MS  Office  Docs   Turn  off  macros   (or  at  least  prompt)   Google  Docs   Preview   (big  difference  in  security   between    previewing   Gmail  vs  Outlook)  
Email  Security  AAachments   Watch  for  weird-­‐long  names                coolvideo.mp4                                                                                                                                                                                                                                                                                                        .exe   Open  in  Sandbox  Environment    (Virtual  Machine)   Understand  Digital  Signatures  
Social  Engineering  
Hacking  -­‐    Things  You  Think  May  be   Secure  but  Aren't   •  Adobe   •  Java   •  Firefox     •  Google   •  Microsoj   •  Apple  
Hacking  -­‐    Things  You  Think  May  be   Secure  but  Aren't   ssl  implementaCons   Don’t  download  directly    to  Dropbox    (it  tells  them  what  account,  and  you  have  to  login,  giving  your  password)    Download  to  local,  then  save  to  Dropbox.      Recommend  NOT  sharing  passwords  from  one  site  to  another        ie.  Don’t  use  Facebook  /  Google  id  to  log  into  some  site  
Careful  What  You  Download   Which  of  these  search   results  are  safe?      
Password  Cracking          Strong  Passwords   –  8  –  15  Characters  (  old  advice),  non-­‐dicConary  words   –  Stop  using  5  for  S,  1  for  I,  0  for  O  (doesn’t  really  help  anymore)   –  Be  aware  of  common  password  paAerns         (Paper  on  PIN  numbers:    hAp://www.datageneCcs.com/blog/september32012/  )   –  Problems  w/  password  managers  LastPass,  KeepPass,  others   –  Use  Phrases  with  spellings  all  messed  up      i.e:    toseideotsdonno   Don’t  communicate  passwords  via  email  or  SMS   Use  a  different  “channel”        BeAer  Protect  yourself  MulC-­‐Factor  AuthenCcaCon                                                      (ie.    Google  AuthenCcator,  can  be  used  by  some  apps)  
Mobile  Data   Dropbox,  Google  Drive  and  Other  Cloud  Storage  Issues    Privacy,  Data  Ownership,  Responsibility      Only  put  docs  out  that  no  harm  done  if  revealed    Or,  encrypt  before  wriCng  to  cloud                    (warning  –  consider  where/  by  whom  encrypCon  is  being  done).       Thumbdrives        Very  easy  to  hide  a  virus    Use  encrypted  (or  hidden)  parCCon    Tool:    Truecrypt      
Mobile  Data   Mobile  Devices      If  they  are  not  “locked  down”,  consider  open  to  internet.        Allow  non-­‐rooted  phones  only    Use  a  “guest”  network  to  connect  for  any  device  not    locked  down.          Most  client  apps  (email,  SMS,  etc,  leave  data  on  phone).      Far  from  guaranteed  you  can  erase  all  data  on  lost  phone  
When  You  Are  Out  In  the  Wild   Resist  Strange  joining  networks     Protect  Yourself  by  Doing  Everything  Important  from  Home  (even  when  you’re  not)   Accessing  Your  Screen  At  Home  While  Away  -­‐  OpCons:                        Remote  Desktop  -­‐  (Windows)              GoToMyPC   VNC  Personal,  use  128  bit  encrypCon    (256  =  strong)   hAp://www.realvnc.com/                          OpenVPN  
ProtecCng  Your  Home  Computer   Need  to  have  mulCple  copies  (and  safe  places)  for  each  backup:      Onsite  and  Remote   Where  and  how  you  encrypt  maAers  a  lot  to  both  security  and  costs   Easy:    Copy  files  to  USB  External  Hard  Drive  >  Remove  Drive  ,    give  it  to  friend.    Cost  $70  -­‐  $150.     Orig.                                        Backup  /  zip                            Upload       Data              >                  to  compress                                    >                        to    Cloud                                                        2nd  Local  Drive        (Encrypt  before              write  to  disk)     My  Docs  >  copy/zip  to      E:Backup      >      Upload  to  Amazon.      Cost  to  setup  $0            Cost  to  restore      $40  -­‐  $100   Must  Fully  Test  Restore.        A  restore  method  not  tested  is  makes  it  a  crap  shoot,  odds  against  you.      
ProtecCng  Your  Home  Computer   Myth:    Mac’s  are  not    subject  to  viruses     Windows  vs.  Mac       hAp://www.cvedetails.com/top-­‐50-­‐vendors.php  
hAp://www.cvedetails.com/vulnerability-­‐list/vendor_id-­‐49/product_id-­‐156/cvssscoremin-­‐2/ cvssscoremax-­‐2.99/Apple-­‐Mac-­‐Os-­‐X.html  
hAp://secunia.com/vulnerability_scanning/personal/   Not  just  your  o/s   but  your  applicaCons   as  well       ProtecCng  Your  Home  Computer   Keep  it    Patched!    
ProtecCng  Your  Home  Computer   Lock  DNS    (if  possible)       Know  (and  periodically  check)  where  your  DNS  is  pointed  to.       Logfiles,  know  where  they  are,  become  familiar  with  what  they  do    (may  be  overwhelming)   File  Shredding:    Learn  to  digitally  “shred”  sensiCve  files      (  hAp://www.fileshredder.org/  )  
ProtecCng  Your  Home  Computer   Password  Repositories  -­‐  Not  Really  Safe   Simple  SoluCon:     Encrypt  spreadsheet  (winzip,  truecrypt)   White  out  the  passwords,  so  you  can  just  copy  /  paste  
Using  EncrypCon   Protect  person-­‐person  communicaCons   Digital  Signatures  –  Brings  confidence  sender  is  as  claimed   Message  AuthenCcaCon    -­‐  Not  changed  in  transit   Privacy    -­‐  Secure  message  in  transit   Disc  encrypCon  –  Important  on  mobile  devices   Personal  IdenCty  in  public  space  –  Digital  ID’s   Common  Freeware:    TrueCrypt,  Windows  Bitlocker,  Gnu  Privacy  Guard,  Winzip  (pay)  
Things  You  Don't  See  Have  Holes   Printers   Smart  TVs  and  other  appliances    “Samsung  All  Share“   Video  Game  Consoles   “Internet  of  Everything”   SoluCon:    Segmented  Network  /subnet/DMZ   Put  your  most  secure  data  behind  an  internal  firewall  
Learn  How  to  Create  a  Segmented   Home  Network  
Safe  Browsing  Choices   Use  Private  Browsing  (all  browsers  have  this  opCon)   Limits  amount  of  info  stored  in  browser.     Use  Virtual  Machines  for  browsing  the  internet   (need  to  isolate  the  VM  from  any  network)   TOR  (  The  Onion  Router  )     Not  really  anonymous,  but  very  hard  to  trace  
LocaCng  SensiCve  Data   IdenCty  Finder  -­‐  Find  Personal  IdenCty  InformaCon  (PII)    on   your  computer  
AnCvirus     Good  products:        Comodo          (  paid  )    MalwareBytes    (free)      Combofix  rootkit  fixer  (free)    Recommend  avoiding  Kaspersky    
Keeping  Your  Ear  To  The  Ground     Resources  for  Further  InformaCon   Greater  Houston  Partnership  –  CyberThreat  Self  Assessment  Tool   hAp://www.houston.org/cybersecurity/pdf/Cyber-­‐Security-­‐Book.pdf   Best  PracCces  for  Small  Businesses  -­‐  NIST  7621   hAp://csrc.nist.gov/publicaCons/nisCr/ir7621/nisCr-­‐7621.pdf   SuggesCons  from  Greater  Houston  Partnership     Greater  Houston  Partnership  –  CyberThreat  Self  Assessment  Tool   hAp://www.houston.org/cybersecurity/pdf/Cyber-­‐Security-­‐Book.pdf   Know  the  Risks  Before  You  Head  to  the  Cloud:  A  Primer  on  Cloud  CompuCng  Legal  Risks  and  Issues  for  Nonprofits   hAp://www.jdsupra.com/post/documentViewer.aspx?fid=05a42be3-­‐161f-­‐4909-­‐af04-­‐50aa14b6689e   Cybersecurity:  The  Corporate  Counsel’s  Agenda   hAp://www.hoganlovells.com/custom/eDocs/Cybersecurity%20Advisory_Pearson_11152012.pdf   Online  Social  Networks,  CyberRisk  and  Your  Nonprofit:  What  You  Need  to  Know   hAp://www.nonprofitrisk.org/library/newsleAer/followme.shtml  
Keeping  Your  Ear  To  The  Ground     Resources  for  Further  InformaCon   ExecuCve  Order  Begins  Process  of  Strengthening  NaCon's  Cybersecurity  and  CriCcal  Infrastructure   hAp://www.pepperlaw.com/publicaCons_update.aspx?ArCcleKey=2562   NIST  Special  PublicaCon  500-­‐292:  Cloud  Compu5ng  Reference  Architecture.   The  Importance  of  Cybersecurity  to  the  Legal  Profession  and  Outsourcing  as  a  Best  PracCce   hAp://e-­‐discoveryteam.com/2014/05/11/the-­‐importance-­‐of-­‐cybersecurity-­‐to-­‐the-­‐legal-­‐profession-­‐and-­‐outsourcing-­‐as-­‐a-­‐best-­‐pracCce-­‐part-­‐one/   Online  Privacy  for  Nonprofits   hAps://www.privacyrights.org/online-­‐privacy-­‐nonprofits   NIST  Proposes  Privacy  Control  Roadmap  for  OrganizaCons     hAp://www.pepperlaw.com/publicaCons_update.aspx?ArCcleKey=2658)   Common  Vulnerability  EvaluaCon  Database   hAp://www.cvedetails.com   Mandiant  Reports  hAps://www.mandiant.com/resources/mandiant-­‐reports/   Webcasts:   BiAer  C-­‐Suite:  Privacy,  Security  and  Data  ProtecCon  Issues  Facing  CorporaCons,  Directors  and  Officers  ( hAp://www.pepperlaw.com/webinars_update.aspx?ArCcleKey=2888)   BYOD  (Bring  Your  Own  Device)  *Liability  and  Data  Breach  Sold  Separately  (hAp://www.pepperlaw.com/webinars_update.aspx?ArCcleKey=2773)  
Closing  Thoughts   Recognize  Data  Breaches  cannot  be  100%   prevented.    They  will  happen.    You  must  prepare   mulCple  defense  strategies  to  remediate.     Take  a  thorough  inventory  of  your  data,  your   devices,  your  systems,  and  who  is  “allowed”.   Understand,  and  stay  aware  of  a  conCnuously   evolving  threat  environment  -­‐  Defending  your  data   is  an  ongoing  process.      
QuesCons  

