Blog

/Blog/

Phishing Attacks and Multifactor Authentication

Stop the Password Reset Insanity How much time does your IT department spend changing a user’s network and or email account passwords because they clicked on a phishing link that they should not have? How many users do you have who do this repeatedly? Have you trained your users to identify, report, and ignore these phishing attempts? Why make the only procedure to resolve this resetting the password when it just keeps happening again and again? Stop the insanity and look at a new way of solving this problem. “The definition of insanity is doing the same thing over and [...]

By | 2018-10-02T13:59:26+00:00 September 19th, 2018|Uncategorized|Comments Off on Phishing Attacks and Multifactor Authentication

Cloud Computing and Security

Cloud Computing In its broadest term, Cloud Computing can be defined as the practice of using a network of remote servers hosted by a provider on the Internet (“the Cloud”) to store, manage and process data. In the current enterprise landscape, organizations (called tenants) are steadily migrating technologies to and services into the Cloud looking for a competitive advantage that will enable the business to set themselves apart from the rest of the pack. These advantages of Cloud computing include a reduction in start-up costs, lower capital expenditures, utilization of on-demand IT services, and the dynamic allocation of computing resources [...]

By | 2018-10-02T13:56:38+00:00 August 31st, 2018|Uncategorized|Comments Off on Cloud Computing and Security

Budgeting for Cyber Security for 2019

Cyber-Security Budgeting is a Layered Approach Cyber-Security is arguably the hottest market right now.  Organizations are now willing to spend $$ now more than ever to avoid becoming the next headline.  When planning, it is easy to focus on available products that vendors are spending millions of dollars to push at us every day.  Products are required, but it is the process around these that keep you secure.  Best practices in security follow a layered approach, and budgeting is no different.  Where should you focus your efforts? The Basic Layers:  Reduce Known Risks These are not sexy, but neither is [...]

By | 2018-10-02T13:53:58+00:00 July 31st, 2018|Information Security, Uncategorized|Comments Off on Budgeting for Cyber Security for 2019

Our top 5 findings from IT security audits

What are the top things we have learned from performing 200+ security audits? 1.  The “major issues” do not change Good security is good security, and you can think of the major security issues as being giant “targets” within your organization.  Targets which the bad guys hope will come into their line of fire, and they are regularly shooting at. You can easily spot and name these targets: User awareness, access control, backups/recoverability, etc.  These are the primary topics that most compliance requirements are based on. Identifying these large targets and putting in the appropriate safeguards to make these targets [...]

By | 2018-10-02T13:51:17+00:00 May 25th, 2018|Compliance, Computer & Network Security, Data Breach, Information Security, Research, Viruses, Vulnerabilities|Comments Off on Our top 5 findings from IT security audits

Everything you wanted to know about Ransomware…but were afraid to ask

What is Ransomware? Ransomware is a type of malicious software that prevents users from accessing their computer system or files until a sum of money (ransom) is paid. In the malware landscape, ransomware has earned itself a well-deserved nasty reputation. There are two types of ransomware identified in this branch of the malware family tree; 1) locker ransomware and 2) crypto ransomware Locker ransomware effectively locks Windows access preventing the user from accessing their desktop or files. Typically designed to prevent access to one’s computer interface, Locker ransomware mostly leaves the underlying system and files unaltered.  A message would be [...]

By | 2018-10-02T13:46:28+00:00 May 18th, 2018|Data Breach, Encryption, Information Security, Malware, Privacy, Uncategorized, Viruses, Vulnerabilities|Comments Off on Everything you wanted to know about Ransomware…but were afraid to ask

How to configure warning messages for Office 365 emails from external senders

As a security precaution, it’s a good idea to remind your staff not to open attachments from unknown senders. One easy way to implement this in Office 365 is by setting up a mail flow rule in the Exchange admin center. If you have ever set up a Disclaimer mail flow rule, the setup is almost identical. In this tutorial, we’ll cover how to setup your own warning message for all external email sent to users inside your organization. Steps to Configure Attachment Security in Office365 1. Log in to your Office 365 Admin account at: https://portal.office.com 2. Select Admin [...]

By | 2018-10-02T13:42:24+00:00 May 10th, 2018|Microsoft, Phishing, Viruses, Vulnerabilities|Comments Off on How to configure warning messages for Office 365 emails from external senders

A Vulnerability Scan is NOT a Penetration Test (Pentest)

What is the difference between a Penetration Test and a Vulnerability Scan? Understanding the difference between a penetration test and a vulnerability scan is critical to understanding security posture and managing risk. Vulnerability scans and Penetration tests (pen test for short) are very different from each other in both process and outcome. However, sometimes the terms are incorrectly used interchangeably. In this article, we will explore the differences between the two as well as how they relate to each other. Starting with the definitions of each you can see an immediate differentiator, the objective. The objective of a vulnerability scan [...]

By | 2018-10-02T13:36:44+00:00 May 3rd, 2018|Uncategorized|Comments Off on A Vulnerability Scan is NOT a Penetration Test (Pentest)

The Zenis Ransomware Variant Goes the Extra Mile

Overview Ransomware is a type of malware that infects a computer and restricts a user’s access to the infected computer or files.  A subset of ransomware called crypto ransomware (or crypto virus) has seen a dramatic rise in use over the last few years.  Crypto ransomware’s modus operandi involves encrypting popular and common file types on a compromised system and then demanding a ransom from the user for a key that can then be used to decrypt the files. In Q3 2017, according to Malwarebytes, a company is hit with ransomware every 40 seconds.  This was an increase of 3x [...]

By | 2018-03-21T22:04:03+00:00 March 21st, 2018|Malware|Comments Off on The Zenis Ransomware Variant Goes the Extra Mile

Best Practices for Service Account Management

Service Account Management We spoke previously on the management of privileged accounts and how important it is to keep them accountable. Privileged accounts are one of many different types of accounts that should fall under your organizations Account Management Program and another one to add to that would be service accounts. What is a service account anyway? In basic terms, a service account is an account that a service on your computer uses to run under and access resources. This should not be a user’s personal account. While they may look the same, the separation of users from services is [...]

By | 2017-08-08T05:59:30+00:00 August 8th, 2017|Uncategorized|Comments Off on Best Practices for Service Account Management

Best Practices for Privileged Account Management – Part 1

Basic Privileged Account Management Abused and Misused privileges are often seen as being the cause of breaches within organizations around the world.  Privileged account management should be a major focus for Security and IT management who are looking to mitigate the risks of data breaches and insider risks. What is Privileged Account Management? Privilege Account Management is the definition and management of policies and processes that define the ways in which the user is provided access rights to enterprise systems.  It governs the management of the data that constitutes the user’s privileges and other attributes, including the storage, organization and [...]

By | 2017-08-08T05:58:16+00:00 July 5th, 2017|Uncategorized|Comments Off on Best Practices for Privileged Account Management – Part 1