Just about every device nowadays is equipped with a wireless radio. This has made life easier for IT teams: Network cabling no longer needs to run to every desk, every system, or every printer. The conference room now has a Smart TV, a wireless sound system, and every employee and executive carries two, three, or even four wireless devices (laptop, phone, tablet, and smart watch)....
Read More
A hacked website represents a company that is not only closed for business, but also subject to potential finger-wagging in the media. As of 2019, every single website should be secured with an SSL certificate—at a minimum. There are more and more resources that offer free SSL certificates and the installation of these certificates is getting easier and easier to accomplish, even for the lay...
Read More
Security on the web is of paramount importance and it is clear: Compromised credentials are the principal vector of cyber-attacks. With breaches and compromises happening regularly, there is one easy way to vastly improve account and operational security: multi-factor authentication. The most common form of multi-factor authentication is two-factor authentication, a method of ensuring identity by requiring not just the traditional username and password but...
Read More
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FISMA – the Federal Information Security Modernization Act – requires that agencies authorize the information systems that they use. FedRAMP is FISMA for the cloud. The FedRAMP Policy Memo requires Federal Agencies to use FedRAMP when assessing,...
Read More
[vc_row][vc_column][vc_column_text] Information Security Risk Management, in simple terms, is an ongoing process through which risks related to the use of information technology are first identified and then addressed. To achieve this goal certain steps come into play starting with identifying the risks, then assessing them, followed by treating them depending on each organization’s resources. Treating security risks based on the organizations policy is the final objective...
Read More
The advancements made in technology are staggering. Consider this for a moment: We carry smartphones in our pockets that have considerably more computing power than was housed in entire buildings in the 1960s. Furthermore, our pocket-sized phones are mobile computing platforms with the power to not only make and receive worldwide calls wirelessly, they can browse the internet, stream music, take and edit high-resolution photographs...
Read More
Email has quickly become the preferred, as well as most efficient, way of transmitting written information across the office or across the globe. Ensuring the security and legitimacy of email continues to be a challenge, however. Emails can have selected components spoofed: from the content of the message appearing to come from an internal sender or a message may appear legitimate but is, in fact,...
Read More
[vc_row][vc_column][vc_column_text el_class="services_ulli_number"] Transport Layer Security is a cryptographic protocol used to provide communication security. TLS primarily provides privacy and data integrity between communication or internet connections. Connections secured by TLS should adhere to the following: Private Connection: Used to encrypt the data using symmetric cryptography. Keys for each connection are generated uniquely based on a shared secret during TLS handshake process. The Server/Client negotiate an encryption...
Read More
The cyber-security landscape is complex. Not only is there a need for strict adherence to compliance frameworks, but there is the need to compete in the marketplace and satisfy shareholders by bolstering security and staying out of the news by having the right teams and the right equipment in place. Oftentimes, though, the most discounted aspect that lays the foundation for cyber-security is the password....
Read More
Prevention: The cost to prevent an attack is far less than to fix or recover from it. Email has been the easiest and most convenient way to deliver a lethal payload. Security awareness and training focused on ransomware and social engineering should be provided periodically to end-users. An effective phishing campaign should also be rolled out to measure or quantify the effectiveness of administrative controls...
Read More