Recommandé

#NPTechClubATX: 5G: What Is It and Why Is It a Game Changer?
#NPTechClubATX: 5G: What Is It and Why Is It a Game Changer?#NPTechClubATX: 5G: What Is It and Why Is It a Game Changer?
#NPTechClubATX: 5G: What Is It and Why Is It a Game Changer?NetSquared
 
Nonprofit Tech Club Austin - Maximizing Tech to Save Money
Nonprofit Tech Club Austin - Maximizing Tech to Save MoneyNonprofit Tech Club Austin - Maximizing Tech to Save Money
Nonprofit Tech Club Austin - Maximizing Tech to Save MoneyNetSquared
 
Digital Accessibility: Introduction to Law and Process
Digital Accessibility: Introduction to Law and ProcessDigital Accessibility: Introduction to Law and Process
Digital Accessibility: Introduction to Law and ProcessNetSquared
 
NPTechClubATX: Prospecting - Reviewing Your Own Databases for Hidden Gems
NPTechClubATX: Prospecting - Reviewing Your Own Databases for Hidden GemsNPTechClubATX: Prospecting - Reviewing Your Own Databases for Hidden Gems
NPTechClubATX: Prospecting - Reviewing Your Own Databases for Hidden GemsNetSquared
 
NPTechClubATX: 7 Simple Secrets to Successful Nonprofit Events
NPTechClubATX: 7 Simple Secrets to Successful Nonprofit EventsNPTechClubATX: 7 Simple Secrets to Successful Nonprofit Events
NPTechClubATX: 7 Simple Secrets to Successful Nonprofit EventsNetSquared
 
