A friend of mine asked me if he should buy cyber insurance for his business. Whether your need is for a self-hosted/owned, cloud or hybrid infrastructure this is not an easy answer. As I thought about it, I decided this is probably a topic of interest to many financial managers at small to mid-size enterprises. How should you decide this question and who can you seek for legitimate counsel that is qualified to answer this question without having a conflict of interest?
About tlgadminThis author has not yet filled in any details.
So far tlgadmin has created 190 blog entries.
A 10 attorney law firm discovered the cost of failing to protect its systems from ransomware the hard way. An attorney clicked on a phishing e-mail, leading to a ransomware attack. The firm apparently did not have a [...]
If you must comply with NIST 800-171 under DFARS you may wonder what has changed with the first revision, released in December, 2016. There are two substantive changes: "Information Systems" has been replaced by "Systems" throughout the document. This mean the [...]
There has been a lot of discussion about the method of propagation and the overall impact of this ransomware, but what does this ransomware actually do from start to finish? Click HERE or on the image below to see the [...]
Here are a couple of snippets from Perth Now Sunday Times in Australia ANOTHER large-scale, stealthy cyber-attack is underway on a scale that could dwarf last week’s assault on computers worldwide. The new attack targets the same vulnerabilities the WannaCry [...]
Dear Valued Client,
Before we begin, if at any point while reading the message below, you need assistance or are just not sure, call 877-662-6624 or contact us by email and let us know so we may assist you. If you are one of our Patchworx clients or that rare organization that is covered through other effective measures, we sincerely congratulate you for your efforts to protect your company.
Whether you request our assistance or do the work of protecting yourself, not acting could be a very costly choice.
As you have likely heard in the national news, networks all over the world (in more than 150 countries) have been infected by WannaCryp Ransomware also known as WannaCry since Friday 5/12/2017…in fact it is estimated that 100s of thousands of computers are already infected and potentially million more will soon be. So, before we move into the details of why this matters, please DO NOT OPEN any attachments, click on links in emails from unknown senders, bring in un-scanned USB drives or otherwise invite an infection into your network.
What does ransomware do?
There are different types of ransomware but, all of them will prevent you from using your PC or server normally. They will then ask you to do something such as pay money before you can access your systems and data. Not all but most make getting data back impossible without
Educate your users - Don’t let them be tricked into downloading ransomware/malware
Everyone should follow this advice:
- Be very cautious when opening an attachment or clicking a link in an email, instant message, or post on social networks (like Facebook)—even if you know the sender. If you are suspicious, call to ask the sender if they sent it. If not, delete it.
- The attack can look like it is from an official sources like banks, UPS, FedEx, USPS, eFax, etc. This has been the most common attack method to date.
- If an e-mail gets blocked and quarantined by your spam filter, be very certain about the message and any attachments before you release it from quarantine. One user recently got burned this way.
- Avoid clicking Agree, OK, or I accept in banner ads in unexpected pop-up windows with warnings or offers to remove spyware or viruses, or on websites that may not seem legitimate. These are usually bogus. Call your IT specialist if you are concerned.
If you must comply with NIST 800-171 under DFARS you may wonder what has changed with the first revision, released in December, 2016. There are two substantive changes: 1. "Information Systems" has been replaced by "Systems" throughout the document. This [...]
December 31, 2017 is an important date for many in the DoD world. For those with contracts subject to DFARS 252.204-7012 it might feel like an overwhelming and impending date. I am sure this is another heavy responsibility thrown onto your plate with the expectation you get it done.
Here is a blog by our friend Joe Stangarone of mrc's Cup of Joe Blog. He writes about the dangers of shadow aka stealth IT and how to spot it. Shadow IT is basically software and services that enter your company network without your knowledge or permission. Here is his blog....
Summary: A growing trend, “Shadow IT” is a term used to describe IT systems and solutions built and/or used inside organizations without the approval of the IT department. This could include anything from employees emailing spreadsheets back and forth to entire departments licensing third-party, cloud solutions behind IT’s back. The problem: Since Shadow IT usually happens on the sneak, IT departments don’t know where (or how much) it’s happening. Is Shadow IT lurking in your business? Read this article to learn the warning signs.
Like it or not, Shadow IT is probably alive and well in your organization. Recent surveys find that it’s not only growing, it’s far more rampant than business leaders realize.
What can you do about it? In past articles, we’ve explored a few ways to address and reduce risks of Shadow IT. We’ve looked at:
- Ways to prevent Shadow IT.
- How to reduce security risks of Shadow IT.
- The benefits of embracing Shadow IT.
That being said, there’s still a problem: You can’t address Shadow IT if you can’t see it. How do you know whether or not Shadow IT lurks in your company?