1.888.749.9800

Blog

Reducing the Risks of Shadow IT

I was recently asked to comment on what businesses can do to reduce the security risks of Shadow IT. To read the full article click here and if you just want to read my comments – see below.

Plain talk shadow IT exists when corporate IT is failing in a fundamental way.

Weve seen currency traders set up […]

By |July 19th, 2016|Blog, BYOD|Comments Off on Reducing the Risks of Shadow IT
  • Permalink Gallery

    DNS: How it Works and Best Practices to Defend Against DNS-based Threats

DNS: How it Works and Best Practices to Defend Against DNS-based Threats

The Domain Name System (DNS) is a central element in the addressing and routing of all communication over the Internet. Many enterprise IT security professionals don’t always know how DNS works, or how attackers might use it to compromise their data. Following is a discussion about recent attacks and exploits that use DNS and some best practices for defending […]

By |July 6th, 2016|Blog|Comments Off on DNS: How it Works and Best Practices to Defend Against DNS-based Threats

The Dangers of Wireless Technology on the Road

How to Protect Your Data in Airports, Coffee Houses, and Hotels

In a recent interview, I was asked a series of questions about the dangers of wireless technology on the road. I’d like to share my responses here as to ways that travelers can protect their data when hooking up to “free” wireless technology in airports, […]

By |June 13th, 2016|Blog, Security Breach|Comments Off on The Dangers of Wireless Technology on the Road

Cyber Warfare Exercise: part two

There are only two certainties in a company’s life: Taxes and your network will be hacked.

I recently returned from the 15-day cyber warfare exercise hosted by the Massachusetts Army National Guard.  Attendees included soldiers and airmen from Vermont, New Hampshire, Maine, Massachusetts, Connecticut, and Rhode Island as well as personnel from private organizations such as […]

By |June 6th, 2016|Blog, Penetration Testing, Security Breach|Comments Off on Cyber Warfare Exercise: part two

Protecting Data from Cyber Thieves

Getting hacked is one of the most feared outcomes for anybody who is doing business on or through the Internet. The bad news is there are always people trying to hack systems and get access to sensitive, private or confidential data. The good news is that the tips a financial advisor should follow to safeguard sensitive client […]

By |May 23rd, 2016|Blog, Security Breach|Comments Off on Protecting Data from Cyber Thieves

Teacup Tempests

A recent data breach scare highlights the importance of carefully evaluating news reports of data breaches before reacting. Reuters (followed by many others) broke a story relating how 272 million account credentials – including Gmail, Microsoft and Yahoo! Email – had been exposed. “Change your password now!” read the headlines. Time to react, right?

Or not. […]

By |May 10th, 2016|Blog, Security Breach|Comments Off on Teacup Tempests

Cyber Warfare Exercise

cyberwarriorIn the next few weeks I will be participating in an intensive 15-day cyber warfare exercise hosted by the Massachusetts Army National Guard.  This exercise is conceptualized around a cyber attack affecting critical infrastructure in the Northeast with an emphasis on public and private collaboration.

I will be working on a “Red […]

By |May 5th, 2016|Blog, Penetration Testing|Comments Off on Cyber Warfare Exercise

The Internet of Things (IoT); what’s to worry about?

Submitted by Brad Johnson and Paul Hill

There is no doubt that the concept of the Internet of Things (IoT), a term that’s been around since 1999 from an Auto-ID Center project at MIT, is gathering huge momentum and will be stampeding into your world whether you are ready for it or not. IoT is simply […]

By |April 29th, 2016|Blog, Security Breach|Comments Off on The Internet of Things (IoT); what’s to worry about?
  • Permalink Gallery

    Is the Panama Paper leak saying anything new about IT security?

Is the Panama Paper leak saying anything new about IT security?

The Panama Paper leak is an example of a whistleblower situation. Clearly, some of those types of situations have been seminal events that have shaped history, policies and perceptions: e.g., Daniel Ellsberg and the Vietnam War, “Deep Throat” and Watergate, and Julian Assange of WikiLeaks to name a few. The up-side of these is that it creates a degree […]

By |April 20th, 2016|Blog, Security Breach|Comments Off on Is the Panama Paper leak saying anything new about IT security?

What’s Ethical Hacking?

Often in social situations, when people ask what I do for living, I have to pause for a moment.  If I want to deflect the conversation, I just say “computer security” and their eyes usually glaze over and we move on to other topics.  However, if I’m honest and say “ethical hacking,” this invariably arouses more interest. […]

By |April 7th, 2016|Blog, Penetration Testing|Comments Off on What’s Ethical Hacking?

How Shadow IT Fits in Today’s IT Organizations

For those old enough to remember, the controversy surrounding shadow IT in the cloud computing world recalls a time when personal computers and spreadsheets first threatened the IT mini and mainframe priesthood. The motivations seem very much the same: business users want solutions quickly, and want to try different tools and methods now instead of going through […]

By |March 29th, 2016|Blog, Security Breach|Comments Off on How Shadow IT Fits in Today’s IT Organizations
  • Permalink Gallery

    Encryption Implementation: Is It the Cure-all for Cybersecurity Woes?

Encryption Implementation: Is It the Cure-all for Cybersecurity Woes?

Based on the science of cryptography, encryption is the process of coding and decoding messages to keep them secure, and is often touted as the silver bullet for cybersecurity woes. But is it really the cure-all?

The classic model of information security starts with the triad of Confidentiality, Integrity, and Availability. Cryptography is critical to providing […]

By |March 15th, 2016|Blog, Security Breach|Comments Off on Encryption Implementation: Is It the Cure-all for Cybersecurity Woes?

Watch Out: Your Apple Phone May be Infected After All

Conventional wisdom seems to be that Apple is secure from hackers and malware. But the reality of the situation isn’t very reassuring.

In the relatively short lifespan of the iPhone, users have felt fairly safe using them, because almost all the malware seemed to be focused upon the more widely used Android devices. However, with […]

By |February 19th, 2016|Blog, Security Breach|Comments Off on Watch Out: Your Apple Phone May be Infected After All
  • Permalink Gallery

    Employees Still Clicking on Phishing Links? What Companies can do to Break that Habit

Employees Still Clicking on Phishing Links? What Companies can do to Break that Habit

Phishing attacks have become sophisticated and targeted. The majority of recent successful phishing attacks have been limited to a small subset of employees (spear-phishing) and not spammed across the entire company. The phishing emails may appear to come from HR or an email address from within the company.  Due to the highly customized phishing emails from attackers […]

By |February 10th, 2016|Blog|Comments Off on Employees Still Clicking on Phishing Links? What Companies can do to Break that Habit

So You Had a Security Breach – Now What Do You Do?

A great way to start out the New Year is to review your company policies and procedures in the event of a security breach. Following is a checklist to help you get started:

  1. Document company policy, plans and procedures.
  2. Make sure the plans and procedures are fully tested […]
By |January 21st, 2016|Blog, Security Breach|Comments Off on So You Had a Security Breach – Now What Do You Do?