NPTechClubATX: 7 Simple Secrets to Successful Nonprofit Events
NPTechClubATX: 7 Simple Secrets to Successful Nonprofit EventsNPTechClubATX: 7 Simple Secrets to Successful Nonprofit Events
NPTechClubATX: 7 Simple Secrets to Successful Nonprofit EventsNetSquared
 
NPTechClubATX: Engaging Communities of Color with Gabryella Desporte of Latin...
NPTechClubATX: Engaging Communities of Color with Gabryella Desporte of Latin...NPTechClubATX: Engaging Communities of Color with Gabryella Desporte of Latin...
NPTechClubATX: Engaging Communities of Color with Gabryella Desporte of Latin...NetSquared
 
NPTechClubATX: Social Media During Emergencies
NPTechClubATX: Social Media During EmergenciesNPTechClubATX: Social Media During Emergencies
NPTechClubATX: Social Media During EmergenciesNetSquared
 

Recommandé

#NPTechClubATX: 5G: What Is It and Why Is It a Game Changer?
#NPTechClubATX: 5G: What Is It and Why Is It a Game Changer?#NPTechClubATX: 5G: What Is It and Why Is It a Game Changer?
#NPTechClubATX: 5G: What Is It and Why Is It a Game Changer?NetSquared
 
Nonprofit Tech Club Austin - Maximizing Tech to Save Money
Nonprofit Tech Club Austin - Maximizing Tech to Save MoneyNonprofit Tech Club Austin - Maximizing Tech to Save Money
Nonprofit Tech Club Austin - Maximizing Tech to Save MoneyNetSquared
 
Digital Accessibility: Introduction to Law and Process
Digital Accessibility: Introduction to Law and ProcessDigital Accessibility: Introduction to Law and Process
Digital Accessibility: Introduction to Law and ProcessNetSquared
 
NPTechClubATX: Prospecting - Reviewing Your Own Databases for Hidden Gems
NPTechClubATX: Prospecting - Reviewing Your Own Databases for Hidden GemsNPTechClubATX: Prospecting - Reviewing Your Own Databases for Hidden Gems
NPTechClubATX: Prospecting - Reviewing Your Own Databases for Hidden GemsNetSquared
 
NPTechClubATX: 7 Simple Secrets to Successful Nonprofit Events
NPTechClubATX: 7 Simple Secrets to Successful Nonprofit EventsNPTechClubATX: 7 Simple Secrets to Successful Nonprofit Events
NPTechClubATX: 7 Simple Secrets to Successful Nonprofit EventsNetSquared
 
NPTechClubATX: 7 Simple Secrets to Successful Nonprofit Events
NPTechClubATX: 7 Simple Secrets to Successful Nonprofit EventsNPTechClubATX: 7 Simple Secrets to Successful Nonprofit Events
NPTechClubATX: 7 Simple Secrets to Successful Nonprofit EventsNetSquared
 
NPTechClubATX: Engaging Communities of Color with Gabryella Desporte of Latin...
NPTechClubATX: Engaging Communities of Color with Gabryella Desporte of Latin...NPTechClubATX: Engaging Communities of Color with Gabryella Desporte of Latin...
NPTechClubATX: Engaging Communities of Color with Gabryella Desporte of Latin...NetSquared
 
NPTechClubATX: Social Media During Emergencies
NPTechClubATX: Social Media During EmergenciesNPTechClubATX: Social Media During Emergencies
NPTechClubATX: Social Media During EmergenciesNetSquared
 
NPTechClubATX: Transforming Board Management
NPTechClubATX: Transforming Board ManagementNPTechClubATX: Transforming Board Management
NPTechClubATX: Transforming Board ManagementNetSquared
 
NPTechClubATX: Getting Out of the Alligator Pit
NPTechClubATX: Getting Out of the Alligator PitNPTechClubATX: Getting Out of the Alligator Pit
NPTechClubATX: Getting Out of the Alligator PitNetSquared
 
NPTechClubATX - Engaging Communities of Color
NPTechClubATX - Engaging Communities of ColorNPTechClubATX - Engaging Communities of Color
NPTechClubATX - Engaging Communities of ColorNetSquared
 
Net2 Toronto: Digital Donor Acquisition — Tips, Tricks, Pitfalls & Problem-So...
Net2 Toronto: Digital Donor Acquisition — Tips, Tricks, Pitfalls & Problem-So...Net2 Toronto: Digital Donor Acquisition — Tips, Tricks, Pitfalls & Problem-So...
Net2 Toronto: Digital Donor Acquisition — Tips, Tricks, Pitfalls & Problem-So...NetSquared
 
Social Engineering 101: Don't Get Manipulated by Attackers
Social Engineering 101: Don't Get Manipulated by AttackersSocial Engineering 101: Don't Get Manipulated by Attackers
Social Engineering 101: Don't Get Manipulated by AttackersNetSquared
 
NetSquared Athens: Everything You Always Wanted to Know About Tech and Nonprofit
NetSquared Athens: Everything You Always Wanted to Know About Tech and NonprofitNetSquared Athens: Everything You Always Wanted to Know About Tech and Nonprofit
NetSquared Athens: Everything You Always Wanted to Know About Tech and NonprofitNetSquared
 
Community Isn't Cancelled — Q3 FY20 NetSquared Report
Community Isn't Cancelled — Q3 FY20 NetSquared ReportCommunity Isn't Cancelled — Q3 FY20 NetSquared Report
Community Isn't Cancelled — Q3 FY20 NetSquared ReportNetSquared
 
How NGOs and Charities Can Implement Budget Video Conference Software
How NGOs and Charities Can Implement Budget Video Conference SoftwareHow NGOs and Charities Can Implement Budget Video Conference Software
How NGOs and Charities Can Implement Budget Video Conference SoftwareNetSquared
 
Desire seyram sackitey — NetSquared productivity tools and tips for non pro...
Desire seyram sackitey — NetSquared productivity tools and tips for non pro...Desire seyram sackitey — NetSquared productivity tools and tips for non pro...
Desire seyram sackitey — NetSquared productivity tools and tips for non pro...NetSquared
 
Highlights from the TechSoup Catalog [webinar slides]
Highlights from the TechSoup Catalog [webinar slides]Highlights from the TechSoup Catalog [webinar slides]
Highlights from the TechSoup Catalog [webinar slides]NetSquared
 
