Cyber Bites
- All
- Compliance
- Risk Prevention
- Security Tools
- All
- Compliance
- Risk Prevention
- Security Tools
Risk Prevention Zero Trust 4/4: Networks
A Zero Trust approach considers users, endpoints, software, and networks as potential threats until proven otherwise. This post covers networks. Implementation of security policies is supported by a commercial-grade firewall, which prevents unauthorized entry as an inspection gateway for in and outbound traffic. For remote and home users, the inclusion …
Risk Prevention Zero Trust 3/4: Software
A Zero Trust approach considers users, endpoints, software, and networks as potential threats until proven otherwise. This post covers software. Zero Trust software is achieved by hardening configurations and implementing security gateways between users and software and between applications. Before login access is granted to any device, cyber …
Risk Prevention Zero Trust 2/4: Endpoints
A Zero Trust approach considers users, endpoints, software, and networks as potential threats until proven otherwise. This post covers endpoints. Any device used to access, store or control private data requires enforcement of cybersecurity settings & tools (complex password, firewall, logs, screen saver, OS patches, FDE). Multifactor Authentication (MFA) …
Risk Prevention Zero Trust 1/4: Users
A Zero Trust approach considers users, endpoints, software, and networks as potential threats until proven otherwise. This post covers users. Do you know who your users are? Can you evidence it? Identity Management is key within zero trust architecture as it ensures that users are who they say they …
Risk Prevention Managed Is Most Secure
For endpoint protection, you could provide instructions to your users or your IT team to manually configure settings (complex password, screen saver, personal firewall, etc.) and install tools (antivirus, full-disk encryption, multifactor authentication, etc.). With this approach, anyone could change settings or tools, forget to manage them, or make a …
Security Tools Hardening Systems of Private Data
We all focus on Endpoint and Network Security but too often overlook software and how security settings should be hardened. For example, when you start to use a software, it is usually configured generically by default. You should consider ways to improve security to access and protect the system. Can …
Risk Prevention Ransomware Protection
Ransomware incidents are up 300% in the past year and remain a top cyber threat as attacks continue to surge against the financial sector. Implementing cybersecurity technical controls is the best defense against ransomware attack. Make sure your antivirus has ransomware safeguards and is configured securely to ensure adequate ransomware …
Risk Prevention Cybersecurity Risk Assessment
As firms face an increased rate of sophisticated cyberattacks, there is no better time to execute a Cybersecurity Risk Assessment. Proactive vulnerability scans and network penetration testing of your environment allows for risk identification and remediation to prevent cyber intrusion. Even what seems like a small oversight can leave a …
Risk Prevention Beware of Phishing
Phishing remains a leading cybersecurity threat as cybercriminals use increasingly sophisticated tactics to obtain private data by exploiting human behavior. Posing as a known contact or trusted organization, phishing aims to trick users into providing personal information. Often misspellings, grammatical errors and requests that don’t quite make sense reveal a …
Security Tools Your Own Gateway VPN
When working remotely or traveling, best practice for securing data across the internet is use of a business-grade firewall with a gateway VPN (Virtual Private Network) that enables encrypted internet connection from anywhere in the world! A next generation gateway VPN allows remote users internet access by routing connectivity through …
Risk Prevention Ensure Encryption
Encryption is a vital cybersecurity safeguard that protects data while at rest on your device and in transit across a network. Made possible by cryptography, the technique of applying an algorithm to scramble data in a way that only an authenticated recipient with a key can unscramble or decrypt, encryption …
Compliance Keep Your OS Current
Cybersecurity regulations require that you use a currently supported Operating System (OS) version. OS software has a lifecycle defined by the manufacturer during which critical security updates are issued. When an OS approaches “end of service” an expiration date is set and afterward the system is no longer supported, secure …
Compliance Audit Preparedness
When it comes to audit preparedness are you a Cyber Ant or Grasshopper? If you don’t have a strong cybersecurity program and safeguards in place by the time Regulators come knocking, it’s already too late. When you receive notice of examination you’ll go into panic mode and rush to prepare. …
Risk Prevention Hybrid Workforce Cybersecurity
Especially given the last year, we must stop segregating home, traveler, and office users and instead treat all users the same way. The high-level of security you had in the past for office users should now be applied to everywhere your users are. First, make sure the endpoint is protected …
Compliance NIST-based Asset Inventory Report
In the event of an Audit or Breach, you may be required to demonstrate a list of your assets and their cyber posture. Your NIST-based Asset Inventory Report documents endpoints and their cyber settings, cyber tools and their configuration. This provides evidence of security policy enforcement and regulation compliance. For …
Compliance POAMs
When reviewing cybersecurity regulation requirements, you may think the expectation is to achieve perfection but what Regulators and Authorities want to see is continual improvement of safeguards rather than an end unto itself. Your cyber program is a living document not a final report. To be able to demonstrate progress, …
Security Tools DLP Confusion
The confusion related to “DLP” is fueled by the fact there are two definitions of the same acronym, Data Leakage Prevention and Data Loss Protection, which are often interchanged as Data Leakage Protection and Data Loss Prevention. Whatever definition you use, the purpose of DLP is to restrain data outflow …
Risk Prevention Reboot Your Computer
One critical but simple action to significantly improve cybersecurity & system performance is routine System Reboot. As a best practice and as required by some regulations your operating system and antivirus should be maintained as the latest, most secure, version available. Important updates, patches, and fixes are continually released and …
Risk Prevention Vendor Risk Management
The best way to minimize risk when working with a vendor that handles your private data in providing service to you is to perform Vendor Risk Assessment, which requests demonstration of the same safeguards and policies that you have in place to protect client NPI.
