Weekly Security Tips

WST Signup

WST Image

Onsite Social Engineering: Up Close and Personal - WST

October 14th, 2021

Most everyone is aware of phishing, vishing, and other forms of electronic social engineering. It’s important to remember that social engineering can occur in-person as well. Responding appropriately in these situations can be an important part of an organization’s security stance.......

Continue reading

More Grim News from the Pandemic - WST

October 7th, 2021

According to a recent release from FinCEN, there has been a 147 percent increase in online child sexual exploitation (OCSE) between 2017 and 2020, including a 17 percent increase year-over-year in 2020. These......

Continue reading

Cybersecurity Awareness Month - WST

September 30th, 2021

Tomorrow is October and it’s Cybersecurity Awareness Month! For the 18th year, we’ll mark a national month to raise awareness about the importance of cybersecurity and how to be more ......

Continue reading

Weekly Security Tidbits - WST

September 23rd, 2021

Sometimes all the little things add up …. And such is the case for today’s Weekly Security Tip! Check out the following tidbits, Help Wanted, Cannabis Banking is One Step Closer to Being Legal, Padcast Anyone......

Continue reading

FinCEN National AML/CFT Priorities - WST

September 16th, 2021

On June 30, 2021, FinCEN, in consultation with other US Dept of the Treasury offices, relevant regulators, law enforcement, and national security agencies, released the first government-wide priorities for anti-money laundering and countering the financing of terrorism (AML/CFT) policy (the “Priorities”)......

Continue reading

The R Word - WST

September 9th, 2021

It’s always in the back of your mind. In 2021, it is on the news almost weekly. It’s no surprise there is a 185% jump in attacks in the first half of this year, as compared to the first half of 2020.....

Continue reading

CISA list of Bad Practices - WST

September 2nd, 2021

The Cybersecurity & Infrastructure Security Agency (CISA) released a statement on adding single-factor authentication to its list of bad practices that are exceptionally risky. See .....

Continue reading

Remember your Service Accounts - WST

August 26th, 2021

Most organizations have some type of onboarding/offboarding process they use when handling staff changes. When a new person joins the team, there’s a process for getting.....

Continue reading

Managed Service Provider Oversight - WST

August 19th, 2021

Many financial institutions outsource some or all of their Information Technology operations and management to third-party organizations, commonly known as.....

Continue reading

Managing Core User Access Risk - WST

August 12th, 2021

There is no question the core system is a high-risk adventure for every financial institution. This is why user access reviews have been an important part of managing this risk. The process of .....

Continue reading

IT Staff Augmentation - WST

August 5th, 2021

Are you keeping up on IT and Information Security work? Great! What if business is growing, and you’re starting to think “We are working a little too much to keep.....

Continue reading

Cloud Policy - WST

July 29th, 2021

Cloud services are nothing more than infrastructure, software, or platforms hosted outside your data centers. If you have anything – core applications, email, SIEM, mobile banking.....

Continue reading

Evacuation Plans and Non-Employees - WST

July 22nd, 2021

Undoubtedly, your institution has an evacuation plan that covers many scenarios, including but not limited to weather, active shooter, civil disturbance, and others. What do you.....

Continue reading

Overly Permissive Access - WST

July 14th, 2021

Recently, the United States Supreme Court issued a decision where all nine justices found in favor of former Georgia police sergeant Nathan Van Buren and levied an opinion affecting the Computer Fraud and Abuse Act of 1986.....

Continue reading

Cannabis Banking Series – Continued - Policy Framework - WST

July 8th, 2021

As more states legalize medical and/or recreational use of marijuana, your institution will need assistance to navigate the various aspects of cannabis-related businesses (CRBs). While still illegal at ....

Continue reading

Now Available: FFIEC Architecture, Infrastructure, and Operations Booklet - WST

July 1st, 2021

On Wednesday, June 30, the FFIEC released a significantly updated operations booklet called the Architecture, Infrastructure, and Operations Booklet . This new AIO Booklet replaces....

Continue reading

Mini-Series 5 of 5

The Best things to do with Microsoft 365 - Manage your email security - WST

June 24th, 2021

Here are some simple steps that can be taken to improve your security posture as it pertains to malware and email....

Continue reading

Mini-Series 4 of 5

The best things to do with Microsoft 365 – Other Security Controls - WST

June 17th, 2021

We continue our series on basic and helpful security tips for your Microsoft 365 instance. Keep in mind, some of these tips require 365 Business Premium or Enterprise subscriptions, and can be configured in multiple locations, including Conditional Access policies ...