NetSquared Report: July 1 - December 31 2019
NetSquared Report: July 1 - December 31 2019NetSquared Report: July 1 - December 31 2019
NetSquared Report: July 1 - December 31 2019NetSquared
 
Tech4goodPGH – Rapid Prototyping Workshop
Tech4goodPGH – Rapid Prototyping WorkshopTech4goodPGH – Rapid Prototyping Workshop
Tech4goodPGH – Rapid Prototyping WorkshopNetSquared
 
NetSquared Quarterly Report: January 1 – March 31 2019
NetSquared Quarterly Report: January 1 – March 31 2019NetSquared Quarterly Report: January 1 – March 31 2019
NetSquared Quarterly Report: January 1 – March 31 2019NetSquared
 
NetSquared Quarterly Report: July 1 – September 30 2018
NetSquared Quarterly Report: July 1 – September 30 2018NetSquared Quarterly Report: July 1 – September 30 2018
NetSquared Quarterly Report: July 1 – September 30 2018NetSquared
 
NetSquared event introduction slides – International – updated September 2018
NetSquared event introduction slides – International – updated September 2018NetSquared event introduction slides – International – updated September 2018
NetSquared event introduction slides – International – updated September 2018NetSquared
 
NetSquared event introduction slides – USA – Updated September 2018
NetSquared event introduction slides – USA – Updated September 2018NetSquared event introduction slides – USA – Updated September 2018
NetSquared event introduction slides – USA – Updated September 2018NetSquared
 
Los Angeles Public Library Digital Inclusion Week
Los Angeles Public Library Digital Inclusion WeekLos Angeles Public Library Digital Inclusion Week
Los Angeles Public Library Digital Inclusion WeekNetSquared
 
NetSquared Quarterly Highlight Report for Q1 FY18
NetSquared Quarterly Highlight Report for Q1 FY18NetSquared Quarterly Highlight Report for Q1 FY18
NetSquared Quarterly Highlight Report for Q1 FY18NetSquared
 
NetSquared Introduction Slides for NetSquared Amsterdam Launch Meeting
NetSquared Introduction Slides for NetSquared Amsterdam Launch MeetingNetSquared Introduction Slides for NetSquared Amsterdam Launch Meeting
NetSquared Introduction Slides for NetSquared Amsterdam Launch MeetingNetSquared
 
#Storymakers2017 Event Hosting Guide
#Storymakers2017 Event Hosting Guide#Storymakers2017 Event Hosting Guide
#Storymakers2017 Event Hosting GuideNetSquared
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 

Contenu connexe

Plus de NetSquared

NPTechClubATX: Transforming Board Management
NPTechClubATX: Transforming Board ManagementNPTechClubATX: Transforming Board Management
NPTechClubATX: Transforming Board ManagementNetSquared
 
NPTechClubATX: Getting Out of the Alligator Pit
NPTechClubATX: Getting Out of the Alligator PitNPTechClubATX: Getting Out of the Alligator Pit
NPTechClubATX: Getting Out of the Alligator PitNetSquared
 
NPTechClubATX - Engaging Communities of Color
NPTechClubATX - Engaging Communities of ColorNPTechClubATX - Engaging Communities of Color
NPTechClubATX - Engaging Communities of ColorNetSquared
 
Net2 Toronto: Digital Donor Acquisition — Tips, Tricks, Pitfalls & Problem-So...
Net2 Toronto: Digital Donor Acquisition — Tips, Tricks, Pitfalls & Problem-So...Net2 Toronto: Digital Donor Acquisition — Tips, Tricks, Pitfalls & Problem-So...
Net2 Toronto: Digital Donor Acquisition — Tips, Tricks, Pitfalls & Problem-So...NetSquared
 
Social Engineering 101: Don't Get Manipulated by Attackers
Social Engineering 101: Don't Get Manipulated by AttackersSocial Engineering 101: Don't Get Manipulated by Attackers
Social Engineering 101: Don't Get Manipulated by AttackersNetSquared
 
NetSquared Athens: Everything You Always Wanted to Know About Tech and Nonprofit
NetSquared Athens: Everything You Always Wanted to Know About Tech and NonprofitNetSquared Athens: Everything You Always Wanted to Know About Tech and Nonprofit
NetSquared Athens: Everything You Always Wanted to Know About Tech and NonprofitNetSquared
 
Community Isn't Cancelled — Q3 FY20 NetSquared Report
Community Isn't Cancelled — Q3 FY20 NetSquared ReportCommunity Isn't Cancelled — Q3 FY20 NetSquared Report
Community Isn't Cancelled — Q3 FY20 NetSquared ReportNetSquared
 
How NGOs and Charities Can Implement Budget Video Conference Software
How NGOs and Charities Can Implement Budget Video Conference SoftwareHow NGOs and Charities Can Implement Budget Video Conference Software
How NGOs and Charities Can Implement Budget Video Conference SoftwareNetSquared
 
Desire seyram sackitey — NetSquared productivity tools and tips for non pro...
Desire seyram sackitey — NetSquared productivity tools and tips for non pro...Desire seyram sackitey — NetSquared productivity tools and tips for non pro...
Desire seyram sackitey — NetSquared productivity tools and tips for non pro...NetSquared
 
Highlights from the TechSoup Catalog [webinar slides]
Highlights from the TechSoup Catalog [webinar slides]Highlights from the TechSoup Catalog [webinar slides]
Highlights from the TechSoup Catalog [webinar slides]NetSquared
 
NetSquared Report: July 1 - December 31 2019
NetSquared Report: July 1 - December 31 2019NetSquared Report: July 1 - December 31 2019
NetSquared Report: July 1 - December 31 2019NetSquared
 
Tech4goodPGH – Rapid Prototyping Workshop
Tech4goodPGH – Rapid Prototyping WorkshopTech4goodPGH – Rapid Prototyping Workshop
Tech4goodPGH – Rapid Prototyping WorkshopNetSquared
 
NetSquared Quarterly Report: January 1 – March 31 2019
NetSquared Quarterly Report: January 1 – March 31 2019NetSquared Quarterly Report: January 1 – March 31 2019
NetSquared Quarterly Report: January 1 – March 31 2019NetSquared
 
