Panel | Mastercard Trust Center
Skills:
Security Basics90%
Key Takeaways
The Mastercard Trust Center provides free cybersecurity education, resources, and tools to help secure businesses' digital ecosystems. The SANS Institute panel discusses how to access these resources to avoid cyberattacks.
Full Transcript
foreign tastic panel discussion today I am Ginger Siegel and I lead small business for all of North America for MasterCard and we're very very excited to be joining the Sans group today great thank you so much so to start us out um I wanted to just ask the question uh to both of you and Ginger I think I'll post it to you first what does the Cyber threat landscape for small businesses look like today well Max it's it's not only a great question but it's a super important one you know a lot of people when they think about cyber security and cyber attacks they think about the big companies but the landscape particularly since covid has really changed and roughly 50 of all cyber attacks are actually happening on small businesses today and this is really continued to grow as more and more small businesses have digitized a couple other stats out there um that 61 percent of small businesses have already experienced at least one threat and part of the problem is because small businesses don't have a lot of resources very often their response is reactive versus proactive and in fact when these cyber attacks happen about 83 percent of small businesses are not financially prepared to survive the attack simply because the average cost of a Cyber attack is between let's say 100 and 200 thousand dollars so we see the landscape changing dramatically particularly when it comes to small business thank you very much I just want to be sure I heard correctly did you say over 50 of attacks over 50 yes and actually and then 61 have actually experienced one um which is which is a very big number and the problem is because of the large cost related to some of these attacks particularly around ransomware many of these small businesses just can't survive because I would say about 95 of all small businesses are under a million in revenue and so if it's going to cost them up to two hundred thousand dollars let's say you can see how detrimental that could be to their survival yeah devastating um what are some examples either of you would like to share on on how an attack um you know whether it's Financial or otherwise can impact a small business any kind of real world examples you're able to share yeah I mean I I have one that constantly comes to my mind um but I would say in general one of the biggest um I would say um impacts is financially um we I know of a Doctor's practice um down in Florida they'd been in practice for 15 years very substantial practice very very successful a pillar of the community and uh they were attacked with ransomware for a significant sum of money took over their records and you can imagine for a physician the importance of their records and patient privacy and it literally put this doctor out of business after a 15-year run so there's a lot of examples out there but I would say you know from a financial perspective that's one of the biggest impacts the other big impact is reputational you know small businesses have customers and there's huge reputational risk particularly if a small business business loses records or has breaches um it can really especially if that gets out it can really impact how these small businesses are viewed and perhaps create a fear for doing business with them particularly as more and more small businesses are actually online doing more social media so it's a pretty powerful thing that can actually hurt them terribly yeah I'd say at least 60 of the small businesses that suffer a Cyber attack go out of business within six months it's a it's a really scary statistic because that you know compounded with the fact that about half of those attacks are on small business that's not good no Gina you're really you're so right and what's important about what Gina just said max is that small businesses employ over 50 percent of the population and so when we see small businesses go out of business it's not just detrimental to the business itself and their employees and their families it's detrimental to the community and it's really detrimental to the overall economy as well yeah the reverberations of that that impact go much further than I think we all realize exactly yeah it affects a lot of families yeah you know and related to that I think reports of cyber attacks on large companies or government entities are reported in the news most consistently um you know for example Samsung Tick Tock you know were hacked last year and user database records were impacted significantly and stolen um but you just alluded to we don't hear as much about cyber attacks and small businesses and the reverberations of that impact um so do you feel that small businesses are at risk of experiencing a a Cyber attack in terms of where hackers Focus their activity just as much as large companies absolutely because one of the things about the news is the news is going to report on the biggest things that they can report on so when they hear uh you know big attacks on Samsung and Tick Tock and Target back in the day um that's big dollar and name brands that we know and so that resonates with a lot more people than if it's Joe's pizza shop that you know people may not have heard of it's you know localized and you know Max I just add one thing on to Gina's point is that the problem with this is that exactly to What gene has said because they're not publicized many small businesses don't take it seriously because they don't believe that it's going to impact them until it's too late and actually about 80 percent of small businesses don't do anything until they have an attack and then sometimes it is too late so it's really difficult because they're not put out there in the news but we know that the underpinning the end result is going to be catastrophic especially compared to some of the larger companies certainly we don't want this to happen to anybody but small businesses don't have the foundation the capital uh cushion to