Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Panel - NAA 2016 - Multifamily Cyber Security Handbook

Panel - NAA 2016 - Multifamily Cyber Security Handbook

Ryan Byrd of Entrata, Jay Kenney of Lincoln Property Company, Maria Banks of AMLI and Ben Holt of Stoel Rives discuss cyber security as it relates to the multifamily housing industry.

D4e0e61ea324265a1dbca99fdec6614d?s=128

Ben Holt

June 17, 2016
Tweet

More Decks by Ben Holt

Other Decks in Technology

Transcript

  1. #NAAEduConf June 15-18 ☻ Moscone Convention Center ☻ San Francisco

    #NAAEduConf June 15-18, 2016 Moscone Convention Center San Francisco YOUR MULTIFAMILY CYBER SECURITY PLAYBOOK Presented by: Ryan Byrd, VP Engineering, Entrata Panelists: Jay Kenney, CIO, Lincoln Property Company Maria Banks, SVP, AMLI Ben Holt, Stoel Rives, LLP
  2. #NAAEduConf June 15-18 ☻ Moscone Convention Center ☻ San Francisco

    Introductions Let’s learn about today’s panelists.
  3. #NAAEduConf June 15-18 ☻ Moscone Convention Center ☻ San Francisco

    Panelists • CIO, Lincoln Property Company • Prior to Lincoln he spent 19 years at AT&T • SCUBA certified • Triathlete • Can bench press 300lbs Jay Kenney
  4. #NAAEduConf June 15-18 ☻ Moscone Convention Center ☻ San Francisco

    Panelists • Executive Vice President at AMLI Residential • Oversees AMLI’s IT, marketing and education departments. • Previously with Deloitte, SBC Communications and Arthur Andersen • Blue belt in Tae Kwon Do, SCUBA certified 4 Maria Banks
  5. #NAAEduConf June 15-18 ☻ Moscone Convention Center ☻ San Francisco

    Panelists • Associate, Stoel Rives LLP • Focuses practice on privacy, risk, patent prosecution and intellectual property for the tech sector • Previously an embedded systems engineer • Acted in such award-winning films as Justin Chouinard's Theory Ben Holt
  6. #NAAEduConf June 15-18 ☻ Moscone Convention Center ☻ San Francisco

    Is Anyone Safe?
  7. #NAAEduConf June 15-18 ☻ Moscone Convention Center ☻ San Francisco

    Everyone is a Target (Even Target) 7
  8. #NAAEduConf June 15-18 ☻ Moscone Convention Center ☻ San Francisco

    Hope is the thing with feathers
  9. #NAAEduConf June 15-18 ☻ Moscone Convention Center ☻ San Francisco

    Myth of the Genius Hacker Most costly breaches come from simple, user failures, not from attacker ingenuity
  10. #NAAEduConf June 15-18 ☻ Moscone Convention Center ☻ San Francisco

    • We handle a lot of sensitive information • Not a highly regulated industry • Not much tech sophistication • It’s happened before and will happen again • Multiple vendors • Paper-based systems Multifamily Specific Threats A Target rich environment
  11. #NAAEduConf June 15-18 ☻ Moscone Convention Center ☻ San Francisco

    Panel Discussion
  12. #NAAEduConf June 15-18 ☻ Moscone Convention Center ☻ San Francisco

  13. #NAAEduConf June 15-18 ☻ Moscone Convention Center ☻ San Francisco

  14. #NAAEduConf June 15-18 ☻ Moscone Convention Center ☻ San Francisco

  15. #NAAEduConf June 15-18 ☻ Moscone Convention Center ☻ San Francisco

  16. #NAAEduConf June 15-18 ☻ Moscone Convention Center ☻ San Francisco

    Wrapping IT Up And putting a bow on it.
  17. #NAAEduConf June 15-18 ☻ Moscone Convention Center ☻ San Francisco

    Cyber Security Expectations As a consumer of a SaaS product, I expect: 1. My account password will be encrypted (hashed) 2. Credit card information will be stored in a PCI certified tokenization service 3. My PII and sensitive data is encrypted in transit and at rest 4. My SaaS provider has a dedicated IT security team 5. My SaaS provider provides documentation of a passing 3rd party IT security audit annually (PCI, SOC 1, etc.) 6. If financial information is involved, two factor authentication is required 7. All SaaS vendor internal systems are accessed by two factor authentication only 8. Regular Penetration Testing/Vulnerability Scans will be passed 9. Vendor will stay up to date on all security patches for all systems 10. Vendor will respond in a timely fashion to announced CVEs or exploits
  18. #NAAEduConf June 15-18 ☻ Moscone Convention Center ☻ San Francisco

    • Develop and test your incident response plan • Share your IT security knowledge One year from now? When I’m back in the office? • Start using multifactor authentication • Review IT Security Bill of Rights • Follow the Security Checklist-- Encrypt, Map, Cull, etc. Takeaways 30 days from now? • Discontinue any shared passwords • Encourage others to use multifactor authentication • Run Audit reports • Educate yourself on IT Security What do I do…
  19. #NAAEduConf June 15-18 ☻ Moscone Convention Center ☻ San Francisco

    June 15-18, 2016 Moscone Convention Center San Francisco Thank You #NAAEduConf Questions & Answers