NetSquared Quarterly Report: July 1 – September 30 2018
NetSquared Quarterly Report: July 1 – September 30 2018NetSquared Quarterly Report: July 1 – September 30 2018
NetSquared Quarterly Report: July 1 – September 30 2018NetSquared
 
NetSquared event introduction slides – International – updated September 2018
NetSquared event introduction slides – International – updated September 2018NetSquared event introduction slides – International – updated September 2018
NetSquared event introduction slides – International – updated September 2018NetSquared
 
NetSquared event introduction slides – USA – Updated September 2018
NetSquared event introduction slides – USA – Updated September 2018NetSquared event introduction slides – USA – Updated September 2018
NetSquared event introduction slides – USA – Updated September 2018NetSquared
 
Los Angeles Public Library Digital Inclusion Week
Los Angeles Public Library Digital Inclusion WeekLos Angeles Public Library Digital Inclusion Week
Los Angeles Public Library Digital Inclusion WeekNetSquared
 
NetSquared Quarterly Highlight Report for Q1 FY18
NetSquared Quarterly Highlight Report for Q1 FY18NetSquared Quarterly Highlight Report for Q1 FY18
NetSquared Quarterly Highlight Report for Q1 FY18NetSquared
 
NetSquared Introduction Slides for NetSquared Amsterdam Launch Meeting
NetSquared Introduction Slides for NetSquared Amsterdam Launch MeetingNetSquared Introduction Slides for NetSquared Amsterdam Launch Meeting
NetSquared Introduction Slides for NetSquared Amsterdam Launch MeetingNetSquared
 
#Storymakers2017 Event Hosting Guide
#Storymakers2017 Event Hosting Guide#Storymakers2017 Event Hosting Guide
#Storymakers2017 Event Hosting GuideNetSquared
 

Plus de NetSquared (20)

NPTechClubATX: Transforming Board Management
NPTechClubATX: Transforming Board ManagementNPTechClubATX: Transforming Board Management
NPTechClubATX: Transforming Board Management
 
NPTechClubATX: Getting Out of the Alligator Pit
NPTechClubATX: Getting Out of the Alligator PitNPTechClubATX: Getting Out of the Alligator Pit
NPTechClubATX: Getting Out of the Alligator Pit
 
NPTechClubATX - Engaging Communities of Color
NPTechClubATX - Engaging Communities of ColorNPTechClubATX - Engaging Communities of Color
NPTechClubATX - Engaging Communities of Color
 
Net2 Toronto: Digital Donor Acquisition — Tips, Tricks, Pitfalls & Problem-So...
Net2 Toronto: Digital Donor Acquisition — Tips, Tricks, Pitfalls & Problem-So...Net2 Toronto: Digital Donor Acquisition — Tips, Tricks, Pitfalls & Problem-So...
Net2 Toronto: Digital Donor Acquisition — Tips, Tricks, Pitfalls & Problem-So...
 
Social Engineering 101: Don't Get Manipulated by Attackers
Social Engineering 101: Don't Get Manipulated by AttackersSocial Engineering 101: Don't Get Manipulated by Attackers
Social Engineering 101: Don't Get Manipulated by Attackers
 
NetSquared Athens: Everything You Always Wanted to Know About Tech and Nonprofit
NetSquared Athens: Everything You Always Wanted to Know About Tech and NonprofitNetSquared Athens: Everything You Always Wanted to Know About Tech and Nonprofit
NetSquared Athens: Everything You Always Wanted to Know About Tech and Nonprofit
 
Community Isn't Cancelled — Q3 FY20 NetSquared Report
Community Isn't Cancelled — Q3 FY20 NetSquared ReportCommunity Isn't Cancelled — Q3 FY20 NetSquared Report
Community Isn't Cancelled — Q3 FY20 NetSquared Report
 
How NGOs and Charities Can Implement Budget Video Conference Software
How NGOs and Charities Can Implement Budget Video Conference SoftwareHow NGOs and Charities Can Implement Budget Video Conference Software
How NGOs and Charities Can Implement Budget Video Conference Software
 
Desire seyram sackitey — NetSquared productivity tools and tips for non pro...
Desire seyram sackitey — NetSquared productivity tools and tips for non pro...Desire seyram sackitey — NetSquared productivity tools and tips for non pro...
Desire seyram sackitey — NetSquared productivity tools and tips for non pro...
 
Highlights from the TechSoup Catalog [webinar slides]
Highlights from the TechSoup Catalog [webinar slides]Highlights from the TechSoup Catalog [webinar slides]
Highlights from the TechSoup Catalog [webinar slides]
 
NetSquared Report: July 1 - December 31 2019
NetSquared Report: July 1 - December 31 2019NetSquared Report: July 1 - December 31 2019
NetSquared Report: July 1 - December 31 2019
 
Tech4goodPGH – Rapid Prototyping Workshop
Tech4goodPGH – Rapid Prototyping WorkshopTech4goodPGH – Rapid Prototyping Workshop
Tech4goodPGH – Rapid Prototyping Workshop
 
NetSquared Quarterly Report: January 1 – March 31 2019
NetSquared Quarterly Report: January 1 – March 31 2019NetSquared Quarterly Report: January 1 – March 31 2019
NetSquared Quarterly Report: January 1 – March 31 2019
 
NetSquared Quarterly Report: July 1 – September 30 2018
NetSquared Quarterly Report: July 1 – September 30 2018NetSquared Quarterly Report: July 1 – September 30 2018
NetSquared Quarterly Report: July 1 – September 30 2018
 
NetSquared event introduction slides – International – updated September 2018
NetSquared event introduction slides – International – updated September 2018NetSquared event introduction slides – International – updated September 2018
NetSquared event introduction slides – International – updated September 2018
 
NetSquared event introduction slides – USA – Updated September 2018
NetSquared event introduction slides – USA – Updated September 2018NetSquared event introduction slides – USA – Updated September 2018
NetSquared event introduction slides – USA – Updated September 2018
 
Los Angeles Public Library Digital Inclusion Week
Los Angeles Public Library Digital Inclusion WeekLos Angeles Public Library Digital Inclusion Week
Los Angeles Public Library Digital Inclusion Week
 
