Building a Security Strategy Without a Security Staff

Room A October 20, 2016 -

Bookmark and Share

Andrew Hay

Where do I start? Am I at risk of being targeted? How much should it cost? What is the ROI? What happens if I do it wrong? What do I do?!?!

These are some of the questions that every small or medium (SMB) sized business owner is asking in the wake of some of the most prolific and highly publicized data security breaches in history. Most people have forgotten about the massive TJX credit card breach of 2007 but recent breaches, such as those experienced by Sony Pictures Entertainment, OPM, and Anthem, have found their way into typical conversations at coffee shops, family events, and holiday parties of the average consumer. The difference, however, is that most SMBs/SMEs have neither the money, expertise, nor the forgiving customer base which would allow their business to survive a similar breach.

So how does a SMB/SME, that is increasingly responsible for the security and privacy of customer and employee information, mitigate a serious and perhaps business-ending data breach? This session will present real world strategies to prepare for, mitigate, and respond to incidents posed by opportunistic attackers, malicious insiders, and targeted attackers – taking into account real-world constraints such as time, expertise, business continuity, and <gasp> money.