Weekly Security Tips

WST Signup

Please Verify You Are Human: AI-Assisted Phishing

August 23, 2024

It’s no secret that artificial intelligence (AI) has been the talk of the town for the

Rise of Cybercrimes and Anti-Fraud Efforts

August 16, 2024

In July 2024, the Association of Certified Anti-Money Laundering Specialists (ACAMS) issued a

You have a new (malicious) secure email!

August 8, 2024

When attackers find something that works, unfortunately, they will happily keep using it to

Event Logging: The Foundation of Security and Compliance

July 25, 2024

Event logs can be generated from most IT infrastructure including firewalls, Intrusion Detection and

Simple Sanity Checks

July 18, 2024

We all know that security testing is important, and many assessments can be extensive. The good news is

Ransomware Self-Assessment Tool Version 2

January 26, 2024

The Conference of State Bank Supervisors (CSBS) recently released the Ransomware Self-Assessment Tool version

Zero-days Are Becoming More Zero

January 11, 2024

Zero-day vulnerabilities are vulnerabilities for which no patch is yet available and therefore the hardware or

File Share "Surfing

January 5, 2024

Regularly “surfing” through file shares with an account that has the least privilege can be an eye-opening exercise

Local Administrators

December 27, 2023

It’s daunting to have to secure all the layers of your network and devices, and an important measure toward your

Windows Hello for Business - Ready for Primetime?

December 21, 2023

We recently had a client ask us if Microsoft Windows Hello for Business (WHFB) is a good replacement for

WordPress Vulnerability Fix

December 15, 2023

If your organization is one of the millions that uses WordPress for hosting its websites, take heed to a

Citrix Bleed Exploitation - Be Proactive to Help Shield Your Organization From Attacks

December 8, 2023

We want to draw your attention to the recent ransomware attack on a third-party IT service provider

Microsoft Automatically Deploying MFA Policies

30, 2023

Microsoft has started automatically deploying Microsoft-managed conditional access policies that may impact

Citrix Bleed Vulnerability

November 2, 2023

Citrix NetScaler ADC and NetScaler Gateway products have been in the news recently regarding a critical

Cybersecurity Awareness Month

October 12, 2023

In an effort to support Cybersecurity Awareness Month, 10-D Security has developed a quick, online training called, “Spot the Phish”....

Wanted: Information Security Officer

October 6, 2023

Looking for a new Information Security Officer? What skill sets should be considered? As information security professionals, we are often asked by our clients about the basic skill sets to look for when hiring a new....

Here Comes Passkeys!

September 29, 2023

The next version of Windows 11 (23H2) due October 2023 adds support for passkeys. Google also added passkey support for Google accounts back in May of this year and many popular websites allow you to utilize this feature as well. So, what are passkeys?....

Security Incident Notification Rule and Service Providers

September 21, 2023

Back in November of 2021, the OCC, FRB, and FDIC jointly issued a final rule requiring banking organizations to notify their respective regulators within 36 hours of a declared computer-security incident....

Pig Butchering – What to Know About this Virtual Currency Scam & FinCEN Alert FIN-2023-Alert005

September 14, 2023

The Financial Crimes Enforcement Network (FinCEN), on September 8, 2023, issued a critical alert (FIN-2023-Alert005) regarding a prevalent virtual currency investment scam known as "Pig Butchering". This alert serves as a warning....

Standard Password Complexity Rules Just Don’t Cut It Anymore

September 7, 2023

Microsoft Active Directory has had password complexity requirements built-in for a long time. Most administrators are familiar with the standard settings. You can set a minimum length....

YOU ARE 10-D’s BEST CLIENT(S)

August 31, 2023

At 10-D, we appreciate you, our clients! We truly enjoy working with you and our partnership. To share some of the reasons we appreciate all of you....

Everybody is talking about disclosure rules…

August 24, 2023

Ok, maybe not everybody, but the SEC and NCUA have been! The SEC recently adopted rules for disclosure ....