NetSquared Quarterly Highlight Report for Q1 FY18
NetSquared Quarterly Highlight Report for Q1 FY18NetSquared Quarterly Highlight Report for Q1 FY18
NetSquared Quarterly Highlight Report for Q1 FY18
 
NetSquared Introduction Slides for NetSquared Amsterdam Launch Meeting
NetSquared Introduction Slides for NetSquared Amsterdam Launch MeetingNetSquared Introduction Slides for NetSquared Amsterdam Launch Meeting
NetSquared Introduction Slides for NetSquared Amsterdam Launch Meeting
 
#Storymakers2017 Event Hosting Guide
#Storymakers2017 Event Hosting Guide#Storymakers2017 Event Hosting Guide
#Storymakers2017 Event Hosting Guide
 

Dernier

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 

Dernier (20)

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 

A NonProfit Technologist's Guide to CyberSecurity and Data Protection

  • 1. A  NonProfit  Technologist's-­‐  Guide  to   CyberSecurity  and  Data  Protec=on   NetSquared  Houston    6/10/2014   Gerry  McGreevy   CISSP,  MBA,  OCP   Senior  Systems  Analyst,   MD  Anderson  Cancer  Center   gmcgreevy@mdanderson.org   Beiser  IT  Services   gerry.mcgreevy@beiser.us                                                            CommiAee  on  NaConal  Security  Systems  (CNSS)  
  • 2. State  of  Data  Security  Today   Na=onal  Security  -­‐  Major  Cyber  Wars    China      Eastern  Bloc      Iran      N.  Korea,  South  and  SE  Asia    Mid-­‐East    Drug  Cartels  &  Organized  Crime        (foreign  /  domesCc)   Threats  to  Infrastructure    Electric  &  water  uCliCes    TransportaCon  (air  system,  rail,  traffic  signals)    CommunicaCon  (internet,  phones,  satellites)    Others  (prisons,  hospitals)    Internet  of  Everything    
  • 3. Threats  to  Commerce    Intellectual  Property,  Trade  secrets    Contracts,  Order  systems    Proprietary  data  and  processes,  General  operaCons    Data  Breaches  and  Leakage  =  Heavy  Fines  +  ResCtuCon  +  Breach  of  Trust     Threats  to  Personal  Digital  Life    IdenCty  Fraud    Credit  Hacking    Tax    Refunds    Medical  Data  Leakage    Embarrassing  Disclosures    LiCgaCon  /  Spousal  surveillance         The  Value  of  Your  Data  
  • 4. Source:    Mandiant   Source:    PWC  
  • 6. Privacy  ViolaCons  vs     Fraudulent  Access   What  You  Give  Away   Why  does  a  screen  lock     app  need  to  know?  >>     What  They  Steal  
  • 7. Concepts  in  Data  ProtecCon   What  you  are  protecCng  .  .  .     ConfidenCality   Integrity       Availability   Types  of  Data     Customer  records   Financial  Records   Compliance  Records     Personal  IdenCty  InformaCon  (employee  records,  Credit   Card,)   Trade  Secrets   OperaConal  Records    
  • 8. Best  PracCces  for  Small  Businesses     (and  Non-­‐Profits)     SuggesCons  from  NaConal  InsCtute  of  Standards  and   Technology   Best  PracCces  for  Small  Businesses  -­‐  NIST  7621   hAp://csrc.nist.gov/publicaCons/nisCr/ir7621/nisCr-­‐7621.pdf   SuggesCons  from  Greater  Houston  Partnership     Greater  Houston  Partnership  –  CyberThreat  Self  Assessment  Tool   hAp://www.houston.org/cybersecurity/pdf/Cyber-­‐Security-­‐Book.pdf  
  • 9. SuggesCons  from  NIST   “Must  Do’s”   •  Protect  against  viruses,  spyware,  and  other  malicious  code   •  Control  access  to  computer  and  network  (internal  and  external  firewalls)   •  Use  individual  username  /  passwords  across  your  network    (Strong  password  policies,  or  2  Factor  AuthenCcaCon  =  BeAer!)   •  Limit  access  to  important  data     •  Use  segmented  networks   •  Patch  operaCng  systems  and  applica&ons    (Secunia  PSI  hNp://secunia.com    )   •  Make  Regular  Backups  –  Fully  Test  a  Restore   •  Train  employee’s  in  basic  security  principles  
  • 10. SuggesCons  from  NIST   “Highly  Recommended”   •  Train  to  be  Alert  for  spear-­‐phishing  aAacks,  links  in  emails,  IM,  pop-­‐ ups,    social  Engineering  ,  web  surfing,    downloading.       •  Cau=ons  Against  Online  Business  or  Banking      Not  from  mobile  or  strange  networks,  only  from  secure  computer        Use  VPN,  Remote  Desktop,  or  encrypted  VNC,  GoToMyPC,  etc         •  Properly  Dispose  of  Old  Computers  and  Media   •  How  to  get  help  with  informa=on  security  when  you  need   •  Recommended  Personnel  Prac=ces  in  Hiring  Employees  
  • 11. AddiConal  SuggesCons     Greater  Houston  Partnership   •  Lockdown  Desktops     •  Disallow  sojware  installaCons,  usb,  other  devices   •  Whitelist  apps  that  are  okay  –install  fro  common  download  area   •  Lockdown  Wifi  and  Mobile  (by  mac  address  and  WPA2  password)   •  Monitor  Web  Usage    and  Report   •  Learn  how  to  Encrypt  Data    (MS  Doc  locks,  TrueCrypt,  BitLocker  )   •  Avoid  Using  Cloud  (  Especially  for  Sensi5ve  Info!  )   •  Classify  Data  &  Separate  Based  on  Content  &  ClassificaCon   •  Formalized  Security  Policies   •  Conduct  Assessments   •  Data  Recovery  Exercises  
  • 12. Segmented  Your  Network   Not-­‐so  SensiCve   Data  SensiCve  Data   Requires  you  to  know  and  classify  your   data.        <  CriCcal  Exercise    !  