Continue reading

Some Attention May Be required – WST

June 10th, 2021

Vulnerabilities affecting three widely-used platforms are demanding some attention in this week's WST...

Continue reading

Mini-Series 3 of 5

The Best things to do with Microsoft 365 – Privileged Accounts - WST

June 3rd, 2021

We continue our series on basic and helpful security tips for your Microsoft 365 instance. Keep in mind, some of these tips require 365 Business Premium or Enterprise subscriptions, and can be configured in multiple locations, including ...

Continue reading

Cannabis Banking Risk Assessment - Tips from the 10-D Hotbox - WST

May 27th, 2021

MMFA is the single-most impactful thing you can do to improve the security posture of ANY application accessed by users. It doesn’t matter if it’s hosted internally, in the cloud, only accessible from your domain, or...

Continue reading

Mini-Series 2 of 5

The Best things to do with Microsoft 365 – Access and Authentication - WST

May 20th, 2021

MMFA is the single-most impactful thing you can do to improve the security posture of ANY application accessed by users. It doesn’t matter if it’s hosted internally, in the cloud, only accessible from your domain, or...

Continue reading

Mini-Series 1 of 5

The Best things to do with Microsoft 365 – Microsoft Secure Score - WST

May 13th, 2021

Most small- to medium-sized institutions don’t have a full-time employee available to devote to Microsoft 365 administration and security. If you are the person spinning about...

Continue reading

Document Sharing Services - WST

May 6th, 2021

Financial institutions often have a requirement to receive documents from customers, including financial statements, tax documents, and other types of information critical...

Continue reading

Protect you Organization's Online Presence - WST

April 29th, 2021

Nearly all organizations maintain more than just a website when it comes to their online presence. Social media is a convenient, ubiquitous way for businesses to maintain and build a...

Continue reading

Cannabis Banking Series - Is Cannabis Right for Your Institution? - WST

April 22th, 2021

Another 4.20 has come and gone, and for many institutions it means another year of puffing and passing the cannabis can down the road. A short blurb in your policy stating...

Continue reading

Disaster Recovery Failback - WST

April 15th, 2021

Many financial institutions have developed extremely detailed disaster recovery (DR) / business continuity (BC) plans. Those plans normally...

Continue reading

BSA - Upcoming Changes and Challenges - WST

April 8th, 2021

As Americans we often see the United States as the constant leader on a global scale - be it in athletic competitions, industry, military strength, or just...

Continue reading

Workstations and DR Plans - WST

April 1st, 2021

You’ve just put the final touches on the latest revision to your corporate Disaster Recovery plan. You have made arrangements to...

Continue reading

Audit and Examination Tips - WST

March 25th, 2021

Here are some helpful tips for audit and examination preparation to hopefully make the process go smoother for your institution and...

Continue reading

Where’s Your Data? - WST

March 18th, 2021

Many organizations have opted to move some IT functions to the cloud. Sales management, off-site backups, document management, file sharing, and others are among...

Continue reading

Mozilla Firefox Monitor - WST

March 11th, 2021

With the number of breaches that seem to occur each year it can be difficult to keep track of where your data may have ...

Continue reading

Microsoft Exchange Server - Patch Now! - WST

March 4th, 2021

On Tuesday, March 2, 2021, Microsoft released out-of-band advisories detailing serious vulnerabilities in...

Continue reading

FedLine Security and Resiliency Assurance Program - WST

February 26th, 2021

Beginning 2021, institutions that utilize FedLine services (FedLine Web, FedLine Advantage, FedLine Command, and FedLine Direct) must conduct an...

Continue reading

Do you Overshare? - WST

February 18th, 2021

Have you ever been in the grocery store check-out line and heard the person in front of you recite their entire life history while they're checking...

Continue reading

Networks Need Vaccinations Too! - WST

February 11th, 2021

As we watch the first COVID-19 vaccinations roll out to those who need it most, it got this particular Security Engineer thinking about how vaccinations...

Continue reading

Ransomware - There's a Tool for That - WST

February 4th, 2021

In a previous WST, you may have noticed a bulleted item for a Ransomware Self-Assessment Tool (R SAT). Or you may not have. Regardless, it's...

Continue reading

The Scope of SARs - Something Old and Something New - WST

January 28th, 2021

Did you know that filing Suspicious Activity Reports, or SARs, is not limited to ...

Continue reading

In with the new year, out with the Flash - WST

January 20th, 2021

The writing has been on the wall for a while now regarding Adobe Flash Player, ...

Continue reading

Back to Basics: Understanding Risk Concepts - WST

January 15th, 2021

People often make judgements and decisions about risk. Modern technology environments are complex and pervasive ...

