Posted on February 14, 2017 by kellyk
There’s a tendency in the world of cybersecurity to skip over the foundations and move directly to technical solutions.
Organizations allocate huge sums to threat intelligence or detailed security analytics without performing foundational security practices that help identify how to allocate resources.
To ensure this doesn’t happen to your organization, it is essential to lay the proper groundwork for your cybersecurity initiative.
Where It All Starts: IT GRC
For those who aren’t aware,
Posted in Cybersecurity
Posted on January 19, 2017 by kellyk
With cyber-attacks reaching new heights year after year, organizations all over the world are starting to make security a top priority.
You are likely feeling the pressure to do something, but where should you start?
After all, there are so many security products on the market. From endpoint security and threat intelligence to multi-factor authentication and high-end training, the options seem limitless… and there’s no clear progression from start to finish.
In the coming weeks, we’ll be
Posted on December 15, 2016 by kellyk
Let’s face it. Email is always a threat.
So, naturally, you do everything to keep your users (and your network) safe. Your preventative measures are constantly being tested and improved, but still, your users are faced with malicious emails in their inboxes every single day.
And it gets worse. According to recent reports, one in every five spear phishing emails sent results in an opened link or attachment. With zero-day exploits being discovered at roughly the rate of one per month, that
Posted on November 30, 2016 by kellyk
Stephen Wyles, Information Security Analyst
It’s easy to inadvertently create a rut when conducting any repetitive task. Just as is the case with all training, when it comes to security, it’s important to create and repeat training that keeps employees alert and aware of the latest tactics used by attackers to gain access to sensitive information, systems, and facilities. But why is this important? Why do your employees need security training? And why should you care about a training rut?
Posted on November 21, 2016 by kellyk
Let’s face it. Mobile security is terrifying for system administrators.
Back in the old days, you always had the option of shutting down your network to prevent or limit the amount of damage.
You knew the physical location of every device, and the proverbial ‘big red switch’ could take every one of them offline.
Nearly every one of your employees has a company smartphone in their pocket. You can’t easily take them offline, you don’t know where they are, and who knows what they’re
Posted on October 20, 2016 by kellyk
When it comes to security awareness training, there don't tend to be too many surprises.
Most people know there are dangers associated with email, web browsing, and physical security.
But social media is a bit different.
Over the past decade, social media has revolutionized communication. People are connecting with forgotten friends, long lost family, and classmates from decades past.
So for most people, social media is no more than a tool for leisure and communication. They have no idea
Posted on October 4, 2016 by kellyk
Perhaps unsurprisingly, Internet security has taken a bit of a back seat in recent years.
With the rise of more direct attack vectors such as phishing, organizations seem to feel that the ‘old fashioned’ threat of malicious websites should be lower on their priority list. And that’s understandable… but not advisable.
In fact, with phishing getting all the headlines, it’s easy to forget that unsuspecting employees can easily introduce serious threats such as ransomware into your network just
Posted on September 29, 2016 by kellyk
Losing sensitive information has never been a good idea.
But with data protection regulators all over the world starting to find their teeth, now is a really bad time.
Organizations are facing not only bad publicity and loss of business but also huge fines if they’re found to have been negligent in protecting data from theft or loss.
But unfortunately, from time to time, even senior staff members do ridiculous things with data. And whether it’s leaving company laptops in cafes, or
Posted on September 15, 2016 by kellyk
There’s nothing worse than being tricked.
Nearly every person in your organization likes to think of him or herself as solid, dependable, and professional. So imagine how they would feel if they realized they’d been totally taken in by a scam artist.
Now imagine that on top of being taken in, they’d allowed the scam artist to steal from or damage your organization.
That’s a bad day however you spin it.
Unfortunately, it’s also a reality. Social engineering tactics are more prevalent now
Posted on September 8, 2016 by kellyk
There’s nothing more embarrassing than a physical security breach.
Whether it’s a company laptop left in a car or files stolen from the office, a physical security breach is really bad news.
But how often is your staff reminded of their responsibilities? And how much thought went into the training?
We get it. There are so many other things to worry about, a lot of the time physical security awareness training is bumped right down to the bottom of the priority list.
But with data protection