Cloud Solutions – Vendor Management to Security Management

August 17, 2023

Proper due diligence of your vendors is an important part of your information security program. When one of your vendors is also a cloud....

The Next Best Seller? FFIEC BSA Exam Manual Updates

August 10, 2023

It’s been a hot minute, but last week the FFIEC rolled out updates to BSA/AML Examination Manual. For those playing at home....

MFA Notification Fatigue Attacks

August 3, 2023

I can still recall my first horror movie starring a werewolf. The bad news was that a scary monster was coming. The good news, there was a way to definitively stop it....

Cybersafe Travel

July 27, 2023

Whether you are traveling for business or going on vacation, information security should always be part of the itinerary. Here are several tips to ensure you....

IT Asset Management – It helps secure your environment and saves you money!

July 13, 2023

We’re going to revisit something we sent out a few years back, because it’s good to periodically reinforce the (sometimes boring) fundamentals, such as asset managementy....

Backups

July 6, 2023

As enforced by guidance and in some cases regulation, the expectation exists that institutions follow the CIA triad of “confidentiality, integrity, and availability....

The Rockets' Red Glare

June 29, 2023

10-D hopes you have an awesome 4th of July! Enjoy your time with family and friends, take in a parade, chow on some BBQ and strawberry shortcake....

Have your findings been remediated appropriately?

June 15, 2023

Over the past several months, we have received an increasing number of requests to review the remediation of the findings from our audits and assessments....

Security Toolbox: Steganography

June 8, 2023

Steganography, simply put, is the art of hiding information within an object. That object could be a picture....

Importance of Disabling Legacy Applications Such as Internet Explorer

June 1, 2023

"Legacy” applications are products that are no longer being supported and therefore are not releasing any updates. When an application....

To Reopen or Not to Reopen, That is the Question!

May 25, 2023

It may have been a long time since any of us read Hamlet in high school English class, but the line, “To be or not to be”, remains one of the most quoted from all of William Shakespeare’s plays....

Microsoft 365 Security Review Observations

May 11, 2023

Here are a few items of note that keep popping up in Microsoft 365 Security Assessments with our clients....

The New Era of "Disclosing Isn't Enough"

May 4, 2023

By now, perhaps you have read the FDIC FIL-19-2023 and OCC Bulletin 2023-12 both dated April 26, 2023, addressing “authorize positive, settle negative” (APSN) transactions and representment fees....

Backup versus Archive – What’s the difference?

April 27, 2023

You’re doing periodic backups of all your critical data and systems. Those backup data sets have a defined retention period, which means data will not be available after the expiration date of the backup set....

Its 4/20 - Still Dazed and Confused?

April 20, 2023

It’s 4/20 and our certified cannabis banking professional (CCBP) auditors love to use this day to refresh everyone on how the marijuana landscape has changed....

Are You Changing Your Backup Tool Set?

April 13, 2023

Backup and recovery software for Windows infrastructure has significantly evolved over the last number of years. Occasionally, you may have a need to....

Come On Now... Tell the Truth

April 6, 2023

Remember that game show “To Tell the Truth”? Three contestants all claim to be the same person – one is telling the truth but the other two are imposters? Then a panel had to guess who was really telling....

It's Like Déjà Vu All Over Again

March 23, 2023

Yogi Berra was probably more well known for his nonsensical expressions than his play on the baseball field – but who doesn’t like a good Yogi-ism? I mean, if anyone know what the feeling....

A Non-Technical Look at Patch Management (Part 2 of 2)

March 16, 2023

This is the second part of a 2 part series on understanding patch management and vulnerability scan results. Last week, we looked at the complexity of patch management....

A Non-Technical Look at Patch Management (Part 1 of 2)

March 9, 2023

At 10-D Security, we perform a lot of vulnerability scans. An internal vulnerability scan is an essential part of helping our clients identify if their patch management (or vulnerability management) process is working. The resulting reports are detailed, technical, and have a lot of numbers....

Cyber Incidents and the NCUA - WST

February 23, 2023

Effective September 1, 2023, federally insured credit unions must notify the NCUA within 72 hours, after it reasonably believes that a reportable cyber incident has occurred....

