SystemExperts Corporation is aware that many companies are seeing spear-phishing attempts where the emails purport to be from internal employees. We have also heard reports that compromised email accounts have been used to send spear-phishing emails to third-parties and the owner of the compromised accounts do not see the emails being sent on their behalf, nor the […]
Three Cyber Security Tips for Small Businesses
There are three critical security controls that all small businesses should implement if they are just starting to address security. These are:
- Keep your systems up to date by applying all security updates
- Make sure you have daily backups of all critical data and be sure to test the […]
How to Prevent a Ransomware Attack
It is always better to be proactively prepared and prevent ransomware attacks than having to react after an attack occurs. Paying the ransom is not recommended.
Law enforcement and IT Security companies have joined forces to disrupt cybercriminal businesses with ransomware connections. The “No More Ransom” website is an initiative by […]
Intel’s Meltdown and Spectre Vulnerabilities
By now you have probably read some articles about the Meltdown and Spectre vulnerabilities but you may still be seeking guidance for how your organization should react.
First a quick recap, Meltdown and Spectre were announced early in January of 2018. Unlike most other vulnerabilities, Meltdown and Spectre exploit critical vulnerabilities in modern processors. Meltdown primarily […]
Tips to Prevent Online Identity Theft
There are few new trends in online identity theft, although some attacks are becoming more sophisticated, the basic steps to prevent exploits remains the same.
Be on the lookout for attacks that use broken English in the message body. While most now use proper English and use the same style and logos that are used by […]
Network Access Control (NAC)
Controlling access to the network is fundamental security control. For shared networks, the capability of users to connect to the network should be restricted. Well known security frameworks such as ISO 27002, Information technology – Security techniques – Code of practice for information security management, includes this control as a recommendation. And the […]
Impact of a Data Breach on a Small Business
While our main focus is as a provider of IT compliance and security consulting services, we have been called in to help a few small businesses handle security incidents and data breaches. These calls come to us after the client has discovered there’s been a security incident or data breach and as a result is seeking to […]
Important Sources of Threat Intelligence for Security Teams
The goal of threat intelligence (TI) is to recognize indicators of attacks as they progress and act upon those indicators in a timely manner. TI is not a mature area for most organizations.
While tools to automate TI exist and are evolving, most organizations are still using informal ad hoc mechanisms or a small number […]
Cybersecurity Responsibilities for SMBs
Cybersecurity is a topic that many small and most medium-sized businesses care about due to all of the news stories about data breaches, identity theft, and ransomware that have appeared in the last several years. Some small and medium-sized businesses have realized that having a strong cybersecurity program can be a strategic asset for their particular market […]
DNS: How it Works and Best Practices to Defend Against DNS-based Threats
The Domain Name System (DNS) is a central element in the addressing and routing of all communication over the Internet. Many enterprise IT security professionals don’t always know how DNS works, or how attackers might use it to compromise their data. Following is a discussion about recent attacks and exploits that use DNS and some best practices for defending […]
Encryption Implementation: Is It the Cure-all for Cybersecurity Woes?
Based on the science of cryptography, encryption is the process of coding and decoding messages to keep them secure, and is often touted as the silver bullet for cybersecurity woes. But is it really the cure-all?
The classic model of information security starts with the triad of Confidentiality, Integrity, and Availability. Cryptography is critical to providing […]
So You Had a Security Breach – Now What Do You Do?
A great way to start out the New Year is to review your company policies and procedures in the event of a security breach. Following is a checklist to help you get started:
- Document company policy, plans and procedures.
- Make sure the plans and procedures are fully tested […]
Windows Hello Biometrics: how well do the security options work, what to look out for and when are they appropriate
Many security pundits have been saying passwords must go for years, and biometrics are an alternative to passwords, but not all security professionals believe biometrics are the best alternative to passwords.
Microsoft Windows 10 provides native support of biometric authentication and as result many people are making a new look […]
IT Security Industry Predictions for 2016
While it is impossible to predict the future (since I don’t really have a crystal ball) I can offer the following predictions for security trends to watch for in 2016:
- We will continue to witness large scale data breaches that could have been prevented if only well established security practices had actually been applied.
- Companies […]
BYOD Security and the Mobile Market
BYOD security is a frequent topic among IT security experts. This, my third BYOD post this year, focuses on the mobile market. (Post one, Always-on Access Brings Always-Threatening Security Risks, June 25, 2015; Post two, Device Settings that Help Prevent Unauthorized Information Disclosure, July 13, 2015.)
The mobile market continues to be […]
