Monthly Archives: May 2018

Our top 5 findings from IT security audits

What are the top things we have learned from performing 200+ security audits? 1.  The “major issues” do not change Good security is good security, and you can think of the major security issues as being giant “targets” within your organization.  Targets which the bad guys hope will come into their line of fire, and they are regularly shooting at. You can easily spot and name these targets: User awareness, access control, backups/recoverability, etc.  These are the primary topics that most compliance requirements are based on. Identifying these large targets and putting in the appropriate safeguards to make these targets [...]

By | 2018-10-02T13:51:17+00:00 May 25th, 2018|Compliance, Computer & Network Security, Data Breach, Information Security, Research, Viruses, Vulnerabilities|Comments Off on Our top 5 findings from IT security audits

Everything you wanted to know about Ransomware…but were afraid to ask

What is Ransomware? Ransomware is a type of malicious software that prevents users from accessing their computer system or files until a sum of money (ransom) is paid. In the malware landscape, ransomware has earned itself a well-deserved nasty reputation. There are two types of ransomware identified in this branch of the malware family tree; 1) locker ransomware and 2) crypto ransomware Locker ransomware effectively locks Windows access preventing the user from accessing their desktop or files. Typically designed to prevent access to one’s computer interface, Locker ransomware mostly leaves the underlying system and files unaltered.  A message would be [...]

By | 2018-10-02T13:46:28+00:00 May 18th, 2018|Data Breach, Encryption, Information Security, Malware, Privacy, Uncategorized, Viruses, Vulnerabilities|Comments Off on Everything you wanted to know about Ransomware…but were afraid to ask

How to configure warning messages for Office 365 emails from external senders

As a security precaution, it’s a good idea to remind your staff not to open attachments from unknown senders. One easy way to implement this in Office 365 is by setting up a mail flow rule in the Exchange admin center. If you have ever set up a Disclaimer mail flow rule, the setup is almost identical. In this tutorial, we’ll cover how to setup your own warning message for all external email sent to users inside your organization. Steps to Configure Attachment Security in Office365 1. Log in to your Office 365 Admin account at: https://portal.office.com 2. Select Admin [...]

By | 2018-10-02T13:42:24+00:00 May 10th, 2018|Microsoft, Phishing, Viruses, Vulnerabilities|Comments Off on How to configure warning messages for Office 365 emails from external senders

A Vulnerability Scan is NOT a Penetration Test (Pentest)

What is the difference between a Penetration Test and a Vulnerability Scan? Understanding the difference between a penetration test and a vulnerability scan is critical to understanding security posture and managing risk. Vulnerability scans and Penetration tests (pen test for short) are very different from each other in both process and outcome. However, sometimes the terms are incorrectly used interchangeably. In this article, we will explore the differences between the two as well as how they relate to each other. Starting with the definitions of each you can see an immediate differentiator, the objective. The objective of a vulnerability scan [...]

By | 2018-10-02T13:36:44+00:00 May 3rd, 2018|Uncategorized|Comments Off on A Vulnerability Scan is NOT a Penetration Test (Pentest)