header
header
header

The Monitor

Keeping you ahead of the curve with timely news & updates.


Introducing DataSure24

In the Fall of 2018, Freed Maxick announced their partnership with a local technology company to form DataSure24. This new organization brings exciting capabilities to existing clients and other businesses throughout the region and beyond.

This partnership allows DataSure24 to be the premier cyber-security company in Western New York, providing full security services to organizations. DataSure24 will help companies with everything from developing a security program, to delivering security implementations, and providing continuous monitoring and incident response.

24/7 isn’t just a term. It’s a culture, a philosophy and a proficiency. Through these security services DataSure25 is able to provide continuous monitoring that a wide variety of companies need in order to meet compliance, and support the entire security life-cycle of an organization.

Watch the video below to learn more:

 

View full article

Educating Your Workforce to Handle Cyber Threats

How to strengthen one of the weakest links in your cyber defense

In my role as the Chief Information Officer and Chief Security Officer for Freed Maxick, it’s my responsibility to protect my company, our employees, and the thousands of customers we have from the unprecedented wave of cyber attacks that are an agonizing part of doing business.

Today, dealing with the threat of cyberattack is an issue that keeps every C-suiter up at night.

I’ve installed, maintained and updated the latest technologies and constantly share information and data with my peers on best cybersecurity practices. However, without “human technology” playing a critical role in today’s cyber defense systems, I’m very concerned that we’ll continue to hear horror stories that perhaps could have been prevented.

I’d like to share some of my thoughts and experiences about integrating the human factor in a cyber defense environment.

In the comment section following this post, I welcome any insights, observations and experiences you would like to share with our blog readers.

Employees are a Critical Part of any Cyber Threat Defense

Businesses today understand the importance of securing data, software and hardware against the threat of a breach. The realization that customer account information, internal communications or other critical data could be stolen and sold or locked away and held for ransom has motivated executives to invest in elaborate in-house security systems and state-of-the-art cloud security solutions to protect their organizations from cyber-attack.

These investments are a cost of doing business in a connected economy, but even the best cyber defense system can be short-circuited by the critical weakness that technology can’t eliminate—the click of an employee on a well-disguised hostile link.

Technology solutions are still an important part of cyber security, but a growing percentage of successful breaches now start with a phishing e-mail instead of a direct attack on a firewall. In short, businesses have been successful enough in training their computers to protect against threats that hackers have adapted by focusing on the element in the system that hasn’t been trained as well—employees.

Creating a Security Culture in a Service Economy

Before you can train your people to protect against cyber threats, you need to understand where that training fits into your broader cybersecurity strategy. Leadership needs to be clear about the level of risk the organization will tolerate, and the training needs to reinforce that concept. For instance, many businesses have focused on responsiveness to clients without adequate statements about risk tolerance.

In some cases, this lopsided focus can create a culture where employees work to resolve client e-mail issues so quickly that they don’ evaluate those e-mails for potential phishing links. If your cybersecurity training is going to stress evaluating e-mails for threats, employees need to understand that leadership is lowering its tolerance for cyber risk and leadership needs to understand there will be some tradeoff in response-time efficiency.

Elements of an Effective Cybersecurity Education

The kind of education process that will work best for your business depends first and foremost on what kind of business you run. And “what kind” refers both to what industry or economic sector you operate in as well as the personality of your employees and the atmosphere in your workspaces. That said, there are still certain elements that you should look for to create a program that turns your people into a “human firewall.” These four characteristics should be present in any cybersecurity education program:

