DISCUSSION ARTICLES

The Ominous Vendor Security Questionnaire

Has your organization implemented a process to evaluate the cybersecurity posture of vendors and suppliers?  Or perhaps your customers require you to complete their questionnaires?  Most would agree that the process is painful.  The goal of this evaluation is to ensure that vendors/partners are practicing sound cybersecurity.  Data flowing through the supply chain is only…

Details

Employees Need Cyber Awareness Training

According to HR Magazine, organizations that invest $1500/annually in a formal training program see 24% higher profit margin and an increase in employee productivity.  While this is a great reason to train your people, the fact that 60% of small businesses close within one year of a cyber-attack or that a Ransomware attack, on average,…

Details

What’s the Point of Collecting Logs?

Do you collect error and event logs from your systems?  Why? Some might say ‘because we are supposed to’ or ‘so that we can perform post-event analysis’.  A few might say that they actively review them.  I recall telling my internal auditors we simply do not have the manpower to review logs on a regular…

Details

Building a Cyber Security Practice

There is no denying that the importance of cyber security has bubbled to the surface within the minds of most company leaders. With frequent headlines about breaches and the fact that cyber-attacks are increasing every year, companies are concerned about the growing threat.  Organizational leaders have tasked their IT leaders with the daunting responsibility of ensuring that…

Details

Too Many Passwords to Remember!

Don’t worry, you’re not alone.  According to an Intel Security poll, “37% of people forget a password at least once a week”4.  There is no debating that the use of passwords is a necessity in both work and personal lives. The premise is that credential-based authorization is used to provide appropriate access to systems/data and protect…

Details

Social Media Security

What does social media mean to you? You may use it for personal reasons to interact and communicate with friends and family Businesses use to promote their brand and interact with customers Hackers view it as a new frontier for cyber-attacks. They are using social media as a tool to perform reconnaissance and a platform to…

Details

Proactive or Reactive

When it comes to cybersecurity, are you proactive or reactive?  I think it is safe to say that most IT leaders strive to be proactive in managing their environment.  Many try to implement tools which monitor and alert when a device fails or hit a resource threshold.  But from a security perspective, too many organizations…

Details