protect them if something does happen right and obviously uh given the impact you know the lack of attention that it gets is is a is almost a deterrent to small business to invest in cyber security so what do you think can be done to raise more awareness whether it's through media or other avenues among small businesses about and communities and government uh policy makers about the uh the impact of cyber security tax on small businesses and how they affect others webinars like this are really good starting point because anyone that listens it has a ripple effect you know they tell two friends who tell two friends who tell two friends and then the message goes out there and part of that message needs to be that there are a lot of free resources out there that are designed specifically to help small businesses secure their business yeah I and I would just add on exactly to what Gina said that um you know Gina and I do spend a fair amount of our time doing these kinds of webinars and certainly Max your organization is a pillar to really Provide support and put the wind at the back of small businesses but for me this is all about education and so if we can if we can get on these types of webinars and spread the word with large numbers of participants and then they spread the word beyond that I think that's number one but then it's not just about that it's exactly what Gina said which is there's tools and people don't you know it's it's important not to just listen to a webinar but then what actions are you going to take when you get off that webinar and I think you know our job is in a sense to make people afraid and to really make people understand the potential severity of this um and so these kinds of things are absolutely invaluable and to add on to you know make them afraid yeah we have to because it has to be a real and present danger but we also share information that empowers them with fairly simple steps that as long as they're diligent with these will make a big difference and we'll talk about that later yeah so so on that note in terms of you know taking something from the webinar to both spread information but also take action um what should small businesses do to protect themselves from a Cyber attack you know what types of attacks are they facing most often and how do they protect from them that's very good question so cybertech 91 of cyber attacks are based on human error it's you know the mistakes that we make and it's some of the simple stuff and we'll talk about that you know with passwords and phishing and and those kind of things but the great opportunity for small businesses that we can help them get empowered to change that human behavior by change the human error by changing human behavior in fairly simple ways and that aren't expensive either and so we'll get into today um use of safe passwords and multi-factor authentication avoid getting how to avoid phishing attempts and um like the simple things like using those USB thumb drives whatever you want to call them more carefully or using a different data source so there are more things that we can talk about yeah I would just add one more thing on as well to to what Gina said it's making sure that employees change their behavior um employers but also employees um because it's really important that you know even if there's just one other employee that they're really taking the time to understand what the potential implications are you know of some of these errors and you know we see it all the time um and the other thing to think about is that there are tools out there such as monitoring tools to alert small businesses to what is going on in the dark web there are assessment tools to help small businesses to really understand what their Baseline is and I know Gina will will also speak to some of that as well but it's behavior and it's also taking action immediately that's great and I think the you know a few times today in different capacities uh speakers have talked about kind of best practices and the importance of implementing them you know if you think about kind of um those best practices um you know not carelessly using USBS or whatever it may be what advice would you give on how to actually you know to a small business owner or manager on how they actually work with their employees besides saying don't do this to get them to take on those best practices and turn them into actions and behaviors it comes down to education and if they understand if the employees understand the risks that can be caused by their errors or behavior then they should I hope have a vested interest in the success of this business that they really care about it and and the things that they need to do are fairly simple yeah and I I would just say the other major best practice is be alert I think we all get into a Zone where we're on our computers and we see something come through and we automatically click on it and you know to Gina's point about fishing which is one of the one of the top ways that bad actors get into our our stuff and so I think it's taking a step to step um I was talking to to one of our great cyber experts and you know something that she said to me was she said you know that you you get a lot of emails in a day if there's emails where you don't necessarily know she said just put them in a folder when you have time and then go back and go through them and I thought that was really great advice so that you know that you have to go through them but you do it when you're in a different mindset and you know just pushing through the work so I think it's really taking the time to assess the situation and then you begin to learn what doesn't look right right and we get all kinds of his employees cyber security training and one that has really stuck in my brain is do I know you like that it's questioning whether it's an email it's um you know a text message or a um even a phone call and do I know you like that and if I know you for what the information that you want to share or the things you want me to click on attachments and links is that really appropriate for this person with me and that can be one of those if you have questions about send it over that