Cloud Security Using Defense in Depth

Cloud Security Using Defense in Depth

Many companies assume cloud security for their data falls under the responsibility of their cloud service provider (CSP): That this entity has adequate tools, policies and procedures in place for protecting the data with which they are entrusted. While this is true to some extent – certain controls within a comprehensive cloud security program must […]

Ransomware Prevention to Incident Response

Ransomware Prevention to Incident Response

A ransomware attack can be a debilitating event for an unprepared person or organization. Depending on the type and value of the data stored on an infected computer, the impact of a n incident can range from a minor hiccup in operations to the death of the company. According to a recent report, ransomware demand costs […]

10 Factors for Cloud Security During Selection and Implementation

Cloud Security During Selection and Implementation

In the not-so-distant past, IT security was based on perimeter protections surrounding racks of on-premises servers. There was a clear distinction between inside versus outside, and it was theoretically possible to admit only authorized users and connections. Today, the internet, smart devices and cloud services are changing the way we do business and offer undeniable […]

Password Spray Attack Q&A with a Penetration Tester

password spray attack

Penetration testers, or ethical hackers, use the same tactics, techniques and practices (TTPs) as cyber attackers, but on behalf of an organization to identify vulnerabilities to be remediated before the bad guy gets to them. A password spray attack is a common way our pen testers infiltrate networks; so much so that we feel it’s […]

Monitoring Telework Security with Disappearing Network Perimeters

Monitoring Telework Security in a World with Disappearing Network Perimeters

Many organizations’ security monitoring infrastructure is based upon the assumption that most employees are connected directly to the corporate LAN. By collecting data from Active Directory domain controllers, the perimeter firewall, server and workstation event logs, endpoint protection logs and other key on-premises based data sources an organization can maintain a high level of visibility […]

5 Considerations for Writing New Remote Workforce Policies and Procedures

Writing Policy and Procedures for New Remote Workforce

Rapid response to potential threats and security incidents is essential to minimizing their cost and impact. Cybersecurity policies and procedures help to speed incident response by ensuring that all parties involved know their responsibilities and how to carry them out. As businesses now consider adjusting their permanent workplace model to accommodate telecommuting, writing new remote […]

3 Differences in Incident Response for a New Remote Workforce

Incident Response for a New Remote Workforce

The COVID-19 pandemic has driven many organizations to transition to remote work without sufficient time to prepare, creating new opportunities for hackers to attack vulnerable systems and unsuspecting users.  This article delves into how the rush to maintain “business as usual” during crisis may have caused an organization to overlook the impacts telework incident response […]

Gauging Risk Tolerance for Remote Workforce Security Versus Privacy

Security vs Privacy: Vetting Remote Workforce Environment

In “The Business Continuity Shift: Ensuring Telework Security” we explained that, at the beginning of the COVID-19 crisis, many organizations were scrambling to get the infrastructure in place to support a fully remote workforce. At the time, telework security took second place to the ability to continue business operations. Next, we explored “The Importance of Identity […]

The Importance of Identity Management and Governance for Telework Security

Identity Management and Governance for Telework Security

During the COVID-19 pandemic, organizations’ switch to a remote workforce has, in many cases, left employees working from home without the tools or training required to protect the organization. This served to highlight the need for identity management and governance for telework security. While enforcing the use of a virtual private network (VPN) when working […]

The Business Continuity Shift: Ensuring Telework Security

Ensuring Telework Security

The COVID-19 pandemic caught most of the world, including many information technology (IT) shops by surprise, to put it mildly. While many organizations had business continuity plans (BCPs) in place, few had taken the extreme measures required for ensuring telework security for pandemic response.  Why? Because many of even the most rigorous BCPs didn’t cover […]