Cybersecurity Tips for Home Workers

Posted by Eric Nichter on Mar 30, 2020 4:00:00 PM

Best practice

The following tips have been collected over the last two weeks from cybersecurity professionals, IT teams and business continuity experts. We can't prevent hackers from trying to breach our systems or inject ransomware into our networks, however the following tips can help make it more difficult for them to disrupt our work from home. 

Read More

Topics: cybersafe, corporate cybersecurity, cyber risk, Latest Publications, ransomware, remote work, remote workforce, Cybersecurity Training, Best practice, cyber safety

2019 CIE Summit Showcases Technology Helping People

Posted by Ford Winslow on Apr 23, 2019 5:54:20 PM

San Diego, CA - 211 San Diego's CIE Summit happening this week in San Diego will be a showcase of how people and technology can come together to help people and tackle some of the toughest challenges in society today. From homelessness and hunger prevention to regional disaster preparedness, teams from across the country will converge for three days to collaborate, share and innovate. 

Often, as technology and cybersecurity professionals, we are removed from the ultimate beneficiaries of our work. At the inaugural 2018 CIE Summit, we heard directly from those who are helping social services organizations in their communities across the country and learned what we could do to best serve them and provide the tools and services they need. It was an impressive collection of government, private, non-profit and public constituents committed to improving social indicators of health. 

This year's CIE Summit looks to be even better and more focused at connecting service organizations and the communities they serve. Along with traditional technology conversations around infrastructure and platforms for information sharing, the 2019 CIE Summit will delve deeply into Social Determinants of Health (SDOH) and the role of CIE Technology in moving to a person-centric, connected care model. 

In the increasingly complex and interconnected and distributed world of healthcare, it is a must for organizations to stay current on the latest in privacy, security and compliance.  We look forward to collaborating with the social services community on how organizations' privacy and security requirements are impacted by both new capabilities and new regulations. 

Visit CIE Summit Site

Read More

Topics: News, technology, cyber risk, Cybersecurity + Healthcare, healthcare, Latest Publications, Op-Ed

Penetration (Pen) Testing for SMBs

Posted by flashpoint on Jan 22, 2019 2:11:40 AM

Security jargon can be very confusing. Scanning, Pen Tests, Red Team Exercises and now Purple Teaming. It is easy to understand why companies under- or over- spend or simply choose not to test their systems. What’s the difference and which is right for your business?

Read More

Topics: purple teaming, blue team, corporate cybersecurity, Cybersecurity & board of directors, Latest Publications, pen test, red team

The Acquired Breach: How to Spot Cyber Risk in Your Acquisition

Posted by Ford Winslow on Jan 16, 2019 2:38:09 PM

Your company just acquired another business and things are great. Your market cap is growing, shareholders are happy, and teams are working hard. Then, you get a call that makes your stomach turn. Your team has uncovered an ongoing breach in the company you just acquired.
Your world changes immediately.

Read More

Topics: acquired breach, coporate cybersecurity, cyber risk, Cybersecurity news, Latest Publications, marriott data breach

Cybersecurity Planning – Part 2 – Needs, Compliance and Threat Analysis

Posted by Ford Winslow on Nov 26, 2018 4:57:12 PM

In the first part of cybersecurity planning, we discussed the top-level alignment of your security strategy with “The 3 R’s”:

-          What gets you Rich?

-          What can Ruin your business?

-          What is Required by regulators or customers?

The 3 R’s are largely business drivers, not technology or security drivers. In part 2 of this series, we go into more depth and bring cybersecurity experience and expertise into the planning exercise to understand detailed requirements for cybersecurity.

Building on the 3 R’s defined in part 1, some activities you’ll perform next are:

1. A needs analysis of your revenue-facing systems and processes

Assuming your systems are performing well for the business, you will be focused on needs related to: Confidentiality, Integrity and Availability of data and systems.

When choosing what systems to investigate, look for systems that support the primary mission of the business. Likely candidates are: Point-of-Sale, e-commerce, sales, finance and communication systems. When understanding the needs of these systems and processes, ask the business owners and users “what happens if you can’t use the system?” You’ll be amazed at what you discover.