OCC Issues Revisions to Fair Lending Booklet - WST

February 16, 2023

On January 12, 2023, the OCC released revisions to the “Fair Lending” booklet of the Comptrollers Handbook....

Sweet Relief: OCC Announces Changes to HMDA Data Reporting Requirements/Examination Practices - WST

February 9, 2023

On February 1st, the OCC issued a bulletin (2023-5) to inform affected banks and OCC agency examining personnel that the loan origination threshold for reporting HMDA data....

Think before you click... - WST

February 2, 2023

Phishing emails are becoming more realistic, and it is important to know what to look for and to be on the lookout. Certain things to review in emails to confirm legitimacy can be....

Lock It Down! - WST

January 26, 2023

Whether it’s our homes, our cars, or our bicycles, we know if we truly want to keep our valuables, we need to lock them up. Leaving ourselves exposed may not always lead to problems....

Password Managers and the LastPass Breach - WST

January 19, 2023

Keeping track of your various passwords these days is nothing to scoff at. The ubiquitous solution to password generation and storage has been password managers where you only need to remember a single, complex password....

In This Economy?? - WST

January 12, 2023

Just as inflation has changed many things for all of us in the last year, we see that even regulations are not immune to adjustments due to changes in the Consumer Price Index. The following changes....

The Infamous Excel Password File - WST

January 5, 2023

If you’ve been in the IT world as long as we have, you will remember a time when storing passwords in an Excel spreadsheet was not only the norm, but also considered relatively safe when combined with NTFS....

Identity Management – Know Your Environment, Know your Users - WST

December 28, 2022

Managing and supporting all the identities used by an organization is often a daunting task, but it is critical to understand and control all the various accounts in your....

Critical Patch Available for FortiGate Firewalls - WST

December 12, 2022

Fortinet just published details of a vulnerability that could allow remote code execution by an attacker (without any authentication) through FortiGate firewalls that have....

Add-ins and Consent - WST

December 7, 2022

Continued advancement of programming knowledge is making it easier for just about anyone capable of understanding a programming language at a basic level to create applications. This includes add-ins meant to enhance....

Vendor Management - A Key Component in Risk Management - WST

December 1, 2022

When it comes to your Information Security Program (ISP), you own it! However, not everything in your ISP is within your direct control. That is why good vendor management....

I Can Pillage Your Castle Without Climbing the Walls - WST

November 17, 2022

One trend we have noticed in our Penetration Tests is the difficulty of getting a presence on internal networks has gone up over the past few years. Many organizations have implemented....

Junk Fees - The Newest Catch Phrase - WST

November 10, 2022

Over the past few months, more headlines are circulating, and consumer protection groups are speaking out against the assessment of fees that confuse or deceive consumers or take advantage of a situation – aka “junk fees”....

OCC News - Office of Financial Technology - WST

November 3, 2022

The OCC announced last week that it is launching a new Office of Financial Technology in early 2023. With the rapid expansion in the technology space....

Do you really think it's a good idea to post that? - WST

October 27, 2022

We know as an Information Security Officer you can’t be there at the moment when someone from your organization is making a decision that could impact the safety and security of your data....

New Update – FFIEC’s Cybersecurity Resource Guide for Financial Institutions - WST

October 20, 2022

Ransomware is an ever-growing concern for all organizations, and likely isn’t going away any time soon....

End of General Support: VMware ESXi 6.5 & 6.7 - WST

October 13, 2022

VMware will end extended support for VMware ESXi versions 6.5 and 6.7, on Saturday, October 15, 2022. More information on this end of support is available at...

Two New Zero-Day Vulnerabilities Affecting On-Premises Microsoft Exchange Server - WST

October 5, 2022

On September 29, 2022, Microsoft reported investigating two zero-day vulnerabilities impacting Microsoft Exchange 2013, 2016, and 2019. Microsoft is reporting attacks...

