Gauging Risk Tolerance for Remote Workforce Security Versus Privacy

Security vs Privacy: Vetting Remote Workforce Environment

In “The Business Continuity Shift: Ensuring Telework Security” we explained that, at the beginning of the COVID-19 crisis, many organizations were scrambling to get the infrastructure in place to support a fully remote workforce. At the time, telework security took second place to the ability to continue business operations. Next, we explored “The Importance of Identity […]

The Importance of Identity Management and Governance for Telework Security

Identity Management and Governance for Telework Security

During the COVID-19 pandemic, organizations’ switch to a remote workforce has, in many cases, left employees working from home without the tools or training required to protect the organization. This served to highlight the need for identity management and governance for telework security. While enforcing the use of a virtual private network (VPN) when working […]

The Business Continuity Shift: Ensuring Telework Security

Ensuring Telework Security

The COVID-19 pandemic caught most of the world, including many information technology (IT) shops by surprise, to put it mildly. While many organizations had business continuity plans (BCPs) in place, few had taken the extreme measures required for ensuring telework security for pandemic response.  Why? Because many of even the most rigorous BCPs didn’t cover […]

Using MITRE ATT&CK Framework for Beyond-Checkbox Cybersecurity

Using MITRE ATT&CK Framework for Beyond-Checkbox Cybersecurity

What is the MITRE ATT&CK Framework? MITRE’s Adversarial Tactics, Techniques and Common Knowledge (ATT&CK) framework is a threat-focused tool bringing together information about the tactics, techniques and procedures (TTPs) adversaries use to compromise their targets. The goal of the framework is to collect all relevant and available information about the TTPs Advanced Persistent Threats (APT) […]

4 Security Precautions Before Reintroducing Devices to the Network

Security precautions before reintroducing devices to the network

The COVID-19 pandemic resulted in many organizations transitioning to a remote workforce without time to properly prepare. Devices that are normally connected directly to the corporate network may not be configured to operate securely when working remotely. Before allowing these devices to reconnect to the internal network, it is important to ensure that they are […]

Achieve Secure Cloud Adoption Using HITRUST

Using HITRUST for Secure Cloud Adoption

Most security teams are accustomed to operating in an environment where they have a high level of access to and control over their network infrastructure. In an on-premises data center, the organization owns and controls their own infrastructure, making it relatively easy to implement required security controls, perform audits, and achieve and maintain regulatory compliance. […]

How to know if your MSSP is equipped to support you through a breach

MSSP equipped to support you in case of a breach

Bad actors are relentless in their attempts to infiltrate networks. Despite the most rigorous efforts by internal teams and managed security service providers (MSSPs), the result is breaches happen. When that occurs, it’s important your MSSP is equipped to support you by being able to pivot from normal operations to emergency mode on your behalf […]

Why Pen Tests are Key to a Robust Incident Response Plan

Pen Tests are Key to a Robust Incident Response Plan

With organizations’ movement to digitize data and automate operations, coupled with the money that stands to be made from selling data on the dark web, hackers are highly motivated to steal what we have made available to them. It’s no longer a matter of if you will experience a cybersecurity incident, but a matter of […]

Community Bank Cybersecurity During COVID-19

Community Bank Cybersecurity During COVID-19

Cyber criminals are creatures of opportunity and the COVID-19 crisis worldwide has created ample means, motivation, and method for taking advantage of the world’s workforce now primarily operating from home instead of the safer confines of enterprise networks. Financial institutions were already a target-rich environment for cybercriminals, since they offer multiple avenues for profit such as extortion, theft, and fraud. […]

How to Protect Workers from Increased Phishing Attacks During COVID-19

Protect Workers from Increased Phishing Attacks During COVID-19

Cybercriminals are taking advantage of the vulnerabilities introduced by organizations forced to rapidly move employees to a virtual workforce model and the resulting greater reliance on the internet. Google reports the number of active phishing websites has increased from 149,195 in January to 522,495 in March. That’s an increase of 350 percent since the beginning […]