  • 13. Top  20  Security  Controls   Advanced  /  Enterprise   CriCcal  Security  Controls  -­‐  Version  5   •  Critical Security Controls - Version 5 •  1: Inventory of Authorized and Unauthorized Devices •  2: Inventory of Authorized and Unauthorized Software •  3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers •  4: Continuous Vulnerability Assessment and Remediation •  5: Malware Defenses •  6: Application Software Security •  7: Wireless Access Control •  8: Data Recovery Capability •  9: Security Skills Assessment and Appropriate Training to Fill Gaps •  10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches •  11: Limitation and Control of Network Ports, Protocols, and Services •  12: Controlled Use of Administrative Privileges •  13: Boundary Defense •  14: Maintenance, Monitoring, and Analysis of Audit Logs •  15: Controlled Access Based on the Need to Know •  16: Account Monitoring and Control •  17: Data Protection •  18: Incident Response and Management •  19: Secure Network Engineering •  20: Penetration Tests and Red Team Exercises This  work  is  licensed  under  a  CreaCve  Commons  AAribuCon-­‐NoDerivs  3.0  Unported  License.       hAp://www.sans.org/criCcal-­‐security-­‐controls/    
  • 14. EncrypCon:  ProtecCng  Microsoj  Docs   File  >  Info  >  Restrict  Permission  by  People   (need  Windows  ID)   Microsoj  Office  360     Good  for  sharing,  not  good  for  sensiCve  data.       Use  Winzip  to  send  the  doc  in  an   encrypted  AES  256  wrapper.     GNU  Privacy  Guard                                               hAps://www.gnupg.org/  
  • 15. Current  Threat  Trends   Heartbleed                      Ransomware                        Spear-­‐phishing     Other  trends  
  • 16. Email  Security  AAachments   MS  Office  Docs   Turn  off  macros   (or  at  least  prompt)   Google  Docs   Preview   (big  difference  in  security   between    previewing   Gmail  vs  Outlook)  
  • 17. Email  Security  AAachments   Watch  for  weird-­‐long  names                coolvideo.mp4                                                                                                                                                                                                                                                                                                        .exe   Open  in  Sandbox  Environment    (Virtual  Machine)   Understand  Digital  Signatures  
  • 19. Hacking  -­‐    Things  You  Think  May  be   Secure  but  Aren't   •  Adobe   •  Java   •  Firefox     •  Google   •  Microsoj   •  Apple  
  • 20. Hacking  -­‐    Things  You  Think  May  be   Secure  but  Aren't   ssl  implementaCons   Don’t  download  directly    to  Dropbox    (it  tells  them  what  account,  and  you  have  to  login,  giving  your  password)    Download  to  local,  then  save  to  Dropbox.      Recommend  NOT  sharing  passwords  from  one  site  to  another        ie.  Don’t  use  Facebook  /  Google  id  to  log  into  some  site  
  • 21. Careful  What  You  Download   Which  of  these  search   results  are  safe?      
  • 22. Password  Cracking          Strong  Passwords   –  8  –  15  Characters  (  old  advice),  non-­‐dicConary  words   –  Stop  using  5  for  S,  1  for  I,  0  for  O  (doesn’t  really  help  anymore)   –  Be  aware  of  common  password  paAerns         (Paper  on  PIN  numbers:    hAp://www.datageneCcs.com/blog/september32012/  )   –  Problems  w/  password  managers  LastPass,  KeepPass,  others   –  Use  Phrases  with  spellings  all  messed  up      i.e:    toseideotsdonno   Don’t  communicate  passwords  via  email  or  SMS   Use  a  different  “channel”        BeAer  Protect  yourself  MulC-­‐Factor  AuthenCcaCon                                                      (ie.    Google  AuthenCcator,  can  be  used  by  some  apps)  
  • 23. Mobile  Data   Dropbox,  Google  Drive  and  Other  Cloud  Storage  Issues    Privacy,  Data  Ownership,  Responsibility      Only  put  docs  out  that  no  harm  done  if  revealed    Or,  encrypt  before  wriCng  to  cloud                    (warning  –  consider  where/  by  whom  encrypCon  is  being  done).       Thumbdrives        Very  easy  to  hide  a  virus    Use  encrypted  (or  hidden)  parCCon    Tool:    Truecrypt      
  • 24. Mobile  Data   Mobile  Devices      If  they  are  not  “locked  down”,  consider  open  to  internet.        Allow  non-­‐rooted  phones  only    Use  a  “guest”  network  to  connect  for  any  device  not    locked  down.          Most  client  apps  (email,  SMS,  etc,  leave  data  on  phone).      Far  from  guaranteed  you  can  erase  all  data  on  lost  phone  
  • 25. When  You  Are  Out  In  the  Wild   Resist  Strange  joining  networks     Protect  Yourself  by  Doing  Everything  Important  from  Home  (even  when  you’re  not)   Accessing  Your  Screen  At  Home  While  Away  -­‐  OpCons:                        Remote  Desktop  -­‐  (Windows)              GoToMyPC   VNC  Personal,  use  128  bit  encrypCon    (256  =  strong)   hAp://www.realvnc.com/                          OpenVPN  
  • 26. ProtecCng  Your  Home  Computer   Need  to  have  mulCple  copies  (and  safe  places)  for  each  backup:      Onsite  and  Remote   Where  and  how  you  encrypt  maAers  a  lot  to  both  security  and  costs   Easy:    Copy  files  to  USB  External  Hard  Drive  >  Remove  Drive  ,    give  it  to  friend.    Cost  $70  -­‐  $150.     Orig.                                        Backup  /  zip                            Upload       Data              >                  to  compress                                    >                        to    Cloud                                                        2nd  Local  Drive        (Encrypt  before              write  to  disk)     My  Docs  >  copy/zip  to      E:Backup      >      Upload  to  Amazon.      Cost  to  setup  $0            Cost  to  restore      $40  -­‐  $100   Must  Fully  Test  Restore.        A  restore  method  not  tested  is  makes  it  a  crap  shoot,  odds  against  you.      