folder that Ginger just mentioned excellent any other best practices with respect to education awareness among the employees that you know you'd like to share or best practice of the appeal are kind of a must do or must Implement for a small business I have about six areas that I can cover with best practices but then also resources as well so do you want me to take off with that let's go with it okay just interrupt me if I'm getting too enthusiastic and going on too much um but the first area is really safe passwords because think of your passwords as the key to your digital Fortress right and if you if someone gets that key your password then you've got a breach in your security wall right and so the things that you should do and don't do I'll give you both so first what you should do you should create passwords or paraphrases that are 8 to 16 or more characters long and you use lowercase letters uppercase letters numbers and symbols and so the longer it is and the more varied it is with the kind of symbols and numbers and such that's in it the stronger it is you want to change your passwords every three months or immediately if you're hacked or if you see that you're at risk it's a lot to remember all of the passwords you have out there because in today's connected world we have a password for everything so use a reliable password manager um and very important is to enable two-factor or multi-factor authentication and that's where you have say on your phone and you put in a password with you know some vendor or somebody that you use and they send you a text message or an email with a code that you then enter into that site that is matching your password with you as a person putting them together and say okay let them in without that multi-factor and authentication anybody who steals your password can go out there and have a lot of fun with it in a way that you don't want now the things that you don't do is don't use the same password for everything ever and I mean I've had family members that I've had to coach on this myself you cannot do that um and 50 of people use the same password for all of their logins so that means in this digital Fortress you've got a lot of doors and they all have the same key when somebody can set password they can get in from a lot of places also don't share your password with others and don't like write down your passwords in a list and tape them on the underside of your desk drawer I was just watching a movie this last week and that's what somebody did to be able to hack into all these Financial accounts um so that stuck with me so then moving on to phishing as I mentioned 91 of cyber attacks are caused by phishing and what that leads to is stolen data malware viruses ransomware and such and so fishing can come in multiple forms it can come there's a lot of forms of it but the main three that I think of are email phishing and then smushing which is SMS fishing which is texting and also fishing with the voicemail phishing um so what the things that you should do is look for inaccuracies and email addresses fake looking logos from companies misspellings just like Ginger said you know if you find something you're not quite sure either delete it immediately or put it into that file for you to do a little bit more investigation if it's an unfamiliar sender who is asking for data ask your question do I know this person like that pitch it also delete suspicious emails and then empty your trash and then let your employees know that you got this suspicious email because they may have their email addresses too and send it to them and if something like this happens then look up the customer service phone number on the provider's website and call customer service and what was happening to me personally is I kept getting a series of phone calls on my cell phone from Apple that I it wasn't a familiar number so I just kept not looking at you know answering them but then I called Apple from their customer service I said do you call people they said no we don't call people to you know when there's an issue so again I don't know you like that Apple what you don't do is don't open attachments or click on links within emails unless you know the sender um for don't forward suspicious emails to other people uh-uh only opens that door wider and don't send financial information and personal identifying information through emails if there's a way they can help it because it should be all within a secure system okay so the third one is I already mentioned so I'll just say it quickly USB thumb drives memory sticks removable media 27 of malware infections and viruses come from an infected USB so say you're walking into your business and you see a you a thumb drive on the ground outside your business you pick it up and you go plug it into computer computer to see if you can figure out whose it is and all of a sudden you're infected with a virus don't if you find a USB just crush it destroy it and throw it away and don't lose yours don't leave it laying around and lock up your USBS um and what you should also not do don't use giveaway USBS I've been to conferences before where they give you a USB that's branded to them you just never know and maybe the company was fine but some malicious employee went and loaded it with a virus and so don't lose your USBS so those that's the beginning of the journey into cyber security advice but you can see none of that is really hard it's a matter of communicating that to employees and taking those actions yourself and keeping it up and I I just Gina those are fantastic and um I just wanted to add one more that people may not think about you know we talked about the fact that small businesses don't have a lot of resources they don't have Chief risk officers marketing officers and small businesses the owners do it all they are the chief cook bottle washer very often there might be a task where they might say oh you know what here's my password you know why don't why don't you just look it up for me I think you have to be very mindful even within your organization that it's not that you you can't trust your employees but you never know who your employees know and you have to think about