Presentation is loading. Please wait.

Presentation is loading. Please wait.

Agenda Do You Need to Be Concerned? Information Risk at Nationwide

Published byEugenia Richards Modified over 8 years ago

Similar presentations

Presentation on theme: "Agenda Do You Need to Be Concerned? Information Risk at Nationwide"— Presentation transcript:

0 Nationwide Information Risk Management (IRM)
M. Travis Michalak Nationwide Financial – AVP Information Risk Management May 12, 2015

1 Agenda Do You Need to Be Concerned? Information Risk at Nationwide
What Can You Do to Better Protect Yourself and Your Sensitive Data Questions

2 Do You Need to Be Concerned?

3 Understanding the threat landscape
ALL COMPANIES ARE ALL AT RISK. NO MATTER THE SIZE OR INDUSTRY.

4 Understanding the threat landscape
15% INCREASE IN THREAT ACTIVITY IN THE FINANCIAL SERVICES INDUSTRY 33% OF BREACHES WERE DISCOVERED INTERNALLY 9 MILLION + PEOPLE EXPERIENCE IDENTITY THEFT EVERY YEAR 2.5 BILLION RECORDS COMPROMISED OVER THE PAST FIVE YEARS 8 MONTHS IS THE AVERAGE TIME AN ADVANCED THREAT GOES UNDETECTED ON A VICTIM’S NETWORK 62% INCREASE IN BREACHES 1IN 5 ORGANIZATIONS HAVE BEEN ATTACKED

5 Understanding the threat landscape
Why is Security an NF Technology Trend? Organized Crime, Hactivists, Nation State, Industrial Espionage, Insider Threat, Careless Employees all pose Threats to the Financial Services sector The Threat is Intensifying Introduction to new technologies such as Mobile, Cloud Computing, Data Analytics are introducing new security challenges Technology Landscape is Changing Fast Many of our customers (e.g., State & County Public Retirement Plans) are asking for this functionality to better protect their consumers information Our Business Partners and Customers Expect Security & Trust There are expanding methods and portals where weaknesses are exposed including, / Web, Web User Interface, Identity Compromise, Physical Access & Social Engineering Vulnerabilities and Attack Vectors are Expanding

6 Information Risk at Nationwide

7 Information Risk at Nationwide
Operational Risk is just one Risk “Type” of our Enterprise Risk Management (ERM) Framework IT Operational Risk Managed by Information Risk Management What does IT Operational Risk Management cover? IT operational risk management facilitates Nationwide’s efforts to: Protect confidential information Have systems and businesses that are recoverable Be prepared to respond to a crisis Be in compliance with regulations and Nationwide policies. Information Security Continuity Management Crisis Management Compliance & Regulatory

8 Information Security at Nationwide
TOP 10 MOST TRUSTED COMPANY The Ponemon Institute, which conducts independent research on privacy, data protection and information security, has named Nationwide one of the top 10 Most Trusted Companies for privacy every year for the past 10 years. Nationwide is proud of this recognition and takes information security and privacy very seriously.  DEDICATED TEAM OF PROFESSIONALS Nationwide has over 150 dedicated trained information risk management professionals who are continuously focused ensuring we help protect the private information and help assure the availability of systems AWARD-WINNING SECURITY & PRIVACY TRAINING Nationwide IT has an award-winning information security and privacy training and awareness program.

9 Business Continuity at Nationwide
COMPREHENSIVE BUSINESS & SYSTEMS RECOVERY PROGRAM In an effort to meet the expectations of our members, we strive to provide continuous service operations. Nationwide uses a comprehensive Business Continuity and System Recovery program where recovery plans are reviewed, updated and tested on a regular basis TOP TIER IV DATA CENTER Our recently opened Data Center in New Albany, Ohio (Data Center East) has qualified as a Tier IV facility, the highest possible rating LEED CERTIFIED Nationwide committed early in its planning cycle to apply for Leadership in Energy and Environmental Design (LEED) certification for Data Center East

10 Information Security at Nationwide
Current Defense in Depth Strategy We provide different protections across all different layers Intrusion Detection / Intrusion Prevention Event & Incident Management Security Policies & Standards (Regulations) Education & Awareness Workstation Security Network Security Software Security Perimeter Security Server Security Database Security

11 What Can You Do to Better Protect Yourself and Your Sensitive Data?

12 Mobile Device Protection
Use a start up and auto-lock passcode Never leave your device unattended and transport it in a hidden area Avoid conducting financial transactions over public wireless networks Only install applications from legitimate application stores Understand what data (location, contacts, access to social networks) the application can access on your device before you download Download the latest operating system updates and security software (if applicable) to help defend against viruses, malware and other online threats Enable location tracking and remote wipe software if available Do not tamper with your Smartphone’s operating system (e.g. jailbreaking)

13 Secure your WIFI Secure your WIFI with WPA2 and a strong password
Secure access to the wireless router Change the wireless network name Turn off remote and wireless access to the router’s settings Enable a Guest network Update your firmware Search online

14 Recognize & Avoid Phishing
Red Flags Check the sender Dear Customer Bad spelling and grammar Urgent requests Be careful with website links Be suspicious of attachments Requests for sensitive information Sound too good to be true?

15 Social Media Tips Consider what you post
Control visibility and privacy Routinely check your settings Respond to a breach

16 Other Ways to Protect Turn on WPA2 Make passwords long and strong
Unique account, unique password Keep a clean machine Automate software updates Admin user account only to complete a specific task Consider the information you post on social sites Enable a firewall (Personal Firewall) Limit use of administrator accounts Protect your $$ Don’t be tricked into opening an attachment or providing confidential information about yourself Never provide your user ID & password via a clicked-on link from an or text When in doubt, throw it out

17 Questions Thank You! M. Travis Michalak Associate Vice President
Nationwide Financial – Information Risk Management 1 Nationwide Plaza Columbus OH Thank You!

Download ppt "Agenda Do You Need to Be Concerned? Information Risk at Nationwide"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.

Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Controls for Information Security

Controls for Information Security
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Program Objective Security Basics

Program Objective Security Basics
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.

Similar presentations

Ads by Google