  • 27. ProtecCng  Your  Home  Computer   Myth:    Mac’s  are  not    subject  to  viruses     Windows  vs.  Mac       hAp://www.cvedetails.com/top-­‐50-­‐vendors.php  
  • 29. hAp://secunia.com/vulnerability_scanning/personal/   Not  just  your  o/s   but  your  applicaCons   as  well       ProtecCng  Your  Home  Computer   Keep  it    Patched!    
  • 30. ProtecCng  Your  Home  Computer   Lock  DNS    (if  possible)       Know  (and  periodically  check)  where  your  DNS  is  pointed  to.       Logfiles,  know  where  they  are,  become  familiar  with  what  they  do    (may  be  overwhelming)   File  Shredding:    Learn  to  digitally  “shred”  sensiCve  files      (  hAp://www.fileshredder.org/  )  
  • 31. ProtecCng  Your  Home  Computer   Password  Repositories  -­‐  Not  Really  Safe   Simple  SoluCon:     Encrypt  spreadsheet  (winzip,  truecrypt)   White  out  the  passwords,  so  you  can  just  copy  /  paste  
  • 32. Using  EncrypCon   Protect  person-­‐person  communicaCons   Digital  Signatures  –  Brings  confidence  sender  is  as  claimed   Message  AuthenCcaCon    -­‐  Not  changed  in  transit   Privacy    -­‐  Secure  message  in  transit   Disc  encrypCon  –  Important  on  mobile  devices   Personal  IdenCty  in  public  space  –  Digital  ID’s   Common  Freeware:    TrueCrypt,  Windows  Bitlocker,  Gnu  Privacy  Guard,  Winzip  (pay)  
  • 33. Things  You  Don't  See  Have  Holes   Printers   Smart  TVs  and  other  appliances    “Samsung  All  Share“   Video  Game  Consoles   “Internet  of  Everything”   SoluCon:    Segmented  Network  /subnet/DMZ   Put  your  most  secure  data  behind  an  internal  firewall  
  • 34. Learn  How  to  Create  a  Segmented   Home  Network  
  • 35. Safe  Browsing  Choices   Use  Private  Browsing  (all  browsers  have  this  opCon)   Limits  amount  of  info  stored  in  browser.     Use  Virtual  Machines  for  browsing  the  internet   (need  to  isolate  the  VM  from  any  network)   TOR  (  The  Onion  Router  )     Not  really  anonymous,  but  very  hard  to  trace  
  • 36. LocaCng  SensiCve  Data   IdenCty  Finder  -­‐  Find  Personal  IdenCty  InformaCon  (PII)    on   your  computer  
  • 37. AnCvirus     Good  products:        Comodo          (  paid  )    MalwareBytes    (free)      Combofix  rootkit  fixer  (free)    Recommend  avoiding  Kaspersky    
  • 38. Keeping  Your  Ear  To  The  Ground     Resources  for  Further  InformaCon   Greater  Houston  Partnership  –  CyberThreat  Self  Assessment  Tool   hAp://www.houston.org/cybersecurity/pdf/Cyber-­‐Security-­‐Book.pdf   Best  PracCces  for  Small  Businesses  -­‐  NIST  7621   hAp://csrc.nist.gov/publicaCons/nisCr/ir7621/nisCr-­‐7621.pdf   SuggesCons  from  Greater  Houston  Partnership     Greater  Houston  Partnership  –  CyberThreat  Self  Assessment  Tool   hAp://www.houston.org/cybersecurity/pdf/Cyber-­‐Security-­‐Book.pdf   Know  the  Risks  Before  You  Head  to  the  Cloud:  A  Primer  on  Cloud  CompuCng  Legal  Risks  and  Issues  for  Nonprofits   hAp://www.jdsupra.com/post/documentViewer.aspx?fid=05a42be3-­‐161f-­‐4909-­‐af04-­‐50aa14b6689e   Cybersecurity:  The  Corporate  Counsel’s  Agenda   hAp://www.hoganlovells.com/custom/eDocs/Cybersecurity%20Advisory_Pearson_11152012.pdf   Online  Social  Networks,  CyberRisk  and  Your  Nonprofit:  What  You  Need  to  Know   hAp://www.nonprofitrisk.org/library/newsleAer/followme.shtml  
  • 39. Keeping  Your  Ear  To  The  Ground     Resources  for  Further  InformaCon   ExecuCve  Order  Begins  Process  of  Strengthening  NaCon's  Cybersecurity  and  CriCcal  Infrastructure   hAp://www.pepperlaw.com/publicaCons_update.aspx?ArCcleKey=2562   NIST  Special  PublicaCon  500-­‐292:  Cloud  Compu5ng  Reference  Architecture.   The  Importance  of  Cybersecurity  to  the  Legal  Profession  and  Outsourcing  as  a  Best  PracCce   hAp://e-­‐discoveryteam.com/2014/05/11/the-­‐importance-­‐of-­‐cybersecurity-­‐to-­‐the-­‐legal-­‐profession-­‐and-­‐outsourcing-­‐as-­‐a-­‐best-­‐pracCce-­‐part-­‐one/   Online  Privacy  for  Nonprofits   hAps://www.privacyrights.org/online-­‐privacy-­‐nonprofits   NIST  Proposes  Privacy  Control  Roadmap  for  OrganizaCons     hAp://www.pepperlaw.com/publicaCons_update.aspx?ArCcleKey=2658)   Common  Vulnerability  EvaluaCon  Database   hAp://www.cvedetails.com   Mandiant  Reports  hAps://www.mandiant.com/resources/mandiant-­‐reports/   Webcasts:   BiAer  C-­‐Suite:  Privacy,  Security  and  Data  ProtecCon  Issues  Facing  CorporaCons,  Directors  and  Officers  ( hAp://www.pepperlaw.com/webinars_update.aspx?ArCcleKey=2888)   BYOD  (Bring  Your  Own  Device)  *Liability  and  Data  Breach  Sold  Separately  (hAp://www.pepperlaw.com/webinars_update.aspx?ArCcleKey=2773)  
  • 40. Closing  Thoughts   Recognize  Data  Breaches  cannot  be  100%   prevented.    They  will  happen.    You  must  prepare   mulCple  defense  strategies  to  remediate.     Take  a  thorough  inventory  of  your  data,  your   devices,  your  systems,  and  who  is  “allowed”.   Understand,  and  stay  aware  of  a  conCnuously   evolving  threat  environment  -­‐  Defending  your  data   is  an  ongoing  process.