Disaster Preparedness - Helping Your Customers Prepare, Recover, and Rebuild - WST

Sept 28, 2022

In the span of less than 2 weeks, the US will deal with two significant hurricanes causing substantial destruction and even more anxiety about recovering. Much of 10-D’s staff have...

It's Not Just GLBA Any More - WST

Sept 22, 2022

On August 11, 2022, the Consumer Financial Protection Bureau released Consumer Financial Protection Circular 2022 – 04 titled “Insufficient Data Protection or Security for Sensitive Consumer Information”...

What's an Immutable Backup? - WST

Sept 14, 2022

Ransomware resiliency is still top of mind because attackers are getting better at their game. Once access is gained into a network...

System Administration: Inheriting Legacy Systems - WST

Sept 8, 2022

Many of us who have worked as system administrators have had the privilege of inheriting established systems that have been in service for many years...

Microsoft 365: Deprecating Basic Authentication in Exchange Online - WST

Sept 1, 2022

If you are administering Microsoft 365 and Exchange Online for your organization, you may remember that Microsoft announced in September 2021 that they are deprecating support...

Zero-Day Chrome Vulnerability No. 5 for 2022 - WST

August 18, 2022

The fifth Google Chrome zero-day vulnerability of 2022 has been disclosed. Automatic update patches are being pushed out in stages, but anyone can manually update now...

Sign, Sign, Everywhere A Sign - WST

August 11, 2022

Blockin’ out the scenery, breakin’ my mind. Do this, don’t do that – Can’t you read the sign?...

Don't Post That Pic! - WST

August 4, 2022

A little advice on oversharing sensitive personal information this week....

Train your employees how to be mean...(it's not what you think!) - WST

July 14, 2022

Overall, most people are friendly by nature, and it’s socially awkward to NOT hold the door open for someone. Unfortunately, bad actors know this....

Change Control - The Whys and the Whats - WST

July 7, 2022

Change Management is the process of managing the integrity, and availability of your IT environment (e.g., hardware, software, firmware) when modifications are introduced....

Top 8 ways to have a safe and happy Independence Day! - WST

June 30, 2022

While you are out enjoying your 4th of July holiday, here are a few tips to keep in mind....

Elder Financial Exploitation - WST

June 23, 2022

Sadly, we’ve all seen, heard, or read articles regarding the proliferation of scams during the past two years. I would venture to guess that most of you are like me....

Memory Lane - WST

June 16, 2022

As 10-D is approaching our 18th year and it has fallen to me to write the WST this week....

Avatar and Flood Insurance Compliance – Two Types of Blues - WST

June 9, 2022

In mid-May 2022, five regulatory agencies jointly issued revised Q&As regarding federal flood insurance laws and implementing regulations....

New Zero-Day Vulnerability Affecting Microsoft Products - WST

June 2, 2022

On May 30, Microsoft reported a zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT)....

Are You Still On Track? - WST

May 26, 2022

Can you believe it, we are almost halfway through 2022! By now you should have most all your compliance/security assessments, audits, and reviews scheduled for the year....

Do Your Backups Match Your Expectations? - WST

May 19, 2022

A previous WST described what a business impact analysis (BIA) is and how it’s a key component of your business continuity program and disaster recovery....

Are You Sure That Laptop is Secured? - WST

May 12, 2022

One of the many areas we look at when conducting an IT audit is the security of portable devices, including laptops. With the proliferation of laptops that are now enabling so many remote workers....

Risk Assessments vs. Audit - WST

May 5, 2022

From time to time, we are asked “Why do we need to do a risk assessment? Isn’t that the same as an audit?” Since the terms are sometimes used interchangeably, we thought we’d talk through these foundational concepts....

Security Exception Tracking - WST

April 28th, 2022

In even the most rigorously managed networks or systems, there’s always some exception to security policies that must be allowed at some point. Maybe it’s a critical operational need, maybe it’s a temporary issue during a big rollout, maybe something new has cropped up and the rules need to be bent for little bit to keep the wheels rolling…it happens....

