Weekly Security Tip

/Weekly Security Tip

FFIEC CAT vs FSSCC Profile – WST

2018-12-13T18:08:06+00:00

December 13, 2018 FFIEC CAT vs FSSCC Profile - WST In 2015, the FFIEC developed the Cybersecurity Assessment Tool (CAT) (https://www.ffiec.gov/cyberassessmenttool.htm) to “help institutions identify their risks and determine their cybersecurity preparedness. The tool provides a repeatable and measurable process for financial institutions to measure their cybersecurity preparedness over time.”  Regulatory agencies widely support and accept the CAT as examiners are expecting you to complete it annually. However, anyone who has completed the CAT knows that the process can feel overwhelming with the large number of questions, particularly for smaller banks. In October 2018, the Financial Services [...]

FFIEC CAT vs FSSCC Profile – WST2018-12-13T18:08:06+00:00

Ransomware Defense Technique – WST

2018-12-06T19:34:56+00:00

December 6, 2018 The Most Basic Ransomware Defense Technique - WST Aside from standard security practices such as antivirus software and security awareness training, one of the most effective steps you can take to protect against ransomware is very straightforward: limit what files users can access. Ransomware almost always runs with the same permissions as the infected user, so what they cannot access, the ransomware cannot encrypt. The concept of ‘least privilege’ (allowing a user to access only what is needed for their job) is as old as information security itself, but it is not always easy [...]

Ransomware Defense Technique – WST2018-12-06T19:34:56+00:00

Sure Is Dark Out There – Clean Desk Policy – WST

2018-12-04T21:50:27+00:00

November 29, 2018 Sure Is Dark Out There - WST If you are in Barrow Alaska you won’t see the sun again until January 22nd.  That’ll be after 82 consecutive days of not seeing the sun.  For the rest of us, it’s hard to imagine that much darkness.  It only feels that dark for many of us now that daylight saving time is over, and we find ourselves leaving work around dark each day. As you’ve left your office in the dark, have you ever turned and looked back into the building to see what is visible [...]

Sure Is Dark Out There – Clean Desk Policy – WST2018-12-04T21:50:27+00:00

Pandemic Plan Time – Bye Bye Summer, Hello Flu! – WST

2018-12-04T21:54:07+00:00

November 15, 2018 Bye Bye Summer, Hello Flu! - WST Winter seems to be in a big hurry, and yes, that means Pandemic Plan time. In the Midwest, we raced right from Summer into Winter without so much as a goodbye handshake. Right on cue, with the colder weather, we are already seeing the first cases of flu pop up . . .and you all know what that means. Yup, time to dust off the pandemic plan and make sure it is up to date. Pandemic Plan reminders: Focus on operating with limited staffing (are your procedures [...]

Pandemic Plan Time – Bye Bye Summer, Hello Flu! – WST2018-12-04T21:54:07+00:00

Budget? For Information Security? – WST

2018-12-04T21:54:54+00:00

November 8, 2018 Budget?  For Information Security? - WST The midterms are finally over, and the ads have mercifully ended. We all deserve a little credit for putting up with the insanity. But now, is the time to get back on track and plan out your budget for 2019. Or, did you assume it will just be a part of IT’s budget? According to the FFIEC Cybersecurity Assessment Tool, a “baseline” requirement indicates: “The budgeting process includes information security related expenses and tools. (FFIEC E-Banking Booklet, page 20).” Whether you’ve already submitted your 2019 budget or not, [...]

Budget? For Information Security? – WST2018-12-04T21:54:54+00:00

Embedded Video with MS Word Woes

2018-12-04T22:01:08+00:00

November 1, 2018 Embedded Video with MS Word Woes - WST Last week a new Microsoft Word vulnerability was discovered concerning embedded video. This vulnerability allows malicious code to be placed inside of a Word document containing an embedded video link. This malicious code can be executed in the background without prompting the user. This vulnerability appears to affect even the most recent versions of Microsoft Word. This method will likely become very popular with phishing campaigns. Currently no patch exists for this yet to be a CVSS number assigned vulnerability. Current potential mitigation methods would be [...]

Embedded Video with MS Word Woes2018-12-04T22:01:08+00:00

Cloud Backups and Encryption – WST

2018-12-04T22:03:46+00:00

October 25, 2018 Cloud Backups and Encryption - WST Many institutions utilize cloud-based storage as part of their backup solution. Whether it is a pure server to cloud backup, a local backup repository with an offsite cloud storage component, or somewhere in between, the flexibility of many of these solutions can be awesome. The usage of these services does not have to be a trade-off in security either if it is done correctly. Encryption is the key (no pun intended). To protect data sent to the cloud, it must be encrypted. Just about any backup service will [...]

Cloud Backups and Encryption – WST2018-12-04T22:03:46+00:00

National Cybersecurity Awareness Month

2018-12-04T22:06:03+00:00

October 18, 2018 National Cybersecurity Awareness Month - WST Even though October is more than half over it’s not too late to celebrate National Cybersecurity Awareness Month (NCSAM). For the last fifteen years the Department of Homeland Security has designated the month of October as a time to emphasize the importance of cybersecurity at work and at home. The purpose is to provide government, private industry and individuals with resources to stay safe online and increase everyone’s overall awareness of cyber-threats. With training and awareness being the primary focus, a number of resources have been made available [...]

National Cybersecurity Awareness Month2018-12-04T22:06:03+00:00

Quarterly Firewall Review – A Requirement – WST

2018-12-04T22:06:51+00:00

October 11, 2018 Quarterly Firewall Reviews are a Requirement - WST For many companies there is only one device between their internal network and the whole wide world, AKA the Internet. This one device, called a firewall, is a key component in a secure architecture and it is often under managed. By that we mean the firewall is often not receiving the ongoing attention it deserves, a firewall review. The common issues we find with firewall configurations include: Managed Firewalls: In today’s environments we often see the management of firewalls outsourced and all but forgotten about by [...]

Quarterly Firewall Review – A Requirement – WST2018-12-04T22:06:51+00:00

DR Documentation and Password Storage – WST

2018-09-27T15:17:39+00:00

September 27, 2018 DR Documentation and Password Storage - WST An often-overlooked part of Disaster Recovery (DR) is network documentation.  Not just plans and procedures, but good ol’ fashioned diagrams, server lists with IP addresses, critical logon credentials, etc.  When you have to put everything together and get it running somewhere else, these are essential.  Also, commonly overlooked is where this should be stored.  Having the documentation and secure password database on the server that just crashed doesn’t help much; it needs to be available in the event that all systems are down.  Connectivity to DR sites [...]

DR Documentation and Password Storage – WST2018-09-27T15:17:39+00:00