Author Archive

Handle Sensitive Information Differently

If you have highly sensitive information, think about an entirely different way of handling it from your normal email, collaboration, and other systems. If it is the kind of information that can cost you an immense amount if it is compromised, it...  [Read More]

Use USB Only for Personal Use!

I saw some great advice in an article about USB – pretend they are your toothbrush and share accordingly. USBs are amazing devices and the amount you can store on them is equally impressive. They can also be the source of untold...  [Read More]

Who is Behind Your Firewall?

Having only a perimeter defense is a bad idea, but knowing who is inside your company’s network is a key component of a solid defensive approach to cyber-security. Over the years, your organization may have allowed access to suppliers, customers, partners and...  [Read More]

Understanding Privileged Account Usage

When an attacker attempts to gain access to your network, servers, sensitive information, and other important assets, one of the preferred methods is acquiring legitimate credentials. This might be accomplished in a number of ways, but once an attacker gains initial access they...  [Read More]

Mobilizing Non-IT Organizational Resources for Cyber Incident Response

When your organization encounters a cyber-attack or major data breach, it typically impacts many segments outside of the information technology group. Your planning efforts must include how to bring the assets of these other groups into the response structure, helping to insure...  [Read More]

Cyber Information Sharing is Hard But Worth It

One of the most underutilized defenses is information sharing with other organizations that face the same type of cyber threats.  The financial community, through the FS-ISAC (Financial Services Information Sharing and Analysis Center), has a very good reputation for comprehensive and rapid...  [Read More]

Cyber Threat is Not a Normal Risk

The risk of a major cyber-attack is unique. Without warning, your organization can be devastated – operationally hamstrung through denial of service attacks; intellectual property drained; and sensitive information stolen, destroyed, or irrevocably altered.  Boards of Directors and executive leadership of organizations...  [Read More]

Cyber-Intelligence Gathering Can Stave Off Attacks

Being aware of all the emerging threats and newly discovered vulnerabilities, along with updates on new and existing adversaries, is an important tool in your defense in depth strategy.   Many attacks are repeated on unwitting organizations that didn’t incorporate emerging news into...  [Read More]

Building Cyber Resilience

Your organization is going to be attacked/breached by cyber attackers – a recent Fireeye paper put the percentage at 97% – see Cybersecurity’s Maginot Line: A Real-world Assessment of the Defense-in-Depth Model.  The critical effort for your organization is to prepare ahead of...  [Read More]

Outside Validation of Cyber Plans is Vital

It is important to get an outside opinion of your cyber strategy and defenses. While your organizational staff will likely have worked hard and spent long hours building robust cyber defense capabilities, an outside assessment will provide a good cross check. Cyber defense...  [Read More]