Ryan Byrd of Entrata, Jay Kenney of Lincoln Property Company, Maria Banks of AMLI and Ben Holt of Stoel Rives discuss cyber security as it relates to the multifamily housing industry.
#NAAEduConf June 15-18, 2016 Moscone Convention Center San Francisco YOUR MULTIFAMILY CYBER SECURITY PLAYBOOK Presented by: Ryan Byrd, VP Engineering, Entrata Panelists: Jay Kenney, CIO, Lincoln Property Company Maria Banks, SVP, AMLI Ben Holt, Stoel Rives, LLP
Panelists • CIO, Lincoln Property Company • Prior to Lincoln he spent 19 years at AT&T • SCUBA certified • Triathlete • Can bench press 300lbs Jay Kenney
Panelists • Executive Vice President at AMLI Residential • Oversees AMLI’s IT, marketing and education departments. • Previously with Deloitte, SBC Communications and Arthur Andersen • Blue belt in Tae Kwon Do, SCUBA certified 4 Maria Banks
Panelists • Associate, Stoel Rives LLP • Focuses practice on privacy, risk, patent prosecution and intellectual property for the tech sector • Previously an embedded systems engineer • Acted in such award-winning films as Justin Chouinard's Theory Ben Holt
• We handle a lot of sensitive information • Not a highly regulated industry • Not much tech sophistication • It’s happened before and will happen again • Multiple vendors • Paper-based systems Multifamily Specific Threats A Target rich environment
Cyber Security Expectations As a consumer of a SaaS product, I expect: 1. My account password will be encrypted (hashed) 2. Credit card information will be stored in a PCI certified tokenization service 3. My PII and sensitive data is encrypted in transit and at rest 4. My SaaS provider has a dedicated IT security team 5. My SaaS provider provides documentation of a passing 3rd party IT security audit annually (PCI, SOC 1, etc.) 6. If financial information is involved, two factor authentication is required 7. All SaaS vendor internal systems are accessed by two factor authentication only 8. Regular Penetration Testing/Vulnerability Scans will be passed 9. Vendor will stay up to date on all security patches for all systems 10. Vendor will respond in a timely fashion to announced CVEs or exploits
• Develop and test your incident response plan • Share your IT security knowledge One year from now? When I’m back in the office? • Start using multifactor authentication • Review IT Security Bill of Rights • Follow the Security Checklist-- Encrypt, Map, Cull, etc. Takeaways 30 days from now? • Discontinue any shared passwords • Encourage others to use multifactor authentication • Run Audit reports • Educate yourself on IT Security What do I do…
benholt
oracle4engineer
cygames
shoota
ma2shita
shotashiratori
toru_kubota
naokiuc
keropiyo
shinrinakamura
kioto
miura55
sachag
erikaheidi
destraynor
shlominoach
jmmastey
reverentgeek
lara
moore
jlugia
jonrohan
hursman
thoeni