every person that gets some piece of information about your business it could be a piece of information that travels like the game of telephone and so I think it's important that for those those business owners out there who do get it's exhausting to run a business and it's a lot easier sometimes to try to cut corners but it's really important that you know and think about where the information not only is but where it could get to so max I just wanted to add that in because I think it's a common thing that happens um just because lack of time oh 100 um many years ago before joining fans I can attest that I worked at small businesses where Executives of which there weren't many would share passwords with Junior level staff to go and complete tasks via their email for them and those passwords were likely used for you know other uh access to other sensitive systems or that's right yeah yeah that is correct and you know you have to think about too as a small business owner are you and or your employees using personal devices to do work business so at MasterCard workers work personal is personal completely separate we can't you know there's all kinds of rules about you know how we can use you know our our technology which is great we're completely locked down secure company but that may not happen with a small business they may not be able to afford to give all their employees a cell phone for example or if they need iPads to do certain kind of business even computers and so your weakest link can take down your whole business and it may not be even something you've thought about yeah and I think Gina's point is spot on because certainly MasterCard is a large company that is incredibly protected and has very significant resources and security um and we have some of the top people in the industry but small businesses don't they can't and so they have to really double down on thinking twice about every single thing they do and I think that kind of business and personal is a really really good point I can't think of too many small businesses that have those kinds of rules um just because they don't necessarily even have an HR department or a technology department so Gene I think those are really good points thank you so you know in terms of best practices I know you went through several and you might have a couple more to bring up at some point but coming back to that small business owner you know who does have multiple hats to wear um what are the other actions um outside of kind of incorporating best practices across the organization that you know as an owner you feel they need to take to improve cyber security they have to be the Cyber leader so that means that they really need to learn about those best practices and communicate them and follow up if they don't feel that they have the time or the expertise to do that it's more more time because you can learn all of it if they have an employee that's really good with technology or even moderately good with technology they can assign that person to be the Cyber leader and be the one that is responsible for teaching others yeah I I think that that's absolutely correct and then I think the other thing is is always get up every morning and assume something bad could happen I think that being prepared and assuming the worst from the minute that you wake up is really important because it puts you on a certain sense of alert so that you are more careful versus going into your day just assuming today's just going to be another day and I think that vigilance is critically important great insight so let's say you are a small business owner wearing that hat a cyber leader um or you have someone you've uh you know designated that to but you're working with them and you know the horrible happens you are the victim of a Cyber attack um how do you respond you know do you notify anyone like what what are your steps one two and three okay so ideally in advance you have created an incident response plan and what that is is that it's preparing for a possible future incident so and you have to make sure that everyone in your company knows about the plan and is ready that if something happens and there is a template on the Cyber Readiness Institute website that helps to design that but you so in responding to a Cyber attack you need to inform all the employees that they must shut down all their devices immediately don't send any emails don't do anything on your devices in fact also disconnect from the internet and intranet if there's an internal Network by turning off Wi-Fi and unplugging your cable and then contact your um your internet's the service provider and then if you happen to have the luxury of having a managed service provider for your I.T or your it service provider then contact them as well and then if you have cyber Insurance contact that provider also now if you have an attack then there are government agencies in Canada and the U.S and also there's one international that I'll tell you about so in Canada there is the Canada Center for cyber security and they they want you to report cyber breaches also in the United States the Federal Federal Bureau of Investigation has an internet crime complaint center the ic3 and again they take um and want these complaints um filed them if you suffer a ransomware attack then go to nomoreransom.org make sure it's the dot org sometimes it comes out as oh um no more Ransom project but this is a non-profit organization globally and their mission is to stop ransomware in the track so they have hundreds of in decryption code so that if you have encrypted files that you can see in but you can't get to them because they're encrypted then they have keys that could quite possibly on in crypto so that you can get back your data so those are just three but it is good to report Ginger anything you'd like to add in terms of yeah I mean I think the the one thing I think those are exactly the right steps but the one I would add is once this all happens what are you gonna do to avoid the definition of insanity which is doing the same thing over and over again and expecting different results so I think that once this happens and you've used all of these great