Cyber Bites

  • All
  • Compliance
  • Risk Prevention
  • Security Tools
All
  • All
  • Compliance
  • Risk Prevention
  • Security Tools
Security Tools

Password Manager Best Practices

To ensure strong password protection when using a Password Manager app, it is best practice to create complex passwords and change them regularly. In addition, implementing multi-factor authentication (MFA) adds an extra layer of security by requiring the user to approve any login attempts.   Properly configuring your Password Manager ...
More
Risk Prevention

Removable Storage Device Encryption

To prevent the loss of private data, it is recommended to either block external drives from use or enforce their encryption.   If, for example, you back up private data to an un-encrypted drive (such as a USB drive) and it is lost or stolen, anyone can access its content, ...
More
Risk Prevention

The Importance of Device Decommissioning

Your firm’s Cyber Program or Written Information Security Policy (WISP) should include a procedure for decommissioning devices when they will no longer be used.   Regulators are requesting that firms formally offboard, track and retain records of devices that were used to access or store private data. For example, one ...
More
Security Tools

What do hackers see about your firm?

FCI offers a Corporate Internet Attack Surface Assessment (CIASA) that provides complete visibility of your business’s attack surface, from internal networks to the farthest reaches of the internet, where attackers lurk.   Discover, classify, and manage internet-facing corporate assets.
More
Compliance

Big Cyber Risk: Unmanaged Devices

One of the biggest risks in cybersecurity is the allowance of unmanaged devices to access enterprise private data.   When unmanaged, a firm does not have the ability to ensure cybersecurity safeguards and compliance of devices connecting to its corporate network, which introduces higher risks for data breaches and regulatory ...
More
Network Security Risk Prevention

Zero Trust 4/4: Networks

A Zero Trust approach considers users, endpoints, software, and networks as potential threats until proven otherwise. This post covers networks. Implementation of security policies is supported by a commercial-grade firewall, which prevents unauthorized entry as an inspection gateway for in and outbound traffic. For remote and home users, the inclusion ...
More
Risk Prevention

Zero Trust 3/4: Software

A Zero Trust approach considers users, endpoints, software, and networks as potential threats until proven otherwise. This post covers software.   Zero Trust software is achieved by hardening configurations and implementing security gateways between users and software and between applications.   Before login access is granted to any device, cyber ...
More
Risk Prevention

Zero Trust 2/4: Endpoints

A Zero Trust approach considers users, endpoints, software, and networks as potential threats until proven otherwise. This post covers endpoints.   Any device used to access, store or control private data requires enforcement of cybersecurity settings & tools (complex password, firewall, logs, inactivity timeout, OS patches, FDE). Multifactor Authentication (MFA) ...
More
Risk Prevention

Zero Trust 1/4: Users

A Zero Trust approach considers users, endpoints, software, and networks as potential threats until proven otherwise. This post covers users.   Do you know who your users are? Can you evidence it? Identity Management is key within zero trust architecture as it ensures that users are who they say they ...
More
Risk Prevention

Managed Is Most Secure

For endpoint protection, you could provide instructions to your users or your IT team to manually configure settings (complex password, inactivity timeout, personal firewall, etc.) and install tools (antivirus, full-disk encryption, multifactor authentication, etc.). With this approach, anyone could change settings or tools, forget to manage them, or make a ...
More
Security Tools

Hardening Systems of Private Data

We all focus on Endpoint and Network Security but too often overlook software and how security settings should be hardened. For example, when you start to use a software, it is usually configured generically by default. You should consider ways to improve security to access and protect the system. Can ...
More
Risk Prevention

Ransomware Protection

Ransomware incidents are up 300% in the past year and remain a top cyber threat as attacks continue to surge against the financial sector. Implementing cybersecurity technical controls is the best defense against ransomware attack. Make sure your antivirus has ransomware safeguards and is configured securely to ensure adequate ransomware ...
More
Risk Prevention

