Coronavirus Cyber Security Challenges – The Remote Workforce

The Cyber Security Implications of the Coronavirus As the fear of the Coronavirus - COVID-19 - spreads, governments and companies are looking for containment strategies that reduce human contact.  Exposed cities are on lockdown, forcing any work to be done remotely and there are more restrictions to come.  Some companies have already closed locations as a precaution, and as restrictions increase, others will be forced to send workers home to work remotely.  The criminals have already started the scams: phishing campaigns to take people to fake news updates to see if they can entice a click.  That is the easy [...]

By | 2020-03-18T10:48:11-05:00 March 16th, 2020|Uncategorized|Comments Off on Coronavirus Cyber Security Challenges – The Remote Workforce

New Ransomware Attacks

In the past few weeks, 5 law firms reported ransomware attacks by a malicious group known as Maze. This new and unique virus doesn’t follow the typical protocol. Instead of placing a ransom note on your system, they place your firm’s name on a public website. Entities that do not comply with ransom demands have portions of their data released publically until the ransom is paid; two different firms had their data released this week. Now that you are aware of the situation, we’ve put together some resources to help you understand it and how to prevent ransomware attacks: Ransomware – [...]

By | 2020-02-13T11:32:21-05:00 February 13th, 2020|Computer & Network Security, Uncategorized|Comments Off on New Ransomware Attacks

IT and the C-Suite: 3 Tips for Communication

Years ago, I served as Head of Information Security for a large organization. After just 6 months on the job, we experienced every network administrator’s worst nightmare…. a data breach. As we worked to resolve the problem, it seemed like there was enough blame for everyone. IT was blamed because of their operation. Application Development and Support was blamed because of their code. Then the CIO started taking heat because security hadn’t been his top priority. Finally, the CEO came under fire for the overall performance of the team leading up to the breach. A recent article I read by [...]

By | 2020-01-21T12:58:48-05:00 January 28th, 2020|Computer & Network Security, Information Security|Comments Off on IT and the C-Suite: 3 Tips for Communication

Simple Cyber Security Tips for your Business

If you’ve ever had someone break into your home or even your car, you know the feeling of vulnerability and fears that accompany that experience. The fear and uncertainty can linger for months and even years. Now imagine a break-in at your business that jeopardizes everything you have worked so hard to build. But this intruder is invisible, and there is no chance that the neighbors will see something suspicious and call the police. Someone in a distant coffee shop in another country can steal your bank account information, private employee data, and information about your clients. Security cameras and [...]

By | 2020-01-21T12:31:33-05:00 January 21st, 2020|Computer & Network Security, Information Security|Comments Off on Simple Cyber Security Tips for your Business

Your CCPA Compliance Checklist for 2020

You’ve read about it for months now, and it’s finally here. The California Consumer Protection Act went into effect on January 1st, 2020. Unlike asking a telemarketer to put you on the mythical “Do Not Call List,” consumers’ new privacy rights under the CCPA are very real and very enforceable. We’ve waded through all the confusing information on the CCPA to put together a handy list of answers to questions you may have had when hearing about CCPA and considering its impact on your business. What is it? The California Consumer Protection Act, or AB-375, was passed on June 28, [...]

By | 2020-02-04T14:37:24-05:00 January 7th, 2020|Compliance, Privacy|Comments Off on Your CCPA Compliance Checklist for 2020

Cyber Security Budgeting for 2020

It is time to update our annual Cyber Security Budgeting advice.  I just lead an exercise at a conference where folks had limited budgets and needed to determine the best places to spend their Cyber Cash.  As I reviewed what we have adapted over the years, much of it is still the same.  We continue to become more dependent on technology composed of applications, operating systems, processors, storage, and connectivity.  IoT, autonomous vehicles, 5G, Huawei, and other new things continue to proliferate, but we still apply the same principles to protect ourselves.   So, what is new this year? The proliferation [...]

By | 2019-08-29T07:00:47-05:00 August 29th, 2019|Uncategorized|Comments Off on Cyber Security Budgeting for 2020

New York DFS – 23 NYCRR 500 Compliance

Checklist for Compliance In response to the increasing threats of cybercriminal activity and as an effort to protect Non-Public Information (NPI) held by entities under its jurisdiction, the New York State Department of Financial Services (DFS) implemented a cybersecurity regulation, 23 NYCRR 500. It has twenty-three Sections and went into effect on March 1, 2017. There are designated “Transition Periods,” but the last one expires on March 1, 2019. A few key things to consider when looking at this Regulation: It applies to Covered Entities, which include those operating under NY Banking Law, Insurance Law, or Financial Services Law – [...]

By | 2019-02-28T14:30:54-05:00 February 28th, 2019|Compliance, Computer & Network Security, Uncategorized|Comments Off on New York DFS – 23 NYCRR 500 Compliance

A Ransomware Savings Account – Pay in Advance!

Diet and exercise versus a pill. An ounce of prevention versus a pound of cure. Saving for expenses versus using credit cards. We all understand that good habits and planning are valuable to achieve our goals. We apply the same principles to Cyber Security… This is a cautionary tale. We all learn from experience, and when fortunate, we can learn from the experience of others. This story teaches a valuable lesson based on real-world experience, and it will help you avoid a terrible situation. A medium-sized firm, unfortunately, became the victim of a ransomware attack. An IT employee came into [...]

By | 2019-11-12T08:05:50-05:00 January 29th, 2019|Computer & Network Security, Data Breach, Viruses, Vulnerabilities|Comments Off on A Ransomware Savings Account – Pay in Advance!

Phishing Attacks and Multifactor Authentication

Stop the Password Reset Insanity How much time does your IT department spend changing a user’s network and or email account passwords because they clicked on a phishing link that they should not have? How many users do you have who do this repeatedly? Have you trained your users to identify, report, and ignore these phishing attempts? Why make the only procedure to resolve this resetting the password when it just keeps happening again and again? Stop the insanity and look at a new way of solving this problem. “The definition of insanity is doing the same thing over and [...]

By | 2018-12-07T16:19:16-05:00 September 19th, 2018|Uncategorized|Comments Off on Phishing Attacks and Multifactor Authentication

Cloud Computing and Security

Cloud Computing In its broadest term, Cloud Computing can be defined as the practice of using a network of remote servers hosted by a provider on the Internet (“the Cloud”) to store, manage and process data. In the current enterprise landscape, organizations (called tenants) are steadily migrating technologies to and services into the Cloud looking for a competitive advantage that will enable the business to set themselves apart from the rest of the pack. These advantages of Cloud computing include a reduction in start-up costs, lower capital expenditures, utilization of on-demand IT services, and the dynamic allocation of computing resources [...]

By | 2018-12-07T16:20:07-05:00 August 31st, 2018|Uncategorized|Comments Off on Cloud Computing and Security