resources that Gina has talked about there it is critical that you really look to see what are the very specific changes that you need to make in your business and and maybe you know Max I know we were going to talk about this but maybe this is a good time to bring in the fact that one of the areas that's really coming up a lot is the opportunity for small businesses to get Cyber insurance which um is very very critical at this point because if we know that the top reason that cyber attacks get people is based on the financial gain that these Bad actors want the financial gain has to come from a financial loss and that usually is going to be the business that this happens to and for example we um we have a cyber bundle uh we we focus a lot on education which Gina talked about we have tools that will actually help a small business assess the vulnerability of their sites and then we also have a 24 7 monitoring system that will monitor the dark web but we also offer insurance through an organization called HSB and without getting into the details of the insurance it's certainly something that can be looked up it there's a range of coverages that you possibly can get things like data breach fraud identity theft you know losses in terms of computer attacks a system failure and just general liability and I think one of the top areas where people suffer is through ransomware we see a lot of ransomware on the personal side my mother was attacked uh and and had a ransomware attack on her computer and so I think that protecting yourself after this happens really understanding the why and then trying to fill all the holes that might have allowed this to happen in the first place yeah I think it's super helpful um and Gene I'll let you jump in if you'd like on insurance to hear your perspective on it because it was a topic of a panel earlier but I think hearing the perspective of you know two individuals representing two leaders at a corporation that works with all these small businesses um how do you see you know many small businesses serve larger entities whether they're corporations government organizations um how do you see the uh the lens and the perspective on a small business that has cyber Insurance versus one that doesn't when it comes to kind of um you know trusting in their cyber security preparedness or incident response planning so one of the things about cyber insurance is that it does I think you're less likely to fall victim to one of those that goes out of business because of a Cyber attack because you have that backup so say that you're sued by somebody whose data is stolen from you that whole recovery is expensive uh cyber Insurance often covers cyber breach investigations so that they can dig in to see why it happened how it happened and that helps to prevent it elsewhere so it does give you that layer of protection and the statistics say that a business is more like to use likely to have a Cyber attack than a flood or a fire so we get that insurance on physical space we have it on our homes you have it on businesses but not as much on you know cyber insurance and one plug I'll make is that if you are a MasterCard credit card holder for a personal card we have ID Theft Protection identity theft protection and I signed up for it I put in all kinds of information about myself you can put you know Social Security numbers and and bank account numbers and all kinds of things other credit card numbers and it will give you alerts so if you're I was getting alerts and I'm embarrassed to say that I had some old passwords that I'd actually reused the password on more than one account they identified that for me I went in there and fixed it and added two-factor authentication and some of these accounts were old and I hadn't gone into them for a long time so I didn't remember that I'd used them before yeah and I'll just add just a little plug also we also have ID Theft Protection on our small business cards as well as a great partnership that we have with uh like a McAfee so we we have partners that actually we bring to the table to support our card holders in a number of different ways on both the consumer and small business side but separate from that the most important thing is partnering with organizations like yours Max to really perpetuate the need for education on this topic and really to bring to the Forefront this is not something that just happens to other people but it happens to a lot of people and businesses and so it's really critically important yeah absolutely and on that note we're gonna move into our last couple questions um before we go to the audience questions um so you know spoke a lot about education you know getting information out there what resources do you recommend small business owners check out to learn more about securing their business so we have the MasterCard trust Center and if I may share my screen for just a moment there we go okay so this is the MasterCard trust Center and this provides free cyber security education resources and tools designed to help small businesses improve the security of their business and what is unique about this experience is that it does not matter what level of cyber security expertise you have you can find materials that fit your needs so if you're someone who doesn't know very much about cyber security and is I'm pretty overwhelmed by it you can start at this Learning Journey called learn the basics if you know the basics and you want to learn more you can expand your knowledge and if you are pretty knowledgeable about it but you know you need to keep you know up with what's going on then you can master your security so the sites each of the learning Journeys has three content areas cyber security Core Concepts Cyber attack methods and help protect your business and you can see the way that we post the information so it's in videos podcasts white papers infographics and such different ways to to get that information and then I don't want to make anybody dizzy we do offer some um featured content from MasterCard this is a Dr J's mastering cyber podcast it's a minute and a half long we've got them Peppers throughout the whole site and they are super informational