Cyber Bites

To prevent the loss of private data, it is recommended to either block external drives from use or enforce their encryption.   If, for example, you back up private data to an un-encrypted drive (such as a USB drive) and it is lost or stolen, anyone can access its content, …

Your firm’s Cyber Program or Written Information Security Policy (WISP) should include a procedure for decommissioning devices when they will no longer be used.   Regulators are requesting that firms formally offboard, track and retain records of devices that were used to access or store private data. For example, one …

A Zero Trust approach considers users, endpoints, software, and networks as potential threats until proven otherwise. This post covers networks. Implementation of security policies is supported by a commercial-grade firewall, which prevents unauthorized entry as an inspection gateway for in and outbound traffic. For remote and home users, the inclusion …

A Zero Trust approach considers users, endpoints, software, and networks as potential threats until proven otherwise. This post covers software.   Zero Trust software is achieved by hardening configurations and implementing security gateways between users and software and between applications.   Before login access is granted to any device, cyber …

A Zero Trust approach considers users, endpoints, software, and networks as potential threats until proven otherwise. This post covers endpoints.   Any device used to access, store or control private data requires enforcement of cybersecurity settings & tools (complex password, firewall, logs, screen saver, OS patches, FDE). Multifactor Authentication (MFA) …

A Zero Trust approach considers users, endpoints, software, and networks as potential threats until proven otherwise. This post covers users.   Do you know who your users are? Can you evidence it? Identity Management is key within zero trust architecture as it ensures that users are who they say they …

For endpoint protection, you could provide instructions to your users or your IT team to manually configure settings (complex password, screen saver, personal firewall, etc.) and install tools (antivirus, full-disk encryption, multifactor authentication, etc.). With this approach, anyone could change settings or tools, forget to manage them, or make a …

Ransomware incidents are up 300% in the past year and remain a top cyber threat as attacks continue to surge against the financial sector. Implementing cybersecurity technical controls is the best defense against ransomware attack. Make sure your antivirus has ransomware safeguards and is configured securely to ensure adequate ransomware …

As firms face an increased rate of sophisticated cyberattacks, there is no better time to execute a Cybersecurity Risk Assessment. Proactive vulnerability scans and network penetration testing of your environment allows for risk identification and remediation to prevent cyber intrusion. Even what seems like a small oversight can leave a …

Phishing remains a leading cybersecurity threat as cybercriminals use increasingly sophisticated tactics to obtain private data by exploiting human behavior. Posing as a known contact or trusted organization, phishing aims to trick users into providing personal information. Often misspellings, grammatical errors and requests that don’t quite make sense reveal a …

Encryption is a vital cybersecurity safeguard that protects data while at rest on your device and in transit across a network. Made possible by cryptography, the technique of applying an algorithm to scramble data in a way that only an authenticated recipient with a key can unscramble or decrypt, encryption …

Especially given the last year, we must stop segregating home, traveler, and office users and instead treat all users the same way. The high-level of security you had in the past for office users should now be applied to everywhere your users are. First, make sure the endpoint is protected …

One critical but simple action to significantly improve cybersecurity & system performance is routine System Reboot. As a best practice and as required by some regulations your operating system and antivirus should be maintained as the latest, most secure, version available. Important updates, patches, and fixes are continually released and …

The best way to minimize risk when working with a vendor that handles your private data in providing service to you is to perform Vendor Risk Assessment, which requests demonstration of the same safeguards and policies that you have in place to protect client NPI.

Data Breaches are costly. Did you know that 60% of firms go out of business within 6 months of experiencing a breach? Damage ranging from significant financial loss to lasting destruction of your firm’s reputation can be prevented by putting cybersecurity in place. Positioned between unrelenting cyberthreats and your firm, …

Think you’re saving money on your Smartphone data plan by utilizing free WiFi? Think again. Smartphone data is most secure when kept within your provider’s network. The moment you change your network to free WiFi your data becomes at high risk. Fraudsters lie in wait in public domains trying to …

Your private data or user credentials could be for sale on the dark web right now put there by cybercriminals who work around the clock to exploit weaknesses in cybersecurity. Cybercrime has significant negative impact upon you, your firm and your clients. Prevent a cyberattack by putting cybersecurity in place. …

Video Conferencing software is an excellent tool for virtual meetings while working remotely from home or traveling. To ensure that video conferences are as secure as possible, we’ve prepared best practice guidelines to protect private data. As a reminder, we start with best practices to select and configure any software: …

Having Cybersecurity Insurance does not guarantee payout in the event of a claim. In fact, a cybersecurity claim could be denied from the outset if your firm is out of compliance. Inadequate cybersecurity leaves you vulnerable twice; initially for a breach then denial of a claim from an insurance policy …

Are you a seller ready to exit or gain momentum by joining a bigger firm? Are you a buyer ready to acquire a successful firm for a growing portfolio? In either case, a cybersecurity risk assessment is vital to a successful transaction strategy. As a buyer, due diligence suggests hiring …

Printers and scanners are often forgotten devices that are important for your firm’s cybersecurity. Did you know there’s a feature on some printers or scanners that can be set to retain a copy of everything it processes? You should disable the option to keep data or ensure data encryption otherwise …

The Dark Web is a hidden part of the internet used for illicit purposes. Hackers put stolen credentials up there for sale. A password prefix can help to protect you! Create your password using the first few letters of the system you are logging into followed by a series of …

When a username is created properly it serves as additional security. Use of a complex username diminishes risk of malicious algorithms being able to predict credentials. “Web Scraping” is a practice of data extraction used for market intelligence, but it can also be used nefariously. Bots operating at the direction …