Risk Prevention Cost vs Benefits
Data Breaches are costly. Did you know that 60% of firms go out of business within 6 months of experiencing a breach? Damage ranging from significant financial loss to lasting destruction of your firm’s reputation can be prevented by putting cybersecurity in place. Positioned between unrelenting cyberthreats and your firm, …
Risk Prevention Smartphone Security
Think you’re saving money on your Smartphone data plan by utilizing free WiFi? Think again. Smartphone data is most secure when kept within your provider’s network. The moment you change your network to free WiFi your data becomes at high risk. Fraudsters lie in wait in public domains trying to …
Risk Prevention Dark Web Data
Your private data or user credentials could be for sale on the dark web right now put there by cybercriminals who work around the clock to exploit weaknesses in cybersecurity. Cybercrime has significant negative impact upon you, your firm and your clients. Prevent a cyberattack by putting cybersecurity in place. …
Security Tools Multifactor Authentication
Requiring Multi-Factor Authentication (MFA) for all user accounts helps protect devices and the data that’s accessible to users. MFA is the process of verifying identity on sign in to confirm that an access request is genuine. This double check before entry granted feature increases your level of protection should a …
Security Tools Network Security
A business-grade firewall is your first line of defense to secure your network. It provides advanced security features such as VPN Gateway to extend your secure network to remote users, and capability to link with remote office firewalls. Firewall monitoring and management are required to maintain your network’s security. You …
Risk Prevention Video Conferencing Best Practices
Video Conferencing software is an excellent tool for virtual meetings while working remotely from home or traveling. To ensure that video conferences are as secure as possible, we’ve prepared best practice guidelines to protect private data. As a reminder, we start with best practices to select and configure any software: …
Compliance Cost of a Cyber Breach
The cost of a cyber breach could devastate your firm. Investment into cybersecurity protects you by mitigating risk of a breach and increasing the likelihood that your cyber insurance will cover damages. If your firm experiences a cyber breach you may be required to report it to authorities. If you …
Compliance Travel Securely
Usage of a VPN when traveling is the best practice for protecting your data across the internet. There are two major issues however that threaten compliance using a VPN: You must know where your data is hosted because you cannot have data hosted outside the US. And, when you select …
Risk Prevention Cybersecurity Insurance
Having Cybersecurity Insurance does not guarantee payout in the event of a claim. In fact, a cybersecurity claim could be denied from the outset if your firm is out of compliance. Inadequate cybersecurity leaves you vulnerable twice; initially for a breach then denial of a claim from an insurance policy …
Risk Prevention Cybersecurity Risk Assessment
Are you a seller ready to exit or gain momentum by joining a bigger firm? Are you a buyer ready to acquire a successful firm for a growing portfolio? In either case, a cybersecurity risk assessment is vital to a successful transaction strategy. As a buyer, due diligence suggests hiring …
Risk Prevention The Dark Web
The Dark Web is a hidden part of the internet used for illicit purposes. Hackers put stolen credentials up there for sale. A password prefix can help to protect you! Create your password using the first few letters of the system you are logging into followed by a series of …
Compliance Surprise audit from regulators
Are you ready for a surprise audit from regulators? Do you have all your cyber program policies in place and can you evidence it? Would you like to go through a 1-hour mock audit to review your endpoint and network cybersecurity posture and compliance? http://ow.ly/j9Dv50Az5bI
Risk Prevention Printers and scanners
Printers and scanners are often forgotten devices that are important for your firm’s cybersecurity. Did you know there’s a feature on some printers or scanners that can be set to retain a copy of everything it processes? You should disable the option to keep data or ensure data encryption otherwise …
Compliance Properly decommission a computer
There are two options to properly decommission a computer used to access or store private data: destroy or repurpose. You can destroy the hard disk yourself and evidence the process with pictures or hire a third-party who will provide a certificate of destruction. You can securely repurpose an encrypted disk …
Security Tools A Password Manager app offers ideal balance between security and time-saving access
To protect access to private data, strengthen your credentials by using a Password Manager to securely store them. Password data is robustly encrypted to your device and safeguarded in a protected vault further secured by MFA. A Password Manager app offers ideal balance between security and time-saving access. It eliminates …
Risk Prevention Use of a complex username diminishes risk of malicious algorithms
When a username is created properly it serves as additional security. Use of a complex username diminishes risk of malicious algorithms being able to predict credentials. “Web Scraping” is a practice of data extraction used for market intelligence, but it can also be used nefariously. Bots operating at the direction …
