Cyber Bites
- All
- Compliance
- Risk Prevention
- Security Tools
All
- All
- Compliance
- Risk Prevention
- Security Tools
Password Manager Best Practices
To ensure strong password protection when using a Password Manager app, it is best practice to create complex passwords and change them regularly. In addition, implementing multi-factor authentication (MFA) adds an extra layer of security by requiring the user to approve any login attempts. Properly configuring your Password Manager ...
More
Removable Storage Device Encryption
To prevent the loss of private data, it is recommended to either block external drives from use or enforce their encryption. If, for example, you back up private data to an un-encrypted drive (such as a USB drive) and it is lost or stolen, anyone can access its content, ...
More
The Importance of Device Decommissioning
Your firm’s Cyber Program or Written Information Security Policy (WISP) should include a procedure for decommissioning devices when they will no longer be used. Regulators are requesting that firms formally offboard, track and retain records of devices that were used to access or store private data. For example, one ...
More
What do hackers see about your firm?
FCI offers a Corporate Internet Attack Surface Assessment (CIASA) that provides complete visibility of your business’s attack surface, from internal networks to the farthest reaches of the internet, where attackers lurk. Discover, classify, and manage internet-facing corporate assets.
More
Big Cyber Risk: Unmanaged Devices
One of the biggest risks in cybersecurity is the allowance of unmanaged devices to access enterprise private data. When unmanaged, a firm does not have the ability to ensure cybersecurity safeguards and compliance of devices connecting to its corporate network, which introduces higher risks for data breaches and regulatory ...
More
Zero Trust 4/4: Networks
A Zero Trust approach considers users, endpoints, software, and networks as potential threats until proven otherwise. This post covers networks. Implementation of security policies is supported by a commercial-grade firewall, which prevents unauthorized entry as an inspection gateway for in and outbound traffic. For remote and home users, the inclusion ...
More
Zero Trust 3/4: Software
A Zero Trust approach considers users, endpoints, software, and networks as potential threats until proven otherwise. This post covers software. Zero Trust software is achieved by hardening configurations and implementing security gateways between users and software and between applications. Before login access is granted to any device, cyber ...
More
Zero Trust 2/4: Endpoints
A Zero Trust approach considers users, endpoints, software, and networks as potential threats until proven otherwise. This post covers endpoints. Any device used to access, store or control private data requires enforcement of cybersecurity settings & tools (complex password, firewall, logs, inactivity timeout, OS patches, FDE). Multifactor Authentication (MFA) ...
More
Zero Trust 1/4: Users
A Zero Trust approach considers users, endpoints, software, and networks as potential threats until proven otherwise. This post covers users. Do you know who your users are? Can you evidence it? Identity Management is key within zero trust architecture as it ensures that users are who they say they ...
More
Managed Is Most Secure
For endpoint protection, you could provide instructions to your users or your IT team to manually configure settings (complex password, inactivity timeout, personal firewall, etc.) and install tools (antivirus, full-disk encryption, multifactor authentication, etc.). With this approach, anyone could change settings or tools, forget to manage them, or make a ...
More
Hardening Systems of Private Data
We all focus on Endpoint and Network Security but too often overlook software and how security settings should be hardened. For example, when you start to use a software, it is usually configured generically by default. You should consider ways to improve security to access and protect the system. Can ...
More
Ransomware Protection
Ransomware incidents are up 300% in the past year and remain a top cyber threat as attacks continue to surge against the financial sector. Implementing cybersecurity technical controls is the best defense against ransomware attack. Make sure your antivirus has ransomware safeguards and is configured securely to ensure adequate ransomware ...
More
Cybersecurity Risk Assessment
As firms face an increased rate of sophisticated cyberattacks, there is no better time to execute a Cybersecurity Risk Assessment. Proactive vulnerability scans and network penetration testing of your environment allows for risk identification and remediation to prevent cyber intrusion. Even what seems like a small oversight can leave a ...
More
Beware of Phishing
Phishing remains a leading cybersecurity threat as cybercriminals use increasingly sophisticated tactics to obtain private data by exploiting human behavior. Posing as a known contact or trusted organization, phishing aims to trick users into providing personal information. Often misspellings, grammatical errors and requests that don’t quite make sense reveal a ...
More
Your Own Gateway VPN
When working remotely or traveling, best practice for securing data across the internet is use of a business-grade firewall with a gateway VPN (Virtual Private Network) that enables encrypted internet connection from anywhere in the world! A next generation gateway VPN allows remote users internet access by routing connectivity through ...
More
Ensure Encryption
Encryption is a vital cybersecurity safeguard that protects data while at rest on your device and in transit across a network. Made possible by cryptography, the technique of applying an algorithm to scramble data in a way that only an authenticated recipient with a key can unscramble or decrypt, encryption ...
More
Keep Your OS Current
Cybersecurity regulations require that you use a currently supported Operating System (OS) version. OS software has a lifecycle defined by the manufacturer during which critical security updates are issued. When an OS approaches “end of service” an expiration date is set and afterward the system is no longer supported, secure ...
More
Audit Preparedness
When it comes to audit preparedness are you a Cyber Ant or Grasshopper? If you don’t have a strong cybersecurity program and safeguards in place by the time Regulators come knocking, it’s already too late. When you receive notice of examination you’ll go into panic mode and rush to prepare. ...
More
Hybrid Workforce Cybersecurity
Especially given the last year, we must stop segregating home, traveler, and office users and instead treat all users the same way. The high-level of security you had in the past for office users should now be applied to everywhere your users are. First, make sure the endpoint is protected ...
