Information Security News

Home/Information Security News

Network Access Control Basics

2020-05-15T20:23:45+00:00

Network Access Control (NAC) can be a very confusing concept to understand if one tries to dig into the minutiae of how it works and every single thing it can do. Instead, to get an idea of how it can assist you in your security efforts, start by focusing on breaking down its name: Network.  Access.  Control. NETWORK.  It’s a bunch of jacks in the wall that have wires that run back to that blinky-light box in a closet or in the data center.  Or, maybe it’s those white boxes on the ceiling with the antennas pointing in various directions.  [...]

Network Access Control Basics2020-05-15T20:23:45+00:00

Getting to Know Your Stimulus Check

2020-05-01T13:20:14+00:00

From April 24th through June 26th, 2020, the Treasury Department is mailing paper Economic Impact Payment checks, and like moths to flame, this substantial influx of money is already attracting fraudsters.  Now is the perfect time for a frontline check fraud refresher course and to shore-up your check cashing procedures. While check fraud is nothing new, these stimulus payments are a great incentive for con artists to dust off their old playbook of tried and true counterfeit check scams.  By getting to know your stimulus check, you can significantly reduce losses at your institution.  There are five key security features [...]

Getting to Know Your Stimulus Check2020-05-01T13:20:14+00:00

Deploying a Simple Open Source SIEM

2020-04-23T16:59:25+00:00

Introduction There is a lot going on today in a modern network. The ability to visualize, search, and react to security events is critical. A SIEM (Security Information and Event Management) is typically used to meet these needs. There are a lot of SIEM solutions out there and it can be a very complex topic. However, there are some open-source solutions that can meet your needs. This blog will walk your though the process of deploying and some basic usage of an open source solution called the Elastic Stack. The Elastic stack is a great platform used for many different [...]

Deploying a Simple Open Source SIEM2020-04-23T16:59:25+00:00

Customer Security Awareness Training

2020-03-12T20:29:23+00:00

It’s not only a moral obligation for an institution to advise its account holders on protection of their identity and assets; it is absolutely recommended by myriad experts, sources, and FFIEC guidelines which state that financial institutions should have a policy within the Information Security Program to govern “Customer Awareness” (FFIEC Information Security Booklet, II.C.16).  Financial institutions should comply with that policy, providing some type of ongoing training to their customers, members, and consumers. This training may be provided any number of ways: pamphlets, statement stuffers, and so on.  More frequently, training is being delivered electronically as content on institutions’ [...]

Customer Security Awareness Training2020-03-12T20:29:23+00:00

Issues for Issuers that Issue

2020-03-19T16:44:39+00:00

More and more institutions are now payment card issuers.  Ten years ago, in-house payment card production was almost always an outsourced function within community financial institutions (FIs), but that’s no longer the case.  As currently observed,  more than 40% of our FI clients have now implemented in-house card printing and/or embossing (personalization) solutions for various reasons.  The most prevalent of those reasons are competitive in nature; to provide customers with quick access to their funds at account opening or following the lost, theft, or compromise of a payment card. While a large majority of in-house issuance adopters have made strong [...]

Issues for Issuers that Issue2020-03-19T16:44:39+00:00

We Accept the Risk

2020-02-13T21:43:07+00:00

Whether you find them in a risk assessment, we find them in an audit, regulators uncover them as part of an exam, or you hear something scary and familiar on the news, IT risks require ACTION.  There are generally four things you can do once a risk is identified within your environment: Avoid it. No one likes being told, “You can’t do that. It’s too dangerous.”  Risk avoidance is when management determines that the risk outweighs the benefit of an asset (like a product offering, practice, or IT system) and decides not to go forward with implementation.  Avoidance is much [...]

We Accept the Risk2020-02-13T21:43:07+00:00

SPF. DMARC. DKIM. Oh My!

2019-11-19T23:28:24+00:00

We spend a lot of time making sure we have policies in place to protect our institution from reputational risks associated with technology, and even more time is spent on training, auditing, and compliance to manage those risks. But rarely do we consider what goes on outside of the physical or virtual perimeter of our networks. Consider this: what would you say if I told you that there is a 79.7% likelihood that a third party is either actively sending email as if it came from your domain without your knowledge, or has in the past? Don’t get all bristly; [...]

SPF. DMARC. DKIM. Oh My!2019-11-19T23:28:24+00:00

Securing IoT

2019-07-18T15:18:45+00:00

A tongue-in-cheek, but realistic scenario for IoT compromise Your customers are complaining.  And they make a valid point that your Internet banking application is unavailable inside your very own bank branch walls, because you don’t offer free Wi-Fi in your 150-year-old stone building with no cell signal.  Well shucks, that makes a lot of sense, doesn’t it? Now the employees are complaining that they can’t listen to Pandora while churning out millions of dollars in mortgage documentation all day long.  That seems fair, after all employee happiness and retention – especially a concern for younger generations – should be at [...]

Securing IoT2019-07-18T15:18:45+00:00

Why Do I Need a Tarp?

2019-07-18T14:14:56+00:00

Full disclosure, I was a Firefighter. And we love water. A few years after getting my Firefighter 1 certification I found myself on a quarter section of blackened earth, with a shovel and a six-foot wall of fire extending a few hundred yards in either direction moving away from me at a rather quick pace thanks to those hot summer Kansas winds. A pond, a loafing shed, and a pump house lay beyond. As we tried to improve the chances of survival for the shed and the pump house, there were two things running through my mind as we tried [...]

Why Do I Need a Tarp?2019-07-18T14:14:56+00:00

The Low-Down on Multi-Factor Authentication

2019-02-22T21:57:57+00:00

The Low-Down on Multi-Factor Authentication Multi-Factor Authentication, Strong Authentication, 2FA, MFA, Token-Based, Out-of-Band Authentication; what does it all mean?  Many more people are familiar with these terms than just a few years ago.  But, not all multi-factor authentication (MFA) types are created equal.   MFA solutions are designed to protect their users’ accounts in the event of credential theft.  With more advances in software technology and features, comes more vulnerabilities and potential ways for attackers to gain your password.  However, just how effective are the various MFA types?  Many MFA solutions have recently flooded the market, and that raises the question: [...]

The Low-Down on Multi-Factor Authentication2019-02-22T21:57:57+00:00