As Security Professionals our job is to prevent attackers from compromising our people, facilities and systems. It’s largely defensive, though there is a lot of discussion about making our role more offensive. That will be tackled on another day, but we can look at our job as defensive specialists. There are many tools and practices… More Thinking Like The Threat
So with anything we do, we want to make sure that our time is well spent and that we are not just going through the motions. We want to make sure we get some real value for our time, especially if this time is spent taking us away from our clients. And this time away… More Effective Training
It’s so much fun revisiting old movies and seeing some classic social engineering attempts to bypass security/front desk/receptionists. What do you think? Are your personnel trained to recognize and respond in kind? As an aside, while the social engineering attempt is proven to be very successful, we can’t verity for the ability to defeat the… More Sneakers Revisited
When was the last time you conducted a security assessment of your organization? It doesn’t matter if it was an internal assessment or you out-sourced it. When was it? When was the last time you reviewed your company’s online footprint? Did you do an Open Source Intelligence review to see what information attackers could use… More Assessments
Over the past two weeks we saw the latest example of competitor hacking and the consequences. This time in Major League Baseball. The question is should we be surprised by this? Professional sports are wildly competitive and the money is lucrative with many professional franchises valued at over $1 billion (see Forbes Magazine). With that much… More Who are your Threats?
Our very first blog was on critical information. Critical information is at the heart of every business and it’s important to understand and address how you are securing your information. So we pulled this back out and updated it a bit. Some areas are the same but we did add in some steps to take… More How are you protecting your critical information?
Security incidents can happen at any minute. And the impacts can cripple a company, and perhaps end a small business. And we all know, or at least recognize that sticking our head in the sand will not make it go away. So how to you prepare for the eventual? Identify a security team or individual. Most… More Where do you go?
Seems like every week there is a new type of phishing attack. Whether it’s the one that looks like it came from your CEO, or the new one where they inform you that you overpaid for services. These new spins on a classic attack all keep phishing relevant and at the forefront of our minds.… More Phishing
We have been doing quite a few assessments as the threat of security issues get more and more attention. During this process we see two primary issues keep coming up – 1) Documentation of Processes and Procedures, and 2) Enforcement. Let’s look at the impacts. As we have long seen, most companies want to do… More Documentation and Enforcement
We thought it would be interesting to review threats to small businesses as they are now versus roughly 10 years ago. Or to 2007 at least. According to the National Cybersecurity Institute, these are the top 8 threats that may affect small businesses in 2016: 1. Growth of mobile malware. 2. Data theft from IoT… More Threats over Time