Not only do we provide the very best cybersecurity products and solutions, but we also regularly publish quality content. We believe communication and education are critical to maintaining a long term relationship with our customers. We aim to keep our customers informed regarding all the latest cybersecurity news and trends.
Consistently publishing helpful content has caused us to become an industry thought leader. We’ve become the ‘go-to’ source for cybersecurity information. We’re dedicated to consistently producing insightful content that you can use to secure your network from advancing threats.
4 Benefits of Hiring a Virtual Chief Information Security Officer
Not yet ready to hire a full-time Chief Information Security Officer? Find out why a virtual CISO will work out just fine!
4 Benefits of Hiring a Virtual Chief Information Security Officer
Securing your organization’s network requires a strategic approach. You need someone who has a successful track record and is experienced in all aspects of cybersecurity. This person needs to be someone you can trust to offensively and aggressively protect your company from attacks threating to do your company harm.
A Chief Information Security Officer (CISO), is a vital component for your business. A CISO will tailor make a cybersecurity solution just for you. A CISO ensures that all necessary measures will be taken to protect your network from threats. They will monitor cybersecurity awareness throughout the enterprise. They’ll proactively create defensive plans for when or if an attack takes place. If your company has already suffered an incident or breach, the CISO will execute a sequence of events to effectively address the incident properly.
The Problem With Chief Information Security Officers
Within large, enterprise organizations the CISO is typically a senior-level executive. These organizations have unlimited resources to accommodate these roles. However, SMBs don’t have the same kind of resources to fill the CISO role. Someone who is qualified to fill the role of CISO will have the expertise, knowledge, and experience in information security and business operations that will garner them a high six-figure salary.
The truth is, SMBs simply do not have the budget to employ this level of talent. Therefore, SMBs are the largest targets for hackers. Without this level of strategic protection, hackers realize that smaller businesses are low hanging fruit for them to do their dirty work.
To solve this problem, SMBs hire virtual CISOs. Doing so is an effective alternative to hiring an expensive, internal, full-time CISO on staff. A virtual CISO (vCISO) performs the same function as an internal CISO employed by the company. The difference is, although they are dedicated to the cybersecurity success of the company, they are not full-time employees. Instead, they are outsourced by a team of cybersecurity experts.
4 Benefits of Having a Virtual Chief Information Security Officer
1) vCISOs Offer Access to an Entire Team
Traditionally, with the CISO in the role of an employee, their knowledge and expertise, although advanced, rest with them alone when it comes to architecting cybersecurity strategies. This lends itself to limitations.
On the other hand, a vCISO has access to a team of other virtual security experts, all specializing in various aspects of information security. This ensures there is a vast knowledge base from which they can rely upon. Having this type of unlimited access to cybersecurity solutions makes a vCISO a viable and cost-effective asset to SMBs.
2) vCISOs Ensures the Organization’s Security Strategy is Up To Date
New threats evolve constantly. Studies show there are over 100,000+ new threats evolving every single day. Attackers are relentlessly trying to find new ways to exploit network vulnerabilities. A vCISO, along with an additional team of virtual information security experts, will likely to uncover and counter all types of zero-day threats before they can penetrate and do harm to your network.
3) vCISO Provides Extensive Monitoring of All Types of Cybersecurity Solutions
As already stated, a vCISO comes with a team of experts. This affords them an opportunity to spend more time continuously monitoring your organization than an internal CISO ever could. Having more eyes on the lookout patroling your network for threats and anomalies means your network has a heightened level of protection. With this level of service, the amount of suspicious activity happening in your network that goes by undetected will be minimal.
4) vCISO Costs Less Than Employing a Full-Time CISO
Think about all of the costs associated with hiring an employee. The organization has to pay their salary, health care benefits, sick days, vacations, 401k contributions, bonuses, etc. Hiring a full-time CISO on staff means adding to the above costs in multiples.
Hiring a vCISO means the company saves money but still enjoys the same, or higher level of services. SMBs only need to pay the cybersecurity service provider a monthly retainer; no salary, vacations, 401k contributions and so forth. And, the best part? A vCISO never calls in sick!
5 Biggest Cybersecurity Threats To Your Business
SMBs are a target for hackers and are therefore particularly vulnerable to cybersecurity breaches. Unfortunately, since SMBs typically have smaller IT budgets than larger companies, they often have a harder time protecting themselves against some of the biggest cyber threats.