Pandemic Planning in the Endemic State - WST

April 21st, 2022

I believe we can all agree that nothing prepares us more than having to deal with a Business Continuity Management event than an actual event. We can always derive better plans through results from testing and actual events. President Dwight D. Eisenhower’s take was: “[I] have always found that plans are useless, but planning is indispensable.” At the very least, having a plan gives us a jumping off point....

Pen Testing Guide - WST

April 14th, 2022

We regularly field questions about testing methodology and examiner expectations. And while some of our answers can be very specific to your network and institution, the foundational concepts carry through to all...

Moving Patch Management to the Front Burner - WST

April 6th, 2022

As tensions mount in Europe, our clients have reached out for advice on how to counter the possibility of foreign attacks. A few weeks ago, we released helpful tips related to strengthening security fundamentals, https://10dsecurity.com/wst/cybersecurity-fundamentals.html. As we continue to bolster our defenses, now is a great time to schedule any delinquent patch management across your environment. Patching efforts should include...

Spring Cleaning: Digital Dust Bunnies - WST

March 31st, 2022

Spring has officially sprung! If you are like us, you are swapping out closets with lighter clothing, and beginning an annual “spring cleaning” of the home. But why stop there at the house? What about peeking into your virtual closets to see if there are digital dust bunnies ready to be swept away? If it has...

Lock the Doors! Understanding and Securing Your Systems - WST

March 24th, 2022

Government agencies continue to warn of potential cyberattacks targeting US entities related to the ongoing conflict in Ukraine. Just this week, President Biden and the Cybersecurity & Infrastructure Security Agency (CISA) warned...

Tough Love, Scared Straight - WST

March 17th, 2022

This week we have a blog post where Mike Smith supplies some tough love and straight talk on securing Microsoft 365, and why it’s important to enable multi-factor authentication and disable insecure protocols that don’t support it...

Red Flags on Potential Russian Sanctions Evasion Attempts - WST

March 10th, 2022

On March 7, 2022, FinCEN issued an alert advising all financial institutions to be vigilant against potential efforts to evade U.S. imposed sanctions and restrictions implemented in connection with the Russian Federation’s invasion of Ukraine. The Office of Foreign Assets Control has...

Protecting Non-Public Personal Information - WST

March 3rd, 2022

Back in 1999, when Michael Jordan was enjoying his second retirement and everyone was freaking out about Y2K, Congress passed the Gramm-Leach-Bliley Act (GLBA), which ensured the safeguarding of consumer non-public personal information (NPI). The GLBA dictates what...

DirSync, AD Sync, Azure AD Connect - WST

February 24th, 2022

Here at 10-D Security, we are constantly updating our Microsoft Security Review services to keep up with changes that Microsoft makes to everything from the placement of configuration controls in administrative consoles to...

Wanted: Information Security Officer - WST

February 17th, 2022

Looking for a new Information Security Officer? What skill sets should be considered? As information security professionals, we are often asked by our clients about...

Backups and Testing Backups - WST

February 10th, 2022

We hope everyone is enjoying the new year so far and wish everyone well in their endeavors for the remainder of 2022. Here’s a friendly note on the subject of backups. It is the guidance and typically the examiner’s expectation that ...

Cybersecurity Fundamentals - WST

Feruary 3rd, 2022

With the growing geopolitical instability in the world today, now would be a great time to review security fundamentals. If you are looking for ways to sharpen the tools in your cyber defense toolbox, here is a list of suggestions...

Make your passwords stronger with a simple trick! - WST

January 27th, 2022

Last week, we mentioned the dangers of reusing passwords across multiple services. Now, we would like to tell you how you can make your passwords stronger to prevent...

Reusing passwords is (always) a very bad idea! - WST

January 20th, 2022

Since high profile breaches involving user credentials (usernames and passwords) continue to occur, we thought we’d revisit what the bad actors do with this information, provide ways you can help protect yourself, and point you to a tool that alerts if your email address has been included in a breach...

Who Got The Keys - WST

January 13th, 2022

Would you let someone else be in charge of your house keys? How about the keys to the front door of your business? ...

