If you must comply with NIST 800-171 under DFARS you may wonder what has changed with the first revision, released in December, 2016. There are two substantive changes: 1. "Information Systems" has been replaced by "Systems" throughout the document. This [...]
Here is a blog by our friend Joe Stangarone of mrc's Cup of Joe Blog. He writes about the dangers of shadow aka stealth IT and how to spot it. Shadow IT is basically software and services that enter your company network without your knowledge or permission. Here is his blog....
Summary: A growing trend, “Shadow IT” is a term used to describe IT systems and solutions built and/or used inside organizations without the approval of the IT department. This could include anything from employees emailing spreadsheets back and forth to entire departments licensing third-party, cloud solutions behind IT’s back. The problem: Since Shadow IT usually happens on the sneak, IT departments don’t know where (or how much) it’s happening. Is Shadow IT lurking in your business? Read this article to learn the warning signs.
Like it or not, Shadow IT is probably alive and well in your organization. Recent surveys find that it’s not only growing, it’s far more rampant than business leaders realize.
What can you do about it? In past articles, we’ve explored a few ways to address and reduce risks of Shadow IT. We’ve looked at:
- Ways to prevent Shadow IT.
- How to reduce security risks of Shadow IT.
- The benefits of embracing Shadow IT.
That being said, there’s still a problem: You can’t address Shadow IT if you can’t see it. How do you know whether or not Shadow IT lurks in your company?
Orange County, CA - Always make sure your backups are in good working order. Here is a story of a company reports to be out of business because they lost 300 GB if their IP and company operations history - GitLab.com melts down after wrong directory deleted, backups fail. The story mentions Gitlabs.com outgrew the cloud and that is why this happened. No, they simply had bad backups and they did not check to make sure they had an ability to recover before doing work on the storage system. Data loss disasters can happen in the cloud, too. So make sure you have your backup operations in order. Disaster can strike in innumerable ways no matter your IT operation model.
Backups need to be constantly examined to make sure they are working. Here is a partial list of questions you should be asking when doing your due diligence:
Now that you have settled into the New Year it is time to focus on you New Year resolutions for IT or you risk a bad year. It is February 1, 2017 and you now have all the year-end closing of the books, inventory, etc. behind you. Now that your head is cleared up it is time to get more focused on IT.
This blog is a compilation of ideas from Team Alvaka Networks:
1. Roger Nixon said, Keep moving forward by backing up… the importance of good backups for sustainability of a business when things go wrong. Actually almost everyone at Alvaka said something similar. Roger is right. If you have not recently done a complete review of your back up systems you are at great risk. Ask yourself and test whether –
a. Is your backup system running? Is the scheduler running backups at the appropriate intervals?
Irvine, CA - I have become somewhat enamored by the LifeLock commercial titled, “Fix it.” In that commercial, bank robbers come storming into a bank breaking a display and yelling, “Everybody on the floor.” As everyone hits the floor a man in a security uniform remains standing and one of the customers whispers, “Do something!” He replies, “Oh, I’m not a security guard. I’m a security monitor. I only notify people if there is a robbery.” After a brief glance around he passively says, “There’s a robbery.” The commercial narrator then says, “Why monitor a problem if you don’t fix it?”
You can view that video here.
Orange County, CA – I just read about a new product announcement, New version of L0phtCrack makes cracking Windows passwords easier than ever. At Alvaka we used to do a hacking demo during a lunch and learn. Rex Frank would usually do the demo by doing a SQL Injection attack and bumping out to the command prompt. From there he would download the SAM (Security Access Manager) file and then use L0phtCrack to decode a password right in front of the eyes of everyone. Nearly everyone was shocked beyond compare. Of course that approach is now a bit dated, but it showed our guests just how vulnerable unpatched and inadequately secured systems can be. From the start of the demo to the revelation of an account password would only take five o
mrc's Cup of Joe discusses 5 ways CIOs and IT leaders can do more with less Summary: CIOs and IT leaders face a daunting task. Gone are the days of simply supporting the business. These days, the expectations placed on [...]
If you don’t treat network security as important, don’t expect your users to treat security as important.Irvine, CA - Ransomware and phishing threats are the most prevalent cyber-risk problem facing your organization today. Securing your system is a layered approach, [...]
Here is a good blog on whether or not you should renew your warranties on firewalls, servers, routers, software, etc. It is written by a friend of mine, Ken Zimmerman, at Trivalent Group out of Grand Rapids, Michigan. He provides [...]
Educate your users - Don’t let them be tricked into downloading malware
Everyone should follow this advice:
- Be very cautious when opening an attachment or clicking a link in an email, instant message, or post on social networks (like Facebook)—even if you know the sender. If you are suspicious, call to ask the sender if they sent it. If not, delete it.
- The attack can look like it is from an official sources like banks, UPS, FedEx, USPS, eFax, etc. This has been the most common attack method to date.
- If an e-mail gets blocked and quarantined by your spam filter...