5 Biggest Cybersecurity Threats You Can Immediately Protect Yourself Against
However, all is not lost. Here are the top 5 threats SMBs can focus on today that will help them secure their networks:
Phishing poses a significant risk for any business, large or small. Phishing attacks involve an outsider posing as a legitimate entity. These outsiders work their way into your email inbox, your text messages, or even into your social media messaging. Their ultimate goal is to gain your trust then trick you into giving them your personal, most confidential information. They may pose as your bank, a friend in desperate need of assistance, or possibly even someone from within your own organization.
Luckily, phishing vulnerability is pretty easy to fight against. With a commitment to a comprehensive training program, your employees will be less likely to fall victim to a phishing attack. Some programs even send out test phishing schemes to your employees. Tactics like this enable them to become familiar with what an attack looks like. This practice can prepare them for a similar encounter down the road.
2) Weak BYOD Policies
Bring Your Own Device (BYOD) has gained in popularity among SMBs over the past few years. Employers may not require their employees to have separate devices for home and work anymore. However, if you don’t establish clear policies to safeguard your company, you could be at risk.
Your BYOD policy needs to state that employees must use a VPN to gain access to confidential company data. Also, be sure to clearly identify who the proper owner is of all company data on the device.
Finally, should the employee quit or be terminated for whatever reason, make sure to state what needs to happen with the company data on the device. It’s vital that you reduce your risk of having company data still present on the device after the employee is no longer working for the company.
It’s not difficult for computers to pick up viruses. A computer can become infected by everything from phishing attempts, to simply clicking on a link online, or unknowingly downloading an infected file.
The good news is; it’s not too difficult to protect your business from viruses such as malware and ransomware. Installing and maintaining anti-virus software on each computer in your organization gives you the best chance of keeping all of your computers virus free. In fact, most antivirus programs have an ‘auto-update’ option that can be enabled. Turning on this feature ensures you don’t miss any updates.
4) Liberal Permissions on Electronic Accounts
Setting the proper permissions for online accounts such as CRMs, CMSs, accounting tools, etc. to be used for data sharing purposes can be a nightmare to manage. However, it’s critical that only the appropriate personnel have access to certain accounts.
Nobody in your organization should have more access than they need to effectively do their work. Giving each employee access to only the accounts they need will prevent data leaks. due to lack of employee knowledge about cybersecurity threats, and leaks due to internal attacks with malicious intent.
5) Outdated Software
Developers frequently update their software to fix vulnerabilities both in computers and in software. Researchers find hackable weaknesses and send out updates as soon as possible. In the meanwhile, fast-acting malicious hackers try to exploit any weakness they find and work feverishly trying to do as much damage as they can before fixes are offered and applied.
The longer you wait to install software updates, the longer your data will be open to attack. It’s imperative that you check for updates frequently and make sure to always keep software up to date.
Lessons Learned: 2018's Most Notable Cybersecurity Threats
Looking back on the first and second quarters of 2018 and we notice a difference compared to this year. As of this writing, (May 2019) there haven’t been as many government leaks and worldwide ransom attacks reported. That’s good news.
However, that doesn’t mean its ok to get lax regarding your efforts to protect your network. Critical infrastructure security is still Priority 1. Rest assured, the bad guys are still out there. They’re plotting, scheming, planning, and honing their craft. Hackers from all around the globe are getting better, bolder and are becoming more sophisticated than ever.
Here are 3 of 2018’s Noteworthy Cybersecurity Threats
Let’s examine some of the largest cybersecurity threats this year and see what can be learned.
Last year (2018), it was reported that over 300 universities in the US and abroad were attacked by Iranian hackers. The Department of Justice indicted them over the alleged spree of attacks. Each of them was charged with infiltrating the following:
144 US universities
176 universities in 21 other countries
47 private companies
Additionally, they were charged with targeting the United Nations, the US Federal Energy Regulatory Commission, and the states of Hawaii and Indiana. The DOJ reported that the hackers stole 31 terabytes of data. They estimated the total theft to be worth $3 billion in intellectual property. The hackers used a masterfully crafted spearphishing emails attack. They were successful in their efforts to trick professors and other university affiliates into making them believe the emails were credible. As a result, the professors and other personnel clicked on the malicious links and entered their network login credentials giving the attackers access to confidential information.
Of the 100,000 accounts the hackers targeted, they gained access to the login credentials of around 8,000. Of those hacked accounts, 3,768 were US institutions. The DOJ reported that they were able to trace the spearphishing campaign back to a Tehran-based hacker called the Mabna Institute. This organization was founded in 2013. Allegedly, the organization managed hackers and had close ties to Iran’s Islamic Revolutionary Guard Corps.