and very engaging and we also have a resources and solutions page and this is our U.S site so this is where you can learn about cyber insurance from our partner HSB and it's available for purchase within the U.S give some and you can learn about and get a quote and there's a um you can actually get you know the premium quote this is digital doors this is ginger she's going to show us this in just a moment and then you can go to MasterCards entrepreneurs Odyssey another free resource and this helps you learn how to start a business grow it and um you know continue to develop your business over time plus you can join a small business Community to talk with other people who are small business owners all free very video based and then I mentioned the Cyber Readiness Institute they have the Cyber Readiness program they have a cyber Readiness starter kit and they have a cyber leaders certificate program so you can just click here all free it's a non-profit we support we also support the global cyber Alliance and they have their cyber security toolkit it has education materials but it also has real tools that you can use at no charge and it has a lot of Articles and such so this is the trust Center yep excellent and you just mentioned it there I don't know if you want to just bring it back up the digital doors um yeah yeah um maybe you can bring that up Gene and I I can just tell everyone we're super excited about MasterCard digital doors you can just Google that and we built this when covet happened but we found out that over 30 percent of small businesses did not have a digital online presence and so what we did is build digital doors as a way to help small businesses get online accept payments for example and like tap on phone uh we have a wonderful curriculum on things like social media marketing um we have a digital diagnostic test which will help you identify areas either Financial areas operations Safety and Security where you actually will take a test with 17 questions you'll get a score and we'll Benchmark you against other businesses but will also give you a path to fix that and this is free and then we're really excited um and yeah you can see here the digital Health scoring which is a wonderful tool and we also now have Partners like FedEx that provide big discounts um Marquez which is a really great dashboard of information that you can save and use when you apply for different loans and things and then of course a lot of related contact content particularly on cyber security is a big area but it's a wonderful way to provide support help you get online help you stay online how to develop websites um and so we are really thrilled we're lucky to partner with Gina and her team to have some of these great resources but again it's free I would highly recommend those that are listening to take a spin and now we have just added a complete marketing Hub where you can actually really design your own ads level up your marketing skills it's a very Advanced play to provide tools to help you acquire new customers um create an influencer program and this was just added in the last couple weeks so again MasterCard digital doors and and most importantly for this session today some great connectivity into cyber curriculum which is very important as we've discussed Max absolutely no and thank you for sharing that so I'm gonna I'm gonna pivot now to questions that we've gotten in the slack um one was actually common but I'd like to see if either you'd like to reply to it um Benny said you know well it might always sound easy to shut down systems it's you know kind of also important to preserve the evidence when you think about containing the incident I wanted to see if you've seen any of that in your work with small businesses or had any comments there from my experience I haven't worked with individual businesses but I do know that that is one of the things that we definitely recommend and one thing that's really important is that you back up your data on a regular basis and the Cadence the the frequency that you back up the data depends on how much data you can afford to be without because if you get hit by a ransomware attack and you've lost your data that shuts you down until you know especially if you have online Commerce and such but also with your vendors so back up your data frequently and also update or patch all of your software and your operating systems on a regular basis too because that also helps prevent cyber attacks because um companies know that they find holes in in their programming and those patches or updates are designed to plug those holes and the fraudsters know that when they find them if someone hasn't patched then they can go attack them even on something that's been corrected yeah yeah I think Gina answered the question beautifully um I guess the only thing I would add is just double clicking on something she said which is very often we're on our computers and these updates come through and we press do it later and later never comes and to Gina's Point these are sent for a reason so I think that backing up the data and making sure you stay absolutely Vigilant on the updates um we have to as well here at MasterCard so I strongly suggest they don't agree with Gina and that's for your business and your personal that's right that's great thank you so another question I think this ties back to kind of not just education of the current you know small business ecosystem but those who might be in it in the future what are your thoughts about starting cyber education at the upper High School level and this person wrote that you know targeting the future generations and will be leaders small business owners and the workforce um you know providing them education I want to see what you what you thought of that idea I think it should start before the upper High School level you look at middle schoolers who go online even um and they're you know they have cell phones younger and younger even down to elementary school so there are different levels um that you can educate but it's definitely something there should be the curriculum in the schools at the level that is appropriate for the ages that they're educating