More
NIST-based Asset Inventory Report
In the event of an Audit or Breach, you may be required to demonstrate a list of your assets and their cyber posture. Your NIST-based Asset Inventory Report documents endpoints and their cyber settings, cyber tools and their configuration. This provides evidence of security policy enforcement and regulation compliance. For ...
More
POAMs
When reviewing cybersecurity regulation requirements, you may think the expectation is to achieve perfection but what Regulators and Authorities want to see is continual improvement of safeguards rather than an end unto itself. Your cyber program is a living document not a final report. To be able to demonstrate progress, ...
More
DLP Confusion
The confusion related to “DLP” is fueled by the fact there are two definitions of the same acronym, Data Leakage Prevention and Data Loss Protection, which are often interchanged as Data Leakage Protection and Data Loss Prevention. Whatever definition you use, the purpose of DLP is to restrain data outflow ...
More
Reboot Your Computer
One critical but simple action to significantly improve cybersecurity & system performance is routine System Reboot. As a best practice and as required by some regulations your operating system and antivirus should be maintained as the latest, most secure, version available. Important updates, patches, and fixes are continually released and ...
More
Vendor Risk Management
The best way to minimize risk when working with a vendor that handles your private data in providing service to you is to perform Vendor Risk Assessment, which requests demonstration of the same safeguards and policies that you have in place to protect client NPI.
More
Cost vs Benefits
Data Breaches are costly. Did you know that 60% of firms go out of business within 6 months of experiencing a breach? Damage ranging from significant financial loss to lasting destruction of your firm’s reputation can be prevented by putting cybersecurity in place. Positioned between unrelenting cyberthreats and your firm, ...
More
Smartphone Security
Think you’re saving money on your Smartphone data plan by utilizing free WiFi? Think again. Smartphone data is most secure when kept within your provider’s network. The moment you change your network to free WiFi your data becomes at high risk. Fraudsters lie in wait in public domains trying to ...
More
Dark Web Data
Your private data or user credentials could be for sale on the dark web right now put there by cybercriminals who work around the clock to exploit weaknesses in cybersecurity. Cybercrime has significant negative impact upon you, your firm and your clients. Prevent a cyberattack by putting cybersecurity in place. ...
More
Multifactor Authentication
Requiring Multi-Factor Authentication (MFA) for all user accounts helps protect devices and the data that’s accessible to users. MFA is the process of verifying identity on sign in to confirm that an access request is genuine. This double check before entry granted feature increases your level of protection should a ...
More
Network Security
A business-grade firewall is your first line of defense to secure your network. It provides advanced security features such as VPN Gateway to extend your secure network to remote users, and capability to link with remote office firewalls. Firewall monitoring and management are required to maintain your network’s security. You ...
More
Video Conferencing Best Practices
Video Conferencing software is an excellent tool for virtual meetings while working remotely from home or traveling. To ensure that video conferences are as secure as possible, we’ve prepared best practice guidelines to protect private data. As a reminder, we start with best practices to select and configure any software: ...
More
Cost of a Cyber Breach
The cost of a cyber breach could devastate your firm. Investment into cybersecurity protects you by mitigating risk of a breach and increasing the likelihood that your cyber insurance will cover damages. If your firm experiences a cyber breach you may be required to report it to authorities. If you ...
More
Travel Securely
Usage of a VPN when traveling is the best practice for protecting your data across the internet. There are two major issues however that threaten compliance using a VPN: You must know where your data is hosted because you cannot have data hosted outside the US. And, when you select ...
More
Cybersecurity Insurance
Having Cybersecurity Insurance does not guarantee payout in the event of a claim. In fact, a cybersecurity claim could be denied from the outset if your firm is out of compliance. Inadequate cybersecurity leaves you vulnerable twice; initially for a breach then denial of a claim from an insurance policy ...
More
Cybersecurity Risk Assessment
Are you a seller ready to exit or gain momentum by joining a bigger firm? Are you a buyer ready to acquire a successful firm for a growing portfolio? In either case, a cybersecurity risk assessment is vital to a successful transaction strategy. As a buyer, due diligence suggests hiring ...
More
Surprise audit from regulators
Are you ready for a surprise audit from regulators? Do you have all your cyber program policies in place and can you evidence it? Would you like to go through a 1-hour mock audit to review your endpoint and network cybersecurity posture and compliance? http://ow.ly/j9Dv50Az5bI
More
Printers and scanners
Printers and scanners are often forgotten devices that are important for your firm’s cybersecurity. Did you know there’s a feature on some printers or scanners that can be set to retain a copy of everything it processes? You should disable the option to keep data or ensure data encryption otherwise ...
More
The Dark Web
The Dark Web is a hidden part of the internet used for illicit purposes. Hackers put stolen credentials up there for sale. A password prefix can help to protect you! Create your password using the first few letters of the system you are logging into followed by a series of ...
More
Properly decommission a computer
There are two options to properly decommission a computer used to access or store private data: destroy or repurpose. You can destroy the hard disk yourself and evidence the process with pictures or hire a third-party who will provide a certificate of destruction. You can securely repurpose an encrypted disk ...
More
A Password Manager app offers ideal balance between security and time-saving access
To protect access to private data, strengthen your credentials by using a Password Manager to securely store them. Password data is robustly encrypted to your device and safeguarded in a protected vault further secured by MFA. A Password Manager app offers ideal balance between security and time-saving access. It eliminates ...
More
Use of a complex username diminishes risk of malicious algorithms
When a username is created properly it serves as additional security. Use of a complex username diminishes risk of malicious algorithms being able to predict credentials. “Web Scraping” is a practice of data extraction used for market intelligence, but it can also be used nefariously. Bots operating at the direction ...
More