  • Customized or customizable: No off-the-shelf training module will speak directly enough to your employees. Think of the message you send to employees when you gather everyone together for a mandatory meeting at which some outside consultant or designated employee lectures them from a script with generic statements about the importance of security. If you poll them on the way out, you would probably get a perfunctory response along the lines of, “Yeah, I get it. Security’s a big deal.”
    Training should speak directly to YOUR employees about YOUR business and the potential damage that a security failure will cause. To support a healthy culture of cybersecurity, your training needs to go beyond the nuts and bolts of learning how to avoid phishing scams and risky websites to create a sense of shared responsibility among your team for the protection of customer data and co-worker jobs.
  • Comprehensive: Your cyber defense is only as strong as your weakest link. Malware and ransomware attacks have become so pervasive that you can’t afford to overlook any of your technology users when it comes to raising awareness about cybersecurity. Even someone who doesn’t have an assigned work computer could still use a personal computer or account to open a malicious e-mail that generates a message to all contacts, including customers and co-workers. Even if an employee’s unsecure practice only affects personal computers and accounts, your business will still suffer lost productivity while that person works to resolve the problems that arise as a result.
  • Focus on Creating a Cybersecurity Culture: A lecture with PowerPoint slides is rarely going to be enough to engage employees at the level necessary for success. This type of training benefits from breakout sessions with small groups where participants get a better sense of how much the group’s success depends on the efforts of everyone. The goal is to create habits and routines that employees use to analyze the potential cyber risks in every activity they undertake, then practice using those habits and routines frequently enough that they become part of the fabric of the job. In a way, it’s almost as if you’re trying to train your people to “think without thinking about it.” Education on this topic always needs to focus on taking the time to be safe.
  • Monitor to Measure Improvement: Effective cybersecurity education requires much more than an occasional day of training. A business must commit to ongoing monitoring and testing. Information generated from those activities needs to feed into regular updates to staff as well as improvements to the next training. Employees should be encouraged to communicate frequently about cybersecurity and to quickly notify managers of potential threats that they identify. Visible indicators of success should be included around the office, such as whiteboard postings noting “[X number] of threats turned away this week/month/year.” 

Freed Maxick Offers Cybersecurity Services

The cyber threats that businesses face change so quickly that educating and empowering a workforce to protect against them is an ongoing operation, not just a scheduled training session. Our team of cybersecurity experts can help you build and maintain a sustainable technical and human powered defense system.

For more information on how we can help you strengthen your human cybersecurity firewalls to match your technological ones, please contact us at (phone) or via the link, at right.

View full article

The Dark Web Monsters Under the Bed

The-Dark-Web-Monsters-Under-the-Bed

Preventive measures, monitoring and remediation capabilities are at the heart of a Dark Web defense

The dark web is a term for the places on the internet where mostly illegal activities occur like botnets, black markets, fraud services, phishing, child porn, terrorism, etc. Although the Dark Web sits on the internet, it is a segregated, anonymous and protected part, and typically, you need to use special software and access methods to enter.

I often think of it as the dark alley of the Internet.

Trading and Selling Compromised Information and Methods

The one Dark Web activity that most directly affects most normal people and companies is the trade and sale of compromised information and methods. In layman’s terms, the Dark Web is the place where stolen passwords, credit card numbers, and personal information is traded. Additionally, it is a communication channel that allows bad guys to coordinate attacks into individual systems while also giving training on how to exploit new vulnerabilities. The Dark Web is where stolen information is captured and made ready for nefarious uses, and if your credit card information has been stolen, it’s the pace where crooks can find it.

These are the monsters under the bed.

How Can Your Company Protect Itself from the Dark Web?

Daily, tens of millions of dollars of Illegal transactions occur on the Dark Web, and it’s often a result of companies who are ill equipped and ill prepared to protect their digital assets. Once those assets are left unprotected, unguarded, or made vulnerable for lack of a few simple protective measures, you’ve exposed your customer and prospect information for exploitation. Further, you’ve damaged your reputation and can even face severe financial consequences.

While putting a protective shield and remediation system in place is warranted, you’ll want to make sure that at a minimum, your cyber-defense includes the following features and capabilities:

  • Monitor all traffic and data going in and out of your network to see in real-time if there is an attack going on, so it can be stopped it in its tracks
  • Conduct a daily scan of the Dark Web, so you have a catalogue showing data that was stolen in the past, and if any new information was compromised currently so you can act immediately and with certainty
  • Conduct vulnerability scanning and overall security assessments backed by remediation capabilities to shore up your security maturity so that any future attacks or compromises are significantly reduced.
  • Secure the technical capabilities for identifying if your company’s data was exfiltrated and being exploited and used by bad guys
  • Deploy a Dark Web Scanning service that actively scans the dark web for your corporate domain name and personal email addresses that also provides a daily report for your entire organization
  • Hire an “undercover agent” to go into the Dark Web so that you never need to step foot in that dark alley.

Get Rid of the Monsters Under Your Bed: Connect with DataSure24

At DataSure24, we can identify with 100% certainty if your company’s information was exfiltrated, used by the bad guys, or is actively available on the Dark Web. We can tell you that, yes, indeed your information was taken in the past.

We go into the Dark Web as an undercover agent so that you never need to step foot in that dark alley. We provide daily scans of the Dark Web, so that you not only know the past that shows data that was stolen many years ago, but you will also know the very next day if any new information was compromised. This gives you the ability to act on things immediately and with certainty – helping clear out the monsters under the bed.

View full article