View Post

Cloud (in)security: Avoiding common cloud misconfigurations featuring Unlimited Technology’s David Lathrop

Cloud migration is on nearly every technology company’s docket…and whether those plans were accelerated at the onset of the COVID-19 pandemic or accelerated now after being put on hold, the rush can result in misconfigurations that introduce security vulnerabilities. Learn about how a new, streamlined approach — from assessment, to network and endpoint security, to services and staffing — can …

View Post

Cyber Wednesday Info Byte #27

An information security program requires buy-in at the highest levels of the organization. The recent SOLARWINDS and HAFNIUM attacks are a stark reminder that the cyber threat landscape is quickly evolving, but resilient organizations with robust and unified strategies persevere. The Department of Homeland Security (DHS) has created a guide for leadership discussions about cybersecurity risk management. “Cybersecurity is NOT …

View Post

Cyber Wednesday Info Byte #26

Positioning, Navigation, and Timing (PNT) services such as Global Positioning System (GPS) or Network Time Protocol (NTP) are a critical part of every organization. The impact of a disruption of such services can range from being subtle errors that accumulate over time to complete failure of critical business functions. Our friends at NIST have assembled the tools that you need …

View Post

Cyber Wednesday Info Byte #25

Organizations rely on their suppliers to support critical business functions and in turn these suppliers rely on third parties as well. The complex nature of these dependencies can make it difficult for an organization to quantify and mitigate the risk of a supply chain attack. The National Institute of Standards and Technology (NIST) cyber supply chain risk management program (C-SCRM) …

View Post

Cyber Wednesday Info Byte #24

Physical security is one of the core pillars of cybersecurity. Assessment of physical security is beneficial to every organization no matter the maturity level. Our friends at the Cybersecurity and Infrastructure Security Agency (CISA) have designed a self-assessment tool for securing Houses of Worship which are often the targets of violence and terrorism. “In this security guide, CISA analyzed ten …

View Post

Cyber Wednesday Info Byte #23

The relationship between your organization and customers is built on trust. Your customers trust that you will protect their privacy. Protecting privacy requires more than just practicing good cybersecurity, it requires a privacy program. The NIST Privacy Framework is a tool that you can use to create or improve a privacy program. Learn more: https://www.nist.gov/system/files/documents/2021/01/13/Getting-Started-NIST-Privacy-Framework-Guide.pdf

View Post

Cyber Wednesday Info Byte #22

Even a zero trust architecture (ZTA) can still be compromised by an attacker with stolen credentials. Multi-Factor Authentication (MFA) can reduce the impact of stolen credentials by requiring the attacker to provide a second form of authentication such as one time password from a phone or hardware token. Security awareness training, MFA, and thoughtful policy add depth to your defense. …

View Post

Cyber Wednesday Info Byte #21

The Risk Management Framework for Information Systems and Organizations promotes near real-time risk management through implementation of continuous monitoring processes. It provides senior leaders and executives with the necessary information to make cost-effective risk management decisions about the systems supporting their missions and business functions. “As we push computers to “the edge,” building a complex world of interconnected information systems …

View Post

Cyber Wednesday Info Byte #20

Security Awareness training is one of the most effective ways of reducing risk in accordance with your organization’s overall risk management strategy. Current, relevant, and captivating content will spark the water cooler conversations that improve the security of your team, both in the office and off the clock. “Awareness techniques include displaying posters, offering supplies inscribed with security and privacy …

View Post

Cyber Wednesday Info Byte #19

Did you know that scientists are currently studying the factors that make users click on a phishing email? Our friends at NIST have developed the Phish Scale by studying the behavior of 5000 users to identify cues that help someone spot a malicious email. The fewer cues there are the more effective the phish is. “As organizations continue to invest …