2022 Security & Compliance Check List - WST

January 6th, 2022

Where did 2021 go? Happy New Year’s All! It is time to take a close look at your 2022 schedule to make sure the critical elements of your information security and compliance programs are mapped out...

Year-End BSA/AML Happenings - WST

December 27th, 2021

Just like Santa has had a busy month, so too have the financial regulators! During December, changes to the FFIEC BSA Examination Manual have been issued, a Notice of Proposed Rulemaking (NPRM) concerning beneficial ownership has been published, and a Request for Information has been posted seeking comments for changes to BSA regulations.....

Log4j vulnerability - WST

December 22nd, 2021

If you have been on the internet at any point in the last couple weeks, you have no doubt heard about the log4j (Log4Shell, CVE-2021-44228) vulnerability making waves through the consumer and enterprise environment. To help underscore the seriousness of the issue, note that.....

Building Blocks of a Business Impact Analysis - WST

December 16th, 2021

An organization’s Business Impact Analysis (BIA) is an important component of any Business Continuity Plan. A strong BIA allows an organization to effectively prioritize resources when designing your continuity structure, processes, and equipment. BIA development generally involves .....

Illicit Consent - WST

December 9th, 2021

Let’s face it, most of us click “accept” without thinking about it. We install software, and don’t read the EULA. We just click “Accept.” We install an app on our.....

Where to find training expectations in guidance - WST

December 2nd, 2021

This week’s WST was inspired by a client asking, “What information IT/Information Security training should we do?” The easy answer is that all institutions must perform annual information security awareness training. However, we went spelunking through.....

Anticipation and Thanksgiving - WST

November 24th, 2021

As an auditor, I am sometimes reminded, either directly or indirectly, that I am pessimistic, and have been described as “negative” at times. Well, yeah! Although I .....

Firewall Management - WST

November 18th, 2021

It’s always a good time for a refresher on some best practices and expectations for firewall management. Here are some concepts that should be observed while managing firewalls:......

Possible FedLine Assurance Attestation Extension - WST

November 12th, 2021

Did you run out of time to get your FedLine® Assurance Program attestation performed before the end of the year? Well, there may be some relief.......

Multi-Factor Authentication – Stronger Security, but Training is Key - WST

November 5th, 2021

Back in the good old days, Multi-Factor Authentication (MFA) seemed like a silver bullet. “If only we got MFA enabled on email/VPN/etc., we can stop worrying about that high-risk service!” The industry .......

Onsite Social Engineering: Up Close and Personal - WST

October 14th, 2021

Most everyone is aware of phishing, vishing, and other forms of electronic social engineering. It’s important to remember that social engineering can occur in-person as well. Responding appropriately in these situations can be an important part of an organization’s security stance.......

More Grim News from the Pandemic - WST

October 7th, 2021

According to a recent release from FinCEN, there has been a 147 percent increase in online child sexual exploitation (OCSE) between 2017 and 2020, including a 17 percent increase year-over-year in 2020. These......

Cybersecurity Awareness Month - WST

September 30th, 2021

Tomorrow is October and it’s Cybersecurity Awareness Month! For the 18th year, we’ll mark a national month to raise awareness about the importance of cybersecurity and how to be more ......

Weekly Security Tidbits - WST

September 23rd, 2021

Sometimes all the little things add up …. And such is the case for today’s Weekly Security Tip! Check out the following tidbits, Help Wanted, Cannabis Banking is One Step Closer to Being Legal, Padcast Anyone......

FinCEN National AML/CFT Priorities - WST

September 16th, 2021

On June 30, 2021, FinCEN, in consultation with other US Dept of the Treasury offices, relevant regulators, law enforcement, and national security agencies, released the first government-wide priorities for anti-money laundering and countering the financing of terrorism (AML/CFT) policy (the “Priorities”)......

The R Word - WST

September 9th, 2021

It’s always in the back of your mind. In 2021, it is on the news almost weekly. It’s no surprise there is a 185% jump in attacks in the first half of this year, as compared to the first half of 2020.....