 

2. A compliance analysis to understand what regulations apply to your business

Think you’re not regulated? While you may not be directly regulated, your customers today and tomorrow may be. Many of your customers’ requirements flow through to you as a vendor.

Understanding compliance requirements includes both what prospective controls must be in place as well as the processes and procedures for incident response and business continuity. As you go through this analysis, understanding the complex, overlapping requirements for regulations generally requires regulatory experience and skills. If you don’t have the necessary skills and experience in-house, find a reputable vendor or consultant to help.

 

3. A threat analysis to understand what factors can do harm to your business

Threats can be human or non-human, malicious or non-malicious. Threats can originate from natural disasters, software, political activism, external vulnerabilities or internal mistakes.

Hackers get the press, but most incidents are self-inflicted. Understanding how your systems can be taken down and how data can be breached is an important step in creating a real strategy. Without a threat model and some investigation to test the model, you don’t know what you don’t know. I can’t stress enough how important it is to understand what threats you face BEFORE you begin your risk assessment and strategic plan.

Third-Party Analysis Leads to a Roadmap for Security

Step one can and should be performed by in-house employees. Defining the 3 R’s should be normal business practice for everyone. When it comes time to perform the objective analysis of your business, an external 3rd party can be very useful. Uncovering areas where employees may be afraid to look or unwilling to report bad news is the job of 3rd party consultants. Giving objective information back to the business allows companies to fix what’s wrong and focus on building team processes for the future.

Once an organization has documented the 3 R’s and quantified the needs, compliance requirements and threats to the business, you can move towards the risk assessment that will lead to a strategic plan and roadmap for security.

Read More

Topics: threat analysis, compliance, cybersecurity plan, Latest Publications

Planning for your Cyber-Safe 2019 – Part 1: Where do I begin?

Posted by Ford Winslow on Nov 25, 2018 4:51:55 PM

As the turkey is wearing off and the end-of-year shopping season is upon us, I think about all the businesses that will suffer breaches on Cyber Monday. In 2017, 75% of workers admitted they will shop online from work today according to Robert Half Technology. With the average single-product security solution (think Anti-virus) being only 22% effective in stopping network intrusion, a higher than average number of companies will be breached on cyber Monday given the soaring numbers of fictitious and infected sites in cyberspace.

Read More

Topics: cybersafe, cybersecurity plan, Latest Publications

Op-Ed: The Orangeworm Attacks — Why You Should be Worried

Posted by Ford Winslow on May 9, 2018 5:45:49 PM

In yet another cyberattack aimed at the healthcare industry, a hacker group named Orangeworm recently targeted healthcare orgs in the U.S., Asia, and Europe. The attacks were aimed at computers that control X-rays and MRI machines, in addition to other medical devices. Yikes.

Read More

Topics: cyberattack, Cybersecurity + Healthcare, healthcare, Latest Publications, Op-Ed

AEONIAN Endpoint is a Comprehensive SaaS Security Tool for Your Business

Posted by Ford Winslow on May 8, 2018 5:43:15 PM

Introducing a Simple, Integrated, SaaS Security Tool Focused on the Social Good

At a time when ransomware attacks occur every 40 seconds, and annual damages are forecasted to hit $11.5 billion, cybercrime poses a greater threat to businesses than ever before. Addressing this issue, San Diego-based ICE Cybersecurity developed Aeonian — a new type of endpoint security protecting people and devices all on one platform.

Read More

Topics: AEONIAN, Saas Security Tool, In the press, Latest Publications

2018 Winter Olympic Games Cyber Attack is No Laughing Matter

Posted by flashpoint on Feb 21, 2018 4:33:53 PM

It didn’t take long for the 2018 Winter Olympics to be hacked.

Read More

Topics: criminal hackers, cyber attack, Cybersecurity news, Latest Publications, 2018 Winter Olympics

How Bad was the Equifax Data Breach?

Posted by Ford Winslow on Feb 15, 2018 4:24:50 PM

New Information Shows the Breach Worse than First Reported

How worried should you be about last year’s Equifax data breach?

Read More

Topics: Equifax data breach, Latest Publications