Rampant Data Exposures
Data breaches are always an area of concern. However, its close relative, data exposure, threatens to do damage in equal measure. Data exposure happens when highly confidential data is stored defenselessly, leaving it exposed to the internet. Mishandling sensitive data in this way makes it easily accessible to someone trolling the internet for an opportunity to wreak havoc.
Data exposure can occur as the result of a misconfigured cloud migration where minimal or no authentication is required to gain access to a cloud-based database.
This was the situation with Exactis, a marketing and data aggregation firm. Last year (2018) it was reported that Exactis left nearly 340 million records exposed on a publicly accessible server. Fortunately, Social Security numbers and credit card numbers were not included in the trove. But 2 terabytes of personal information of hundreds of millions of US adults were available for anyone to see.
Vinny Troia, a cybersecurity researcher, discovered the exposure and reported by WIRED. Since then, Exactis properly protected the data but the damage is done. Exactis is facing a class action lawsuit as a result.
Truth be told cloud leaks happen. But data exposures can occur when software bugs inadvertently store data incorrectly. The data might be stored in a different format or location that was originally intended.
As an example, Twitter disclosed recently that they had been unintentionally storing some user passwords unprotected. They were in plaintext in an internal log. As soon as the problem was discovered, Twitter fixed it. But the question is; how long were the passwords exposed?
Organizations routinely offer reassurances to the general public that there is no evidence that exposed data was accessed improperly. Organizations typically come to this conclusion after reviewing specific internal indicators once the data exposure has been discovered. Hopefully, their internal research proves true. We’ll have to take them at their word unless, of course, they’re proven wrong down the road.
Back in late February 2018, Under Armour suffered a massive data breach. The company’s MyFitnessPal app was hacked which contains usernames, email addresses, and passwords from approximately 150 million users. The intrusion was finally detected by the company on March 25, 2018.
To their credit, Under Armour disclosed the attack in less than a week. It should be noted that the company did a good enough job setting up data protections so that the hackers didn’t have access to everything. For example, confidential information like location, credit card numbers, and birth dates remained inaccessible to the intruders.
Under Armour even successfully protected the passwords it was storing by hashing them. In other words, they converted the passwords into unintelligible strings of characters. Unfortunately, there was one crucial issue. Even though they did many things well, Under Armour admitted they only hashed some of the passwords using a robust function called bcrypt. The rest of the passwords were protected using a weaker hash scheme called SHA-1. This enabled the hackers to successfully crack at least some portion of the stolen passwords to sell or use in some other cybercriminal activity.
This attack against Under Armour is certainly not an all-time-worst data breach. However, it is a constant reminder of exactly how unreliable the state of cybersecurity is on corporate networks.
Password protection is a critical component in keeping your confidential data safe from hackers. A password is a simple yet highly effective way to protect both yourself and your business. In this age of cyber threats and data breaches, it’s important to understand how to get the most out of utilizing password protection.
Password Protection: Top 4 Things to Consider
1) Size Matters
When it comes to password protection; the longer, the better. Most website sign-ups require you to set up your password using at least six characters. However, a longer password is much more difficult to crack. Try creating passwords that are 12+ characters long. Longer passwords are ‘strong’ password.
2) Variety is the Spice of Life
If your current password only uses one type of character, seriously consider modifying it. Using only one form of character is not considered a secure practice among cybersecurity experts. Do not only use letters. Your password should include one capital letter, a number, and one special character.
Following this formula makes for a more complex password which will be harder to hack. Remember, hackers are becoming increasingly sophisticated. Giving more thought to how you set up your password will make their lives just a bit more difficult.
3) One is Good But Two is Even Better
Multi-factor authentication adds another level of security. There are many services available that offer different ways to verify your identity. This is another layer of protection for you should a hacker try logging into your account. These services notify you via email or text verify it is actually you. Multi-factor authentication protects you against someone trying to access your information from a different device.
4) Use More Than One Password for Your Accounts
These days you need a password for everything! Coming up with all types of passwords and trying to remember which one is used for what can be confusing and frustrating. It’s much easier to just use one password for all of your accounts.
And that is just what hackers would like you to do. It is very possible that once that password gets cracked, hackers will use it to crack other accounts that belong to you. Diversifying your passwords gives you the maximum protection.
Schedule a FREE 30 minute network vulnerability accessment
Find out how to protect your business from complex cyberattacks!