Is Your Firewall Providing Adequate Protection?
What you need to do to keep your data secure Firewall security audits should be conducted at regular intervals and additionally when system configurations are updated or changed. With the addition of new firewalls, hosts or applications, a firewall security audit should follow. Security audits should also be conducted when migrating firewalls or making configuration […]
Cybersecurity Awareness for Asset Management Organizations
Many Asset Management companies are relatively small firms but yet have a large risk profile that makes them a prime target for cybersecurity threats. These companies, like all others, need to have basic blocking and tackling security measures in place to have a solid foundation to try and thwart and detect these threats: Periodic penetration […]
Dark Data: Why is it Important?
Data you find on the Internet is without a doubt vast and extensive, however, its sources are often hidden and out of reach to all but the most technically savvy. Often, we find ourselves waking up in the morning to learn of another large database breach containing millions of SSN’s that were discovered leaked on […]
IoT Devices’ Security Challenges
IoT devices bring many of the same basic security challenges as we face with BYOD technologies. That is, you need to think about how they are deployed and configured, functionality and maintenance updates, encryption of data in transit and at rest, authentication and authorization, and general administration. They also bring some new challenges. What adds […]
What’s new in phishing?
I was recently asked to comment on what’s new in phishing. In some sense, phishing attacks are always the same. They count on the fact that some (small) percentages of people will follow links or provide information to sources that haven’t been verified or shouldn’t be trusted. They also know that even though most IT […]
How enterprises can protect themselves against cyber-attacks
I was recently asked to comment on data security in relation to increasing threat of cyber attacks ahead of the upcoming 2020 election. How can enterprises adequately protect the data privacy of their products and services as well as their clients and employees? My response is that there’s no silver bullet to prevent cyber attacks […]
Considering the Use of a CPaaS Provider? Look at the Inherent Risks
The rise of the communications platform as a service (CPaaS) model has many enterprises migrating from on-premises communications to cloud platforms and APIs. CPaaS and APIs offer benefits including improved productivity and third-party app integrations, but before proceeding to adopt CPaaS companies should consider the inherent risks. Remember that the underlying technologies tend to be […]
Ransomware – should you pay or not?
You may have seen the recent news about cities and towns being held hostage to hackers infecting their data. With over 25 years of experience in cyber security, I’ve seen it all. To help guide you in managing a ransomware attack, I’ve outlined the steps you can take to minimize the impact on your organization […]
How significant is the tool sprawl problem?
Following up on my post earlier this month on Shadow IT, I wanted to discuss a related issue – “tool sprawl.” Tool sprawl describes an environment where the deployment and use of tools is not managed by a single IT group: applications, software, and tools are installed by end-users because they believe that waiting for […]
Four Tips for Dealing with Shadow IT
Simply stated, Shadow IT is what happens when people within an organization decide to deploy Information Technology systems and services without approval from the official IT group. On the positive side, this can be the source of real innovation from within the company without the normal formal approval process that can be time consuming and […]