Cybersecurity Risk Assessment

As firms face an increased rate of sophisticated cyberattacks, there is no better time to execute a Cybersecurity Risk Assessment. Proactive vulnerability scans and network penetration testing of your environment allows for risk identification and remediation to prevent cyber intrusion. Even what seems like a small oversight can leave a ...
More
Risk Prevention

Beware of Phishing

Phishing remains a leading cybersecurity threat as cybercriminals use increasingly sophisticated tactics to obtain private data by exploiting human behavior. Posing as a known contact or trusted organization, phishing aims to trick users into providing personal information. Often misspellings, grammatical errors and requests that don’t quite make sense reveal a ...
More
Security Tools

Your Own Gateway VPN

When working remotely or traveling, best practice for securing data across the internet is use of a business-grade firewall with a gateway VPN (Virtual Private Network) that enables encrypted internet connection from anywhere in the world! A next generation gateway VPN allows remote users internet access by routing connectivity through ...
More
Risk Prevention

Ensure Encryption

Encryption is a vital cybersecurity safeguard that protects data while at rest on your device and in transit across a network. Made possible by cryptography, the technique of applying an algorithm to scramble data in a way that only an authenticated recipient with a key can unscramble or decrypt, encryption ...
More
Compliance

Keep Your OS Current

Cybersecurity regulations require that you use a currently supported Operating System (OS) version. OS software has a lifecycle defined by the manufacturer during which critical security updates are issued. When an OS approaches “end of service” an expiration date is set and afterward the system is no longer supported, secure ...
More
Compliance

Audit Preparedness

When it comes to audit preparedness are you a Cyber Ant or Grasshopper? If you don’t have a strong cybersecurity program and safeguards in place by the time Regulators come knocking, it’s already too late. When you receive notice of examination you’ll go into panic mode and rush to prepare. ...
More
Risk Prevention

Hybrid Workforce Cybersecurity

Especially given the last year, we must stop segregating home, traveler, and office users and instead treat all users the same way. The high-level of security you had in the past for office users should now be applied to everywhere your users are. First, make sure the endpoint is protected ...
More
Compliance

NIST-based Asset Inventory Report

In the event of an Audit or Breach, you may be required to demonstrate a list of your assets and their cyber posture. Your NIST-based Asset Inventory Report documents endpoints and their cyber settings, cyber tools and their configuration. This provides evidence of security policy enforcement and regulation compliance. For ...
More
Compliance

POAMs

When reviewing cybersecurity regulation requirements, you may think the expectation is to achieve perfection but what Regulators and Authorities want to see is continual improvement of safeguards rather than an end unto itself. Your cyber program is a living document not a final report. To be able to demonstrate progress, ...
More
Security Tools

DLP Confusion

The confusion related to “DLP” is fueled by the fact there are two definitions of the same acronym, Data Leakage Prevention and Data Loss Protection, which are often interchanged as Data Leakage Protection and Data Loss Prevention. Whatever definition you use, the purpose of DLP is to restrain data outflow ...
More
Risk Prevention

Reboot Your Computer

One critical but simple action to significantly improve cybersecurity & system performance is routine System Reboot. As a best practice and as required by some regulations your operating system and antivirus should be maintained as the latest, most secure, version available. Important updates, patches, and fixes are continually released and ...
More
Risk Prevention

Vendor Risk Management

The best way to minimize risk when working with a vendor that handles your private data in providing service to you is to perform Vendor Risk Assessment, which requests demonstration of the same safeguards and policies that you have in place to protect client NPI.
More
Risk Prevention

Cost vs Benefits

Data Breaches are costly. Did you know that 60% of firms go out of business within 6 months of experiencing a breach? Damage ranging from significant financial loss to lasting destruction of your firm’s reputation can be prevented by putting cybersecurity in place. Positioned between unrelenting cyberthreats and your firm, ...
More
Network Security Risk Prevention

Smartphone Security

Think you’re saving money on your Smartphone data plan by utilizing free WiFi? Think again. Smartphone data is most secure when kept within your provider’s network. The moment you change your network to free WiFi your data becomes at high risk. Fraudsters lie in wait in public domains trying to ...
More
Risk Prevention