CISA list of Bad Practices - WST

September 2nd, 2021

The Cybersecurity & Infrastructure Security Agency (CISA) released a statement on adding single-factor authentication to its list of bad practices that are exceptionally risky. See .....

Remember your Service Accounts - WST

August 26th, 2021

Most organizations have some type of onboarding/offboarding process they use when handling staff changes. When a new person joins the team, there’s a process for getting.....

Managed Service Provider Oversight - WST

August 19th, 2021

Many financial institutions outsource some or all of their Information Technology operations and management to third-party organizations, commonly known as.....

Managing Core User Access Risk - WST

August 12th, 2021

There is no question the core system is a high-risk adventure for every financial institution. This is why user access reviews have been an important part of managing this risk. The process of .....

IT Staff Augmentation - WST

August 5th, 2021

Are you keeping up on IT and Information Security work? Great! What if business is growing, and you’re starting to think “We are working a little too much to keep.....

Cloud Policy - WST

July 29th, 2021

Cloud services are nothing more than infrastructure, software, or platforms hosted outside your data centers. If you have anything – core applications, email, SIEM, mobile banking.....

Evacuation Plans and Non-Employees - WST

July 22nd, 2021

Undoubtedly, your institution has an evacuation plan that covers many scenarios, including but not limited to weather, active shooter, civil disturbance, and others. What do you.....

Overly Permissive Access - WST

July 14th, 2021

Recently, the United States Supreme Court issued a decision where all nine justices found in favor of former Georgia police sergeant Nathan Van Buren and levied an opinion affecting the Computer Fraud and Abuse Act of 1986.....

Cannabis Banking Series – Continued - Policy Framework - WST

July 8th, 2021

As more states legalize medical and/or recreational use of marijuana, your institution will need assistance to navigate the various aspects of cannabis-related businesses (CRBs). While still illegal at ....

Now Available: FFIEC Architecture, Infrastructure, and Operations Booklet - WST

July 1st, 2021

On Wednesday, June 30, the FFIEC released a significantly updated operations booklet called the Architecture, Infrastructure, and Operations Booklet . This new AIO Booklet replaces....

Mini-Series 5 of 5

The Best things to do with Microsoft 365 - Manage your email security - WST

June 24th, 2021

Here are some simple steps that can be taken to improve your security posture as it pertains to malware and email....

Mini-Series 4 of 5

The best things to do with Microsoft 365 – Other Security Controls - WST

June 17th, 2021

We continue our series on basic and helpful security tips for your Microsoft 365 instance. Keep in mind, some of these tips require 365 Business Premium or Enterprise subscriptions, and can be configured in multiple locations, including Conditional Access policies ...

Some Attention May Be required – WST

June 10th, 2021

Vulnerabilities affecting three widely-used platforms are demanding some attention in this week's WST...

Mini-Series 3 of 5

The Best things to do with Microsoft 365 – Privileged Accounts - WST

June 3rd, 2021

Cannabis Banking Risk Assessment - Tips from the 10-D Hotbox - WST

May 27th, 2021

MMFA is the single-most impactful thing you can do to improve the security posture of ANY application accessed by users. It doesn’t matter if it’s hosted internally, in the cloud, only accessible from your domain, or...

Mini-Series 2 of 5

The Best things to do with Microsoft 365 – Access and Authentication - WST

May 20th, 2021

Mini-Series 1 of 5

The Best things to do with Microsoft 365 – Microsoft Secure Score - WST

May 13th, 2021

Most small- to medium-sized institutions don’t have a full-time employee available to devote to Microsoft 365 administration and security. If you are the person spinning about...

Document Sharing Services - WST

May 6th, 2021

Financial institutions often have a requirement to receive documents from customers, including financial statements, tax documents, and other types of information critical...

Protect you Organization's Online Presence - WST

April 29th, 2021

Nearly all organizations maintain more than just a website when it comes to their online presence. Social media is a convenient, ubiquitous way for businesses to maintain and build a...

