cybersecurity

/Tag: cybersecurity

FFIEC CAT vs FSSCC Profile – WST

2018-12-13T18:08:06+00:00

December 13, 2018 FFIEC CAT vs FSSCC Profile - WST In 2015, the FFIEC developed the Cybersecurity Assessment Tool (CAT) (https://www.ffiec.gov/cyberassessmenttool.htm) to “help institutions identify their risks and determine their cybersecurity preparedness. The tool provides a repeatable and measurable process for financial institutions to measure their cybersecurity preparedness over time.”  Regulatory agencies widely support and accept the CAT as examiners are expecting you to complete it annually. However, anyone who has completed the CAT knows that the process can feel overwhelming with the large number of questions, particularly for smaller banks. In October 2018, the Financial Services [...]

FFIEC CAT vs FSSCC Profile – WST2018-12-13T18:08:06+00:00

Ransomware Defense Technique – WST

2018-12-06T19:34:56+00:00

December 6, 2018 The Most Basic Ransomware Defense Technique - WST Aside from standard security practices such as antivirus software and security awareness training, one of the most effective steps you can take to protect against ransomware is very straightforward: limit what files users can access. Ransomware almost always runs with the same permissions as the infected user, so what they cannot access, the ransomware cannot encrypt. The concept of ‘least privilege’ (allowing a user to access only what is needed for their job) is as old as information security itself, but it is not always easy [...]

Ransomware Defense Technique – WST2018-12-06T19:34:56+00:00

Sure Is Dark Out There – Clean Desk Policy – WST

2018-12-04T21:50:27+00:00

November 29, 2018 Sure Is Dark Out There - WST If you are in Barrow Alaska you won’t see the sun again until January 22nd.  That’ll be after 82 consecutive days of not seeing the sun.  For the rest of us, it’s hard to imagine that much darkness.  It only feels that dark for many of us now that daylight saving time is over, and we find ourselves leaving work around dark each day. As you’ve left your office in the dark, have you ever turned and looked back into the building to see what is visible [...]

Sure Is Dark Out There – Clean Desk Policy – WST2018-12-04T21:50:27+00:00

National Cybersecurity Awareness Month

2018-12-04T22:06:03+00:00

October 18, 2018 National Cybersecurity Awareness Month - WST Even though October is more than half over it’s not too late to celebrate National Cybersecurity Awareness Month (NCSAM). For the last fifteen years the Department of Homeland Security has designated the month of October as a time to emphasize the importance of cybersecurity at work and at home. The purpose is to provide government, private industry and individuals with resources to stay safe online and increase everyone’s overall awareness of cyber-threats. With training and awareness being the primary focus, a number of resources have been made available [...]

National Cybersecurity Awareness Month2018-12-04T22:06:03+00:00

The Dark Web: Overview & Tour

2018-09-27T21:41:57+00:00

The language of the “Dark Web” is ubiquitous, and it’s important for banks to be able to communicate to customers what it is and what it contains. In this session, learn about the Deep Web, Dark Web, and Dark Nets and how they operate. Experience a live demo of the Dark Web to uncover where it exists, what it contains, and why it should be examined with caution.

The Dark Web: Overview & Tour2018-09-27T21:41:57+00:00

Secure Message Attack – WST

2018-09-12T20:21:44+00:00

September 12, 2018 Secure message attack in progress - WST Be Aware: Widespread “secure message” attack in progress. We have seen several clients possibly affected by a phishing campaign that appears designed to steal Office365 OAuth2 tokens.  The phishing email itself can vary, but will come from a known sender, and appears to be a secure document delivery message.  The message may contain a PDF attachment, or it may link out to a box.com or another file repository where the PDF file resides.  The PDF file is a variant of the following doc: The link in the [...]

Secure Message Attack – WST2018-09-12T20:21:44+00:00

ATM Compliance – Outside the Box – WST

2018-08-23T18:23:06+00:00

August 23, 2018 ATM Compliance - Outside the Box - WST By now all your ATMs are running a modern operating system, are EMV-capable, have Braille in all the right places, and support voice prompts through a headphone jack.  All necessary IT controls are wrapped around them, and they’re spitting out cash just as well as they used to, but did you know there may be another set of rules for which you may need to comply? Many states, counties, and some cities have consumer safety protection laws subjecting ATM operators to physical security considerations, and non-compliance [...]

ATM Compliance – Outside the Box – WST2018-08-23T18:23:06+00:00

HP Ink Printer Vulnerabilities – WST

2018-08-16T14:31:52+00:00

August 16, 2018 HP Ink Printer Vulnerabilities - WST HP’s Product Security Response Team published security advisories detailing two remote code execution security vulnerabilities, CVE-2018-5924 & CVE-2018-5925, affecting a large number of HP Ink printers. Many of the impacted printer models include fax capabilities which can be remotely exploited with a malicious fax.  Once exploited, the printer can be leveraged to attack other internal systems.  With the prevalence of these printers on business networks, it’s important to involve all printers and multifunction devices in your regular vulnerability and patch management process. HP has updated their security bulletin [...]

HP Ink Printer Vulnerabilities – WST2018-08-16T14:31:52+00:00

VPN – WST

2018-05-23T21:51:30+00:00

May 24, 2018 VPN - WST Virtual Private Networks: Should you be using one? A VPN or Virtual Private Network allows you to create an encrypted connection to another network over the Internet.  Many of you are familiar with them and use a VPN to connect back to your institution’s network for remote access.  While this is one reason to use a VPN, it’s far from the only reason to use one.  In today’s environments, eaves-dropping, public wi-fi, and location tracking (just to name a few) pose significant issues that often result in unwanted privacy invasions or [...]

VPN – WST2018-05-23T21:51:30+00:00

VPN

2018-05-24T16:50:07+00:00

Virtual Private Networks: Should you be using one? A VPN, or Virtual Private Network, allows you to create an encrypted connection to another network over the Internet.  Most users are familiar with them for connecting back to their institution’s network for remote access.  While this is one reason to use a VPN, it’s far from the only reason to use one.  In today’s environments, eaves-dropping, public Wi-Fi, and location tracking (just to name a few) pose significant issues that often result in unwanted privacy invasions or data theft. One method of helping to prevent this is using a VPN.  In [...]

VPN2018-05-24T16:50:07+00:00