Join me on my journey as I share my insights and experiences on web development, business, and content creation.
What is a pentest and why should I have it performed? Organizations are faced with the increasing scrutiny of more complex and sophisticated attacks by threat actors against key information systems that are essential to the organization. Complex attacks such as ransomware and data exfiltration are being used against organizations or systems that they encounter or somehow get access to. When an attacker wants to break into a system, they will typically choose the easiest and most direct methods in means in order to access it. The problem is an...
Cybersecurity Threats and Talent Shortage Cybersecurity risks and threats are issues that all organizations, large and small, must deal with. Whether the issues are information security program related or a technical challenge, organizations need to have the personnel resources to solve the cybersecurity issues as aligned to the business requirements set forth. In an ever-growing cloud-based services industry, information security risk is never greater. Cyberattacks are growing in impact and frequency. Not a week passes without a headline of another cybersecurity attack such as a data breach or a ransomware...
Why is a cybersecurity training so important? Security awareness training is one of the most critical and important security requirements for any size organization to consider implementing within their environment. Arguably, the greatest risk faced by any organization is the danger of insider threat as employees are can be considered a weak link in the chain as they are susceptible to curiosity, greed, envy, etc. To further increase risk, employees may be faced with the threat of social engineering attacks including phishing, baiting, spear phishing, tailgating, scareware, pretexting, quid pro...
Why is a risk assessment so important? A cyber security risk assessment is a critical activity performed on your company’s security policy procedures and infrastructure to reveal potential threats to key corporate assets and vulnerabilities in your current security controls as implemented. What is the goal of a risk assessment? The goal of a security risk assessment is to define the appropriate safeguards that your company will need to implement in order to align to your company’s risk assessment objective, profile, and priorities. An organization faces many types of threats...
What is the CMMC (Cybersecurity Maturity Model), and what does it mean for you? The Cybersecurity Maturity Model Certification (CMMC) is the Department of Defense’s (DoD) latest cybersecurity program designed to ensure that cybersecurity controls and processes adequately protect Controlled Unclassified Information (CUI) that resides on Defense Industrial Base (DIB) systems and networks. The DIB consists of all suppliers of DOD related services including primes/subs/consultants that provide any type of service on a DOD related contract. The DoD implemented requirements for safeguarding CUI information and cyber incidents through the release...
What Is Telehealth? The Health Resources and Services Administration (HRSA) of the U.S. Department of Health and Human Services (HHS) defines telehealth as: The use of electronic information and telecommunications technologies to support and promote long-distance clinical health care, patient and professional health-related education, and public health and health administration. Technologies include videoconferencing, the internet, store- and-forward imaging, streaming media, and landline and wireless communications. The Office for Civil Rights (OCR) has made it easier for all covered healthcare providers to participate in telehealth during the COVID-19 nationwide public health...
The internet has gone from strength to strength and part of the beauty of it is the fact that it enables us all to communicate freely with people everywhere in the world. Now with the growth of Wi-Fi we have allowed ourselves to create devices which also connect to the internet and deliver or transfer data within a network. While this connectivity is amazing, the unfortunate downside is that each internet connected individual on the planet has their own networks and their own data that can fall victim to theft...
Working remote has many benefits but also creates many cybersecurity risks. Here is a handy list of do’s and Dont’s to help you protect your company and sensitive information. Do’s Read & Acknowledge your company’s remote work and bring your own device (BYOD) policies and procedures Avoid using your personal device for work and restrict the use of company issued devices for personal use Protect the data you are accessing by using a VPN to login the company network Dont’s Ignore the guidelines in your company’s policies. Make the required...
Top Tips on Working From Home Securely The necessity of working from home is becoming a reality for many workforce members that may not have had this access before. While remote working offers many benefits to employees, many more risks appear as cybercriminals prey on the lax security protocols of the remote worker. It is critical that we as employees treat this access as a privilige, making security our top concern. Your organizations remote access policy will layout the requirements you should be adhering to during remote sessions. If your...