yeah I I completely agree with Gina first of all uh I can't believe the age that some kids have cell phones now I just saw a five-year-old with the cell phone I thought oh wow um but the education is important but also a positive thing is this is a very very thriving industry on both the bad side and the good side so I think the more we educate this could be a wonderful career path for a lot of students as they're thinking about what they want to do uh overall Safety and Security is something that's front and center in so many organizations today it could be in the private sector it could be in government so aside from the fact that children need to understand that there's bad things out there it also could be a great path for them for their future in fact there's a huge shortage of people of Professionals in the cyber security field and I know Sans Institute really knows that and has great programs degree programs and certificate programs in cyber security absolutely no there are you know different programs for the workforce for those that are security awareness professionals or even in Academia with our sans.edu aside the um I did want to come back to a couple of final questions I'm going to give myself a two-minute warning for the three of us um but the uh the question from Benny was that you know what are some of the security areas that uh you know Banks or financial institutions focus on to integrate their systems with businesses um perhaps sometimes small businesses who are running credit checks uh from their website and he added on or she added on by saying well I understand that Banks and businesses have to work together to fill out questionnaires or run credit checks or do checklists to integrate systems are there any types of platforms or tools that can be used to check the security posture of organizations be it the bank or the credit check company or the you know small business vendor well first piece of advice I have related to the credit checks is lock is freeze your accounts I froze TransUnion Experian and you know I can't remember the other one I froze them and I can unfreeze them with a couple of clicks on their website when I know I've applied for a credit card or you know some kind of a loan and then I refreeze it but that way if someone broadster goes out there and tries to get a credit card or buy a car um with your information that they've stolen they can't get a credit report and they can't unfreeze it so that helps and MasterCard has a tremendous number of tools that Banks utilize to help fight fraud and um and to secure their systems and I'm not versed in all the specifics but I do know that we have that in place so it depends on if it's a bank that's working with MasterCard yeah Gina I'll just add it's absolutely true um so our clients our banks and fintechs and all the people that serve small businesses so we do ensure that our customers have the availability of all of the great tools and solutions that we have either through things we've developed through companies that we've acquired but cyber and overall fraud protection is of the utmost important to MasterCard and to our clients in fact the reason why we call it the MasterCard trust Center is because we know that without trust and commerce and in pretty much anything things stop there and ginger made a great Point early on is that if a business suffers a Cyber attack they start to lose a trust or immediately maybe sometimes lose the trust of their customers it's really about cyber security that creates that trust absolutely so on that note um wanted to uh wrap up here but leave you both the opportunity to share your final thought and um this is what is one thing you want every attendee to take away from your session if you can include that if you give us your final thoughts here I mean I I can think it for me it's an easy one which is take this seriously um use this as a springboard to go into your systems to analyze where you might have gaps and don't wait till tomorrow because the bad guys aren't that's exactly right and take these what are really fairly easy steps to secure your business and eat that apple one bite at a time you know do one and move on make sure your passwords are secure then make up you make sure that you have tooth Factor authentication you know just keep eating until that Apple's down to the core and you've got it foreign
Original Description
Need to find free, easy-to-use cybersecurity resources? During this session, we will walk through the Mastercard Trust Center to learn how to access free cybersecurity education, resources, and tools designed to help secure your business’s digital ecosystem. Start learning today to help avoid becoming a cyberattack victim.
SANS Small Business Cyber Summit 2023
Panel | Mastercard Trust Center
Speakers:
Gina Ganahl
Ginger Siegel
View upcoming Summits: http://www.sans.org/u/DuS
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from SANS Institute · SANS Institute · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
SANS FOR610: Reverse Engineering Malware: Malware Analysis Tools & Techniques
SANS Institute
SANS Institute Cybersecurity Training Customer Stories
SANS Institute
SANS Institute UK Cyber Academy
SANS Institute
SANS Institute UK Cyber Academy
SANS Institute
CISSP® Prep Exam, MGT414, by SANS Institute
SANS Institute
SANS Institute's Rob Lee Discusses The OPM.GOV Hack on CNN
SANS Institute
Information Security Training from SANS Institute - Student Testimonials
SANS Institute
SANS NetWars
SANS Institute
SANS DFIR NetWars
SANS Institute
Hack The Drone - SANS Cyber Academy UK
SANS Institute
SANS VetSuccess Immersion Academy
SANS Institute
SANS Cybersecurity Training, Certifications & Placement for Veterans
SANS Institute
The 2015 SANS Holiday Hack Challenge
SANS Institute
SANS VetSuccess Academy: Hands-on Skills
SANS Institute
SANS VetSuccess Academy Overview
SANS Institute
SANS ICS Security Summit & Training 2017
SANS Institute
Exploring the Unknown Industrial Control System Threat Landscape – SANS ICS Security Summit 2017
SANS Institute
WannaCry recap, patches, and analysis
SANS Institute
If We’re Doing So Well at Cyber Security, Why Are We Still Doing So Poorly?