Cannabis Banking Series - Is Cannabis Right for Your Institution? - WST

April 22th, 2021

Another 4.20 has come and gone, and for many institutions it means another year of puffing and passing the cannabis can down the road. A short blurb in your policy stating...

Disaster Recovery Failback - WST

April 15th, 2021

Many financial institutions have developed extremely detailed disaster recovery (DR) / business continuity (BC) plans. Those plans normally...

BSA - Upcoming Changes and Challenges - WST

April 8th, 2021

As Americans we often see the United States as the constant leader on a global scale - be it in athletic competitions, industry, military strength, or just...

Workstations and DR Plans - WST

April 1st, 2021

You’ve just put the final touches on the latest revision to your corporate Disaster Recovery plan. You have made arrangements to...

Audit and Examination Tips - WST

March 25th, 2021

Here are some helpful tips for audit and examination preparation to hopefully make the process go smoother for your institution and...

Where’s Your Data? - WST

March 18th, 2021

Many organizations have opted to move some IT functions to the cloud. Sales management, off-site backups, document management, file sharing, and others are among...

Mozilla Firefox Monitor - WST

March 11th, 2021

With the number of breaches that seem to occur each year it can be difficult to keep track of where your data may have ...

Microsoft Exchange Server - Patch Now! - WST

March 4th, 2021

On Tuesday, March 2, 2021, Microsoft released out-of-band advisories detailing serious vulnerabilities in...

FedLine Security and Resiliency Assurance Program - WST

February 26th, 2021

Beginning 2021, institutions that utilize FedLine services (FedLine Web, FedLine Advantage, FedLine Command, and FedLine Direct) must conduct an...

Do you Overshare? - WST

February 18th, 2021

Have you ever been in the grocery store check-out line and heard the person in front of you recite their entire life history while they're checking...

Networks Need Vaccinations Too! - WST

February 11th, 2021

As we watch the first COVID-19 vaccinations roll out to those who need it most, it got this particular Security Engineer thinking about how vaccinations...

Ransomware - There's a Tool for That - WST

February 4th, 2021

In a previous WST, you may have noticed a bulleted item for a Ransomware Self-Assessment Tool (R SAT). Or you may not have. Regardless, it's...

The Scope of SARs - Something Old and Something New - WST

January 28th, 2021

Did you know that filing Suspicious Activity Reports, or SARs, is not limited to ...

In with the new year, out with the Flash - WST

January 20th, 2021

The writing has been on the wall for a while now regarding Adobe Flash Player, ...

Back to Basics: Understanding Risk Concepts - WST

January 15th, 2021

People often make judgements and decisions about risk. Modern technology environments are complex and pervasive ...

2021 Security & Compliance Checklist - WST

January 7th, 2021

Yep, another year has flown by and a new year is here. Now is a great time to take a close look at your 2021 schedule...

SolarWinds and the Big Hack - WST

December 17th, 2020

Well, hacking is certainly in the news this week! We initially resisted adding to the cacophony of news stories and email alerts flooding your inbox, ...

Cannabis-Banking: Movement on the Hill - WST

December 10th, 2020

While Congress may not be making much progress passing a second COVID stimulus relief bill, something historic did happen in Washington D.C. last Friday...

File Share Permissions - WST

November 6th, 2020

During our IT audits, we consistently find file shares containing sensitive information with poor access restrictions. Most of the time, the super sensitive...

Budge-IT - WST

October 8th, 2020

It’s October and for many that means it is budget time. Or, did you assume it will just be a part of IT’s budget? According...

Browser Password Storage Thoughts - WST

October 1st, 2020

Browser Password Storage Thoughts - WST There is some risk when allowing a user’s browser to remember passwords. If a bad actor gets access to a machine, they...

Fighting the Good Fight - WST

September 24th, 2020

Earlier this month, the Financial Crimes Enforcement Network (FinCEN) put out a cryptic statement regarding the unlawful disclosures of suspicious activity reports (SARs). According to FinCEN, various media outlets were intending to publish a series of articles based on...