I spent a lot of time early in my career solving complicated problems related to security. In the late 1990's, I consulted as a civilian for the NSA to help automate the 'need-to-know' access of their internal web infrastructure and documentation. I followed that with some time as a Reserve Information Operations Officer for the U.S. Army, and then working for financial services companies including VISA during the birth of the PCI standards. Needless to say, the security field is one with overwhelming depth and it can be challenging for companies to make an iterative, incremental plan to become more secure.
Has anyone at your organization ever received an e-mail that was not what they thought it would be? Maybe it was a message from a vendor looking to verify sensitive account information; a message from an accountant sending completed tax returns, but in the month of August; or a note from what appears to be your accounting firm, indicating they need you to confirm Social Security Numbers in order to send employees paychecks?
As we all work through our holiday gift giving lists this "Cyber Monday," it's important to be cyber aware of "the Grinch" lurking in the corners waiting to steal our private, and what we hope and think is secure, information. So, before you begin to cross the names off your list while experiencing that great sense of accomplishment, take a few moments to read through these "cyber shopping" best practices to protect yourself and your information. Nobody wants to spend the holidays recovering their data and identity.
I packed my cloud bag and in it I placed...
As we've begun to adopt a myriad of cloud-based services, our network perimeter has become more expansive and therefore, potentially more porous. Cloud services may need additional firewall ports open, which is equivalent to opening more doors into your home. On top of this, your employees are now working wherever they want and they’re using a handful of different devices. Last but not least, your data is racking up an impressive amount of frequent flier miles as it travels and gets stored in platforms strewn all across the country.
Most employees want to be productive. As cloud service consumers, they have become accustomed to finding a tool or app that will help fill a need and simply buy it without obtaining approval from the organization first. This practice of employees bypassing IT management to procure tools and services without proper vetting has infiltrated the workplace and is known as Shadow IT.
It is reported that around 269 billion emails are sent worldwide each day with 150(+/-) of those being delivered straight to each of your employee's Inboxes. According to Symantec’s 2017 Internet Security Threat Report, one in 131 emails contains malware. This means that on a daily basis every one of your employees is faced with emails that threaten the security of your organization’s data.
Increasingly, organizations are enabling their workforce to be productive from anywhere at any time. Desktops gave way to laptops that could be taken out of the office, cell phones gave way to smartphones and email, and now remote access to the company network is giving way to the cloud and mobile apps. This evolution comes with many benefits, but if it’s not approached with careful thought and planning, it can also come with unacceptable risk.
Trends in Information Technology are continuously changing and, as a result, businesses are having to adapt to those changes. Let's take a look at the most prominent IT trends that are showing up today.
The "Goldeneye" or "Petya" ransomware attack is spreading across Europe and the United States and exploits the same vulnerability as WannaCry (the recommendations we made in the initial SE Alert still apply).
What’s different about this attack is that it has a second method of infecting networks. This method attacks networks via a compromised Microsoft Office or PDF attachment. Here are some good practices to follow when dealing with an attack such as this:
The SE Blog is a place for partners, clients, affiliates, and others to reference company news, industry events, technology updates, and more. With that in mind, listed below is a reference of this year's more popular blog articles by subject, making it easier for you to navigate and read through. Enjoy!