Writing IT Security Policy?

Everyone knows they should have a solid set of IT Security Policies, but what exactly does that mean? To start, every company should, at minimum, a basic IT policy set that can easily followed and consistently governed. A Draconian policy set that no one can understand or follow defeats the purpose and does nothing for […]

read more »

Don’t Overlook the Effectiveness of Anti-Virus

As we all know, anti-virus solutions are software that’s installed on a computer system to protect it from viruses, spyware, malware, Trojans, phishing attacks, rootkits, and spam attacks, as well as any other cyber threats. What is sometimes overlooked is that degree of effectiveness that antivirus provides an organization for security and protection against malware […]

read more »

Benefits of a Risk Management Program

Everyone knows they should have a solid Risk Management Program, but what exactly does that mean? Let’s take a look at four program essentials for implementation of a successful risk management program: Evaluate and create an asset inventory Assess your environment and its susceptibility to to vulnerabilities/risks Review and define your risk scales Define your […]

read more »

The Robinhood Data Breach

            On November 8, 2021, Robinhood released a statement claiming they experienced a data breach. The attacker obtained a list of email addresses for 5 million people and the full names for a different group of 2 million people. A group of around 300 people also had additional personal information exposed. The organization claimed that no […]

read more »

User Security Awareness Training Must- Haves

In 2020, the FBI reported that phishing was the most common type of cyber attack. Phishing can lead to data breaches and other types of cybercrimes that can be detrimental to an organization. User security awareness training can help reduce the risks of a successful phishing attack. Human error has the largest role in cyber […]

read more »

Mitigating Third- Party Vendor Security Risks

According to Forbes, the cost of ransomware attacks against organizations has increased by 300% in 2021. Additionally, supply chain and vendor issues have gained attention since SolarWinds, Kaseya, and other providers that have been compromised this year. Cyberpion found that three- fourths of Fortune 500 companies’ IT infrastructure exists outside of their organization. Third- party […]

read more »

The Fortinet VPN Account Leak

87,000 unpatched Fortinet SSL- VPN credentials from around 500,000 accounts have been leaked on the dark web. According to Threatpost, the attackers exploited a path transversal vulnerability in Fortinet’s FortiOS. This weakness allows attackers to perform data exfiltration, install malware, and launch ransomware. The data leak occurred between May 2019 and June 2021. CPO Magazine […]

read more »

The T-Mobile Data Breach

The Breach On August 16, 2021, T-Mobile released a statement that unauthorized access to customer data had occurred. The malicious actor, claimed to be John Binns, first gained access into T-Mobile’s servers through an unprotected router on July 19, 2021. ZDNet mentions that from there, he explored security gaps in T- Mobile’s security architecture where […]

read more »

The Kaseya Ransomware Attack

Over the Fourth of July weekend, Kaseya’s Virtual System/ Server Administrator (VSA) software was targeted by the cybercrime gang REvil. REvil executed a supply chain ransomware attack and demanded $70 million in Bitcoin. Kaseya is an IT management software company, whose customers include large MSPs. As a result, around 1,500 small to medium sized businesses […]

read more »