Continue reading

2021 Security & Compliance Checklist - WST

January 7th, 2021

Yep, another year has flown by and a new year is here. Now is a great time to take a close look at your 2021 schedule...

Continue reading

SolarWinds and the Big Hack - WST

December 17th, 2020

Well, hacking is certainly in the news this week! We initially resisted adding to the cacophony of news stories and email alerts flooding your inbox, ...

Continue reading

Cannabis-Banking: Movement on the Hill - WST

December 10th, 2020

While Congress may not be making much progress passing a second COVID stimulus relief bill, something historic did happen in Washington D.C. last Friday...

Continue reading

File Share Permissions - WST

November 6th, 2020

During our IT audits, we consistently find file shares containing sensitive information with poor access restrictions. Most of the time, the super sensitive...

Continue reading

Budge-IT - WST

October 8th, 2020

It’s October and for many that means it is budget time. Or, did you assume it will just be a part of IT’s budget? According...

Continue reading

Browser Password Storage Thoughts - WST

October 1st, 2020

Browser Password Storage Thoughts - WST There is some risk when allowing a user’s browser to remember passwords. If a bad actor gets access to a machine, they...

Continue reading

Fighting the Good Fight - WST

September 24th, 2020

Earlier this month, the Financial Crimes Enforcement Network (FinCEN) put out a cryptic statement regarding the unlawful disclosures of suspicious activity reports (SARs). According to FinCEN, various media outlets were intending to publish a series of articles based on...

Continue reading

IT Asset Management-Secure your environment and save money too! - WST

September 17th, 2020

Do you keep an accurate and up-to-date inventory of your IT assets? If not, you may be wasting money and decreasing your overall IT security posture. One of the most important aspects of managing your IT environment is...

Continue reading

Increase in Cybercrime During COVID-19 - WST

September 3rd, 2020

As the pandemic continues to rage on, we’ve discovered some of the hardest working people during this time are fraudsters and scammers who never seem to be impacted by high unemployment rates. According to a recent FinCEN Advisory...

Continue reading

Don’t Let OneDrive Mess up your Vulnerability Scan! - WST

September 3rd, 2020

Recently, many of our clients have had significant increases in the number of vulnerabilities found during their Internal Vulnerability Scans. One of the primary reasons for this is...

Continue reading

Don’t Suffer from Alert Fatigue – WST

August 20th, 2020

We live in a busy, and often stressful world. With most of us carrying around at least one always-connected device, we...

Continue reading


August 7th, 2020

Much like the contested area that separates two foreign powers that do not trust each other, a network DMZ is a place where you...

Continue reading

Adobe Flash is almost done - WST

July 28th, 2020

Adobe will stop distributing and updating Flash Player after December 31, 2020. We shouldn’t be surprised by this...

Continue reading

Don't Let Urgency Lead to Insecurity, Part 2 - WST

April 29th, 2020

We wanted to expand on our WST about securing remote access from a few weeks ago with some additional...

Continue reading

Keep Yourself from being Roasted - WST

April 9th, 2020

First an attacker must use the initial user account they compromised to scan Active Directory for accounts with a SPN (Service Principal ...

Continue reading

Complaint Management Programs - More Important Now Than Ever -WST

April 7th, 2020

Chances are that a Consumer Complaint Management Program review has become a key part of your most recent ...

Continue reading

Don't Let Urgency Lead to Insecurity-WST

March 31st, 2020

Across the country, institutions are finding themselves dusting off almost forgotten pandemic plans and quickly trying to adjust to new...

Continue reading

Attackers are Opportunistic,  Keep New Remote Users Safe - WST

March 19th, 2020

As institutions and companies around the world scramble to support a new or enlarged remote workforce, we are already seeing attackers...

Continue reading

COVID-19 Is your Pandemic Plan ready? - WST

February 28th, 2020

You already have a rock-solid pandemic plan, right? Of course you do. But given the current coronavirus (COVID-19) news, it...

Continue reading

We Accept the Risk - WST

February 20th, 2020

Risk. The hot potato of any organization. There are so many options of what to do with a risk potato once it's ...

Continue reading

Infosec Blocking and Tackling - Vulnerability Management - WST

February 20th, 2020

Vulnerability management! Now there is a sexy subject. Managing the various vulnerabilities in your environment (which is generally a lot ...

Continue reading

Upgrading 2008 R2 Domain Controllers - WST

June 27th, 2019

With Microsoft ending support for Windows Server 2008 R2 on January 14, 2020, related anxiety-induced reluctance and procrastination are completely understandable ...

Continue reading

Keep your institution off the evening news.

Contact Us