Phishing Attacks Part 1

Phishing Attacks: Part 1 What is Phishing? Phishing attacks use e-mail to trick users into downloading malware onto their systems for the purpose of stealing information or placing the user in a compromising position that the attacker can exploit. Malware can be ransomware, which encrypts all files until the victim pays a ransom – usually […]

Phishing Attacks Part 1 Read More »

$30 Solution to Ransomware

The $30 Solution to Ransomware What is Ransomware? Ransomware is becoming the number 1 form of malware, affecting individuals and businesses alike.  In 2019, ransomware attacks are expected to climb to over 11 billion in payments and repair damages.  The typical business hit by a ransomware attack will spend about $133,000 to recover its information

$30 Solution to Ransomware Read More »

Social Engineering

Social Engineering If the “IRS” calls… The “IRS” called me last week stating that they just audited my 2017 returns and that I owed them $1627.59.  The caller indicated that I needed to make a payment quickly or the police would be coming to my house to arrest me.  The caller then asked for my

Social Engineering Read More »

Vulnerability Optimization

Vulnerability Optimization Which Fix First? I had the opportunity to oversee a cybersecurity assessment of a department of a federal agency recently.  During the assessment, the IT staff was asked, “How do you decide which vulnerabilities to fix first?” After much hesitation, the head of the IT department answered, “They try to do them all,”

Vulnerability Optimization Read More »

Small Business Cyber Risk

Small Business Cyber Risk Are You One of the 47%? Did you know that 47% of small business (companies with around 500 employees) have suffered a cyber attack last year?[i][1] Did you know that the Federal government is so concerned about small business exploitation that they now require their small business contractors to complete an

Small Business Cyber Risk Read More »

Verification Vs. Validation

Verification Vs. Validation Doing Right Things vs. Doing Things Right Today I would like to talk about verification versus validation. With respect to security, businesses are often focused on doing the right things but fail to do the things right. Equifax is an example of an organization that strategically was doing the right things but

Verification Vs. Validation Read More »

Access Control Lists

Access Control Lists Access Control Lists Do you know who has access to your most sensitive data?  Access Control Lists (ACLs) are developed to place people into groups to access various types of information.  For instance, your HR department has access to employee salary and performance information, training and certifications, and medical plans. Likewise, the finance

Access Control Lists Read More »

Cyber Security Awareness Training

Cyber Security Awareness Training Cyber Security Awareness TrainingIncreases Company Security Cyber security awareness training provides the greatest assurance of reducing information system compromise.  People remain the biggest weakness of any information system.  Properly trained people on cyber security decreases the risk of system compromise by 80%[i]. Recently, an employee in another department presented me with

Cyber Security Awareness Training Read More »

Avoid These NIST Compliance Problems

Avoid These NIST Compliance Problems Why Do I Need NIST 800-171 Compliance? Small businesses that provide contractors to the Federal Government must implement the controls and safeguards of NIST SP 800-171 “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.”  The National Institute of Standards and Technology requirements protect the confidentiality of Controlled Unclassified

Avoid These NIST Compliance Problems Read More »