1.888.749.9800

Blog

Managing IT Risk (Part 2)

Third Party Risk Management

Following up on my prior post Third Party Risk Management, (4/9/18), I’d like to share my recommendations to monitor and manage IT risk.

There are a number of Governance, Risk, and Compliance (GRC) tools available, ranging from the inexpensive to the extremely expensive. Small to medium size companies are generally […]

Managing IT Risk (Part 1)

Third Party Risk Management

Topping my list of information security risks for the coming year is third party risk management. Small to medium size companies do not have the workforce necessary to monitor the security posture of their technology service providers. To properly address the issue, a company will need to put the following in place and dedicate resources […]

Best Practices for Contracting with Cloud Service Vendors

I was recently asked about best practices for contracting with cloud service vendors – and thought this advice was worth sharing.

What is the best strategy if you decide to change vendors?

Always conduct a parallel transition. This will keep your data in place at your original vendor during the transition. This cost more but will protect […]

  • Permalink Gallery

    Survey: Small construction companies lukewarm on tech investment

Survey: Small construction companies lukewarm on tech investment

by , author, Construction DIVE, February 28, 2018

Dive Brief:

  • A recent customer survey from small business funding siteKabbage revealed that fewer than 35% of small construction companies planned to make investments at some level this year in technologies that could help their businesses and further bring them into the digital age.
  • More than 65% of […]
  • Permalink Gallery

    The Shift that EternalBlue May Have Caused Within IT Leadership

The Shift that EternalBlue May Have Caused Within IT Leadership

For leaders in IT, 2017 has been the year of EternalBlue (the weaponized version of the vulnerability described in MS17-010), whether they know it or not.  EternalBlue allowed the trivial exploitation of Microsoft systems allowing an attacker to gain the highest level of system permissions.  This sort of vulnerability set the hacking community on fire and allowed […]

How to Prevent a Ransomware Attack

It is always better to be proactively prepared and prevent ransomware attacks than having to react after an attack occurs. Paying the ransom is not recommended.

Law enforcement and IT Security companies have joined forces to disrupt cybercriminal businesses with ransomware connections. The “No More Ransom” website is an initiative by […]

  • Permalink Gallery

    How to Ensure the Security of Your Cloud Storage in 2018: The Top Experts Speak

How to Ensure the Security of Your Cloud Storage in 2018: The Top Experts Speak

by Megan Thudium, writer, IT Security Central, January 25, 2018

We’ve heard of the challenges of Amazon S3 Buckets and the exposure of customer data to the world wide web. When cloud storage technology emerged, the new technology had plenty of hype. Companies flocked to the new technology, and they started integrating it into their daily work structure. However, […]

Intel’s Meltdown and Spectre Vulnerabilities

By now you have probably read some articles about the Meltdown and Spectre vulnerabilities but you may still be seeking guidance for how your organization should react.

First a quick recap, Meltdown and Spectre were announced early in January of 2018. Unlike most other vulnerabilities, Meltdown and Spectre exploit critical vulnerabilities in modern processors. Meltdown primarily […]

  • Permalink Gallery

    Protecting Systems and Data for a Traveling Workforce is Crucial

Protecting Systems and Data for a Traveling Workforce is Crucial

by Samuel Greengard, writer, Security Roundtable, January 24, 2018

Mobility is at the center of today’s enterprise. Employees rely on smartphones, tablets, and personal computers to access data anywhere and at any time. It’s no news flash that these devices are now a critical piece of the enterprise productivity scheme. Yet, all the gain doesn’t come without some pain: employees carrying devices and […]

The Internet of Things: Still Lots for You to Learn

by John Edwards, InformationWeek, January 11, 2018

IT groups will need to provide architecture, data-mining tools and connectivity, while giving business groups the freedom to innovate on their own with the Internet of Things.

The Internet of Things (IoT) is already making a significant impact in a variety of business areas, including industrial monitoring and production, supply chain tracking, and multiple […]

  • Permalink Gallery

    Why Phishing and Social Engineering Continue to be so Popular

Why Phishing and Social Engineering Continue to be so Popular

Phishing and social engineering continue precisely because they are so effective!

Sophisticated User: If you are the vice president of customer service and you receive an email purportedly from the Better Business Bureau that contains a link to Complaint #67587 about one of your products, how do you not click through on that embedded link?

Is a Cyber Pearl Harbor a Real Threat?

by Samuel Greengard, writer, Baseline, December 12, 2017

In recent weeks, U.S. financial institutions such as JP Morgan Chase, Capital One and Wells Fargo have undergone sustained cyber-attacks from sources that security experts say could be a hostile foreign government or terrorist organization. Some experts, including Defense Secretary Leon Panetta, have cautioned that this distributed denial-of-service (DDoS) activity could foreshadow […]

Cyber Security Trends and Predictions for 2018

I was recently asked my thoughts about cyber security trends for the coming year. Here are a few of my predictions:

  • GDPR requirements will expose data handling issues that greatly exceed expert predictions. Tools will be developed to automate the encapsulation of discovered data into secure cloud based environments.  This will address security and data […]
  • Permalink Gallery

    Increasing Threat of Cyber Attacks: How Cyber Security has Shifted

Increasing Threat of Cyber Attacks: How Cyber Security has Shifted

Following are answers from a recent interview looking at the threat of cyberattacks and how cyber security has increased in recent years.

Q. What’s driving the shift in cyber security?

A. As the world becomes more digitally connected with a wide variety of available technologies and options, the need to secure the data has increased dramatically. The […]

  • Permalink Gallery

    What are the five most critical steps to take during the first 48 hours post data breach?

What are the five most critical steps to take during the first 48 hours post data breach?

1. Protect – The first and most important (time sensitive) step is to protect your environment and prevent additional damage and/or data loss.  This could be as simple as disconnecting from any wired and wireless networks.  Also disconnect any local backup drives that could overwrite previously archived data.

2. Communicate – It is vital to […]