Dark Web Data

Your private data or user credentials could be for sale on the dark web right now put there by cybercriminals who work around the clock to exploit weaknesses in cybersecurity. Cybercrime has significant negative impact upon you, your firm and your clients. Prevent a cyberattack by putting cybersecurity in place. ...
More
Security Tools

Multifactor Authentication

Requiring Multi-Factor Authentication (MFA) for all user accounts helps protect devices and the data that’s accessible to users. MFA is the process of verifying identity on sign in to confirm that an access request is genuine. This double check before entry granted feature increases your level of protection should a ...
More
Network Security Security Tools

Network Security

A business-grade firewall is your first line of defense to secure your network. It provides advanced security features such as VPN Gateway to extend your secure network to remote users, and capability to link with remote office firewalls. Firewall monitoring and management are required to maintain your network’s security. You ...
More
Risk Prevention

Video Conferencing Best Practices

Video Conferencing software is an excellent tool for virtual meetings while working remotely from home or traveling. To ensure that video conferences are as secure as possible, we’ve prepared best practice guidelines to protect private data. As a reminder, we start with best practices to select and configure any software: ...
More
Compliance

Cost of a Cyber Breach

The cost of a cyber breach could devastate your firm. Investment into cybersecurity protects you by mitigating risk of a breach and increasing the likelihood that your cyber insurance will cover damages. If your firm experiences a cyber breach you may be required to report it to authorities. If you ...
More
Compliance

Travel Securely

Usage of a VPN when traveling is the best practice for protecting your data across the internet. There are two major issues however that threaten compliance using a VPN: You must know where your data is hosted because you cannot have data hosted outside the US. And, when you select ...
More
Risk Prevention

Cybersecurity Insurance

Having Cybersecurity Insurance does not guarantee payout in the event of a claim. In fact, a cybersecurity claim could be denied from the outset if your firm is out of compliance. Inadequate cybersecurity leaves you vulnerable twice; initially for a breach then denial of a claim from an insurance policy ...
More
Risk Prevention

Cybersecurity Risk Assessment

Are you a seller ready to exit or gain momentum by joining a bigger firm? Are you a buyer ready to acquire a successful firm for a growing portfolio? In either case, a cybersecurity risk assessment is vital to a successful transaction strategy. As a buyer, due diligence suggests hiring ...
More
Compliance

Surprise audit from regulators

Are you ready for a surprise audit from regulators? Do you have all your cyber program policies in place and can you evidence it? Would you like to go through a 1-hour mock audit to review your endpoint and network cybersecurity posture and compliance? http://ow.ly/j9Dv50Az5bI
More
Risk Prevention

Printers and scanners

Printers and scanners are often forgotten devices that are important for your firm’s cybersecurity. Did you know there’s a feature on some printers or scanners that can be set to retain a copy of everything it processes? You should disable the option to keep data or ensure data encryption otherwise ...
More
Risk Prevention

The Dark Web

The Dark Web is a hidden part of the internet used for illicit purposes. Hackers put stolen credentials up there for sale. A password prefix can help to protect you! Create your password using the first few letters of the system you are logging into followed by a series of ...
More
Compliance

Properly decommission a computer

There are two options to properly decommission a computer used to access or store private data: destroy or repurpose. You can destroy the hard disk yourself and evidence the process with pictures or hire a third-party who will provide a certificate of destruction. You can securely repurpose an encrypted disk ...
More
Security Tools

A Password Manager app offers ideal balance between security and time-saving access

To protect access to private data, strengthen your credentials by using a Password Manager to securely store them. Password data is robustly encrypted to your device and safeguarded in a protected vault further secured by MFA. A Password Manager app offers ideal balance between security and time-saving access. It eliminates ...
More
Risk Prevention

Use of a complex username diminishes risk of malicious algorithms

When a username is created properly it serves as additional security. Use of a complex username diminishes risk of malicious algorithms being able to predict credentials. “Web Scraping” is a practice of data extraction used for market intelligence, but it can also be used nefariously. Bots operating at the direction ...
More