SANS Institute
Graduation Day - SANS HM Gov Cyber Retraining Academy
SANS Institute
Incentivizing ICS Security: The Case for Cyber Insurance – SANS ICS Security Summit 2017
SANS Institute
SANS Data Breach Summit & Training 2017
SANS Institute
SANS Secure DevOps Summit & Training 2017
SANS Institute
How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017
SANS Institute
SANS Webcast – Continuous Opportunity: DevOps & Security
SANS Institute
SANS Cybersecurity Programs for the Department of Defense
SANS Institute
SANS Pen Test HackFest Summit & Training 2017
SANS Institute
SANS SIEM & Tactical Analytics Summit & Training
SANS Institute
If We’re Doing So Well, Why Are We Still Doing So Poorly? – SANS ICS Security Summit 2017
SANS Institute
SANS Institute
SANS Institute
ICS515: ICS Active Defense and Incident Response
SANS Institute
SANS Institute
SANS Institute
Introducing the NEW SANS Pen Test Poster
SANS Institute
SANS Institute - An Inside Look at the Newly Updated ICS515 Course
SANS Institute
SANS ICS Security Training, Munich, Germany
SANS Institute
SANS Automotive Summit Webcast
SANS Institute
Privesc Playground - SANS Pen Test HackFest Summit 2017
SANS Institute
Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017
SANS Institute
Honey, Please Don’t Burn Down Your Office: Fun with Smart Home Automation
SANS Institute
SANS Security Operations Summit & Training 2018
SANS Institute
Sh*t Happens! (But You Still Need to Drink the Water) – SANS ICS Summit 2018
SANS Institute
ICS Threat Intelligence: Moving from the Unknowns to a Defended Landscape – SANS ICS Summit 2018
SANS Institute
You’re Probably Not Red Teaming (And Usually I’m Not, Either) – SANS ICS Summit 2018
SANS Institute
A Sneak Peak at the New ICS410
SANS Institute
Jumping Air Gaps – SANS ICS Summit 2018
SANS Institute
Introduction to Linux
SANS Institute
Introduction to Malware Analysis
SANS Institute
You’re Probably Not Red Teaming (And Usually I’m Not, Either) Webcast by Deviant Ollam
SANS Institute
Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018
SANS Institute
Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
SANS Institute
Apples and Oranges?: A CompariSIEM – SANS Security Operations Summit 2018
SANS Institute
SANS Webcast - Perimeter Security and Why it is Obsolete
SANS Institute
SANS Webcast - Trust No One: Introducing SEC530: Defensible Security Architecture
SANS Institute
The Science of Security: The Psychological Impacts of Security Awareness Programs
SANS Institute
How I Pulled Off an Edgy Security Campaign – SANS Security Awareness Summit 2018
SANS Institute
Practical Advice for Submitting to Speak at a Cybersecurity Conference
SANS Institute
SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep
SANS Institute
SANS Webcast - Zero Trust Architecture
SANS Institute
SANS STX Cyber Range
SANS Institute
Part 1 – SANS Institute and Tenable talk about cloud security
SANS Institute
More on: Security Basics
View skill →Related Reads
📰
📰
📰
📰
Treasury Sanctions Two Individuals and VPN Firm Enabling Ransomware Attacks on Americans
Dev.to · Codego Group
Inside-Out Learning
Medium · Cybersecurity
Supply Chain Attacks Are Forcing Threat Detection To Focus On What Code Can Do
Forbes Innovation
How MAC Address Vendor Detection Works: Identify Device Manufacturers on Linux Networks
Medium · Cybersecurity
🎓
Tutor Explanation
DeepCamp AI