The threat of the Novel Coronairus has recently been a top concern worldwide. With many conspiracy theories, disinformation or just general curiosity many citizens are looking for more information on the outbreak from a trusted source. Cybercriminals are aware in the interest in these subjects and are crafting malicious emails designed to infect your computer or steal information. This means trying to get information on a virus could lead to a virus on your computer. In this recent scam people are impersonating the World Health Organization (WHO), a trusted name...
The COVID-19 crisis has forced many organizations and businesses to work from home. Are you aware of the cybersecurity risks to your business with your employees working remotely? As we shift to working from home you’re business has to face new challenges. Verifying the legitimacy of a potential phishing email is not as easy as it once was with new techniques being deployed daily. How are your computers being managed? Is your data safe? Have you talked about cybersecurity with your staff? COVID-19 is not going away any time soon,...
Its really sad that we live in a time when scammers are still so active in the face of such hardship and adversity, however it is the environment where people are the most vulnerable. We have seen an uptick in emails and calls to individuals and businesses scamming or trying to scam people out of their stimulus monies, and trying to defraud people by posing as banks asking for sensitive information for Paycheck Protection Loans. The Federal Government nor Banks will call to solicit or entice you into giving you...
Business email compromises (BEC) scams made a big statement in 2018, seeing a 133% increase over 2017, according to a recent report by Beazley Breach Response Services. The Beazley Breach Briefing looked at information gathered from investigations into more than 3,300 data incidents that were reported to Beazley in 2018. The investigations revealed that nearly half (47%) of the data incidents investigated were the result of a hack or malware. Diving deeper, the investigations revealed that half of those hacking or malware incidents were BEC scams. What is a BEC scam? BEC...
We are all aware of federal compliance regulations when it comes to the privacy and security of our information. For example, you’d be hard pressed to find someone who hasn’t heard of HIPAA. Yet are you aware that regulations have been put in place at the state level that have the same goal – to protect our security and privacy? This month (March 2019), the state of New York reached the end date for the Cybersecurity Regulation of the New York Department of Financial Services (NYDFS) regulations. These required third-party...
Tis the season! You’re making mental plans with what is hopefully a generous tax refund and deciding what to do with the surplus of cash you’ll soon have on hand. Along the way from starting to submitting the paperwork, there are quite a few roadblocks to be aware of. Even if you aren’t getting a refund, your personal information is as valuable as the money you’re hoping for to scammers, so be on high alert. A compromise of this nature can expose so much personal information from social security number...
Human-error; we talk about it all the time, but what exactly do we mean? Human-error occurs when an individual performs a task or does something with an unintended outcome. It’s easy to point the finger at employee’s as being an organization’s weakest link, but without appropriate security awareness training provided by the employer, how can employees truly know what to watch out for? An IBM study found that human-error accounts for 95% of security incidents, yet security awareness training for employees often ends up on the back burner. In a...
Breaches are becoming increasingly common as cybercriminals continue to advance their skills and tactics to trick their victims into falling for their scams. While cybercriminals are remaining diligent in their efforts to carry out their attacks, small business owners continue to underspend on cybersecurity. An article on Entrepreneur looks at 5 things your employees are doing that put your business at risk. The 2016 State of SMB Cybersecurity Report revealed that half (14 million) of the 28 million small businesses in the U.S. had been hacked by cybercriminals, but why? According to...
The dark web is often known for the illegal activities conducted there, and while not everything on the dark web is illegal, it’s most appealing factor is its anonymity. The dark web is often a place where stolen data and personal information is bought and sold following a data breach or hacking incident. An article on Experian takes a look at what your personal information is worth on the dark web and how you can help protect yourself from being exposed. How much is your information worth to an identity thief on...
Identity theft is an unfortunate occurrence that is all too familiar with most business owners, but do those individuals know where the compromised data will end up? Often, these business owners are unaware of the virtual marketplace where stolen data is purchased and sold by cybercriminals; a place known as the “Dark Web”. An article on Lexology explores what the Dark Web is, what information is available for purchase there and how it impacts small businesses. What is the Dark Web? The Dark Web, which is not accessible through traditional search engines...
Join me on my journey as I set out to help aspiring entrepreneurs take that critical first step.