When it comes to creating a cybersecurity process that can consistently translate security expectations into actionable tactics, you need a framework. Frameworks are how regulations for data confidentiality and safety are communicated and enforced in many industries. For example, any company that gathers and stores information about your health or medical care must be compliant with HIPAA. What is a Compliance Framework? A cybersecurity compliance framework is a set of guidelines and best practices that enable consistency and clear communication about security expectations. Compliance frameworks communicate cybersecurity standards, but they don’t provide instructions for exactly how those standards should be […]

What do cyber-criminals do when they need more computing power? They steal it, of course, and something connected to your network could be captured and enslaved in a global botnet army if you haven’t hardened your systems. This is what occurred in 2016 when a huge Denial of Service attack targeted high profile websites and hosting providers.* Here’s how it happens. A cyber-criminal searches the internet for devices that have weak, default or no passwords or other holes that can be exploited. When they find an open door, they confiscate the computing power and turn it in the direction they […]

When you want to know if what you’re doing to protect your organization from cyber-attack is effective, you should check your security controls with a penetration test (or pen test). A pen test simulates what a real attacker might do to get into your network and capture the credentials and privileges that would give them ultimate power to do anything they want in your IT systems. Discovering if your systems can be compromised is a good thing for you to do if you’re a business leader managing risk. However, the need for a pen test may be dictated by someone […]

Web apps have made it easy for just about anyone to start a service business. All you have to do is buy a subscription to the software and off you go. Along with the latest software, you’ll get access to tutorials and tech support, and you can even join an online forum where you can interact and learn from others in the same business. Sounds great, doesn’t it?  Yes, it’s great except this is not what it seems. This is the cyber-criminal ecosystem and the improvements that have allowed business technology to evolve so quickly are the same kind of […]

An employee gets an email that says their invoice is attached. Opening the attachment downloads a computer virus that encrypts the files on their computer in seconds. The virus spreads to other computers in the company and soon the entire network is taken down and a cyber-criminal is demanding a hefty ransom in return for the encryption key that’s required to release the data. This is what cyber experts call – a cold, dark day. It’s the day when you have a cyber-attack. While cyber-attacks like this ransomware scenario can happen quickly, these days it’s more common for the bad […]

With a Zero Trust strategy for cybersecurity, the presence of an intruder is assumed. That means that tactics are needed to limit exposure and the potential damage that the intruder can do. One of those tactics is the Principle of Least Privilege. Least privilege involves matching up permissions to access data with the job or tasks that need to be done. This starts with determining exactly what data is needed to perform specific functions and then establishing limits. Historically, companies have been quite relaxed when it comes to allocating permissions with user and even administrator accounts because opening up access […]

Imagine that you’re in charge of protecting a castle. The castle has a drawbridge and a moat around it. You have guards stationed at the drawbridge who monitor the people coming into the castle. The guards let citizens in and keep known bad guys out. Because the guards prevent the bad guys from coming into the castle, the citizens can safely go about their business. Now imagine that the bad guys have found other ways to get inside the castle besides the drawbridge. They’re scaling the walls unseen at night. They’re getting past the guards by disguising themselves as citizens. […]

It used to be that cybersecurity for businesses meant creating a technical barrier around their network and data and they were good to go. Sadly, that’s not enough anymore. Cybersecurity risks for business have evolved and so has the technology that your employees work with every day. Your organization is probably using more cloud apps and have your people working from more locations than ever before and cybercriminals would love to exploit the vulnerabilities that you don’t know are there. The bottom line is that yesterday’s cybersecurity strategy isn’t going to address today’s challenges with IT security for businesses. The […]

Here are some ways you can decide whether to trust a website link or page in a web browser and tell when things smell phishy. Taking the time to look for signs of a hack attempt in links and websites is like washing your hands; it helps keep you and your co-workers safe, and every adult should know how to do it. We’ll start with the best ways to tell if a link or website is safe or a hack attempt. First, look at the link address you are about to visit. In many cases, you can hover your mouse […]