Weekly Security Tips

WST Signup

WST Image

Ransomware Self-Assessment Tool Version 2

January 26, 2024

The Conference of State Bank Supervisors (CSBS) recently released the Ransomware Self-Assessment Tool version

Continue reading

Zero-days Are Becoming More Zero

January 11, 2024

Zero-day vulnerabilities are vulnerabilities for which no patch is yet available and therefore the hardware or

Continue reading

File Share "Surfing

January 5, 2024

Regularly “surfing” through file shares with an account that has the least privilege can be an eye-opening exercise

Continue reading

Local Administrators

December 27, 2023

It’s daunting to have to secure all the layers of your network and devices, and an important measure toward your

Continue reading

Windows Hello for Business - Ready for Primetime?

December 21, 2023

We recently had a client ask us if Microsoft Windows Hello for Business (WHFB) is a good replacement for

Continue reading

WordPress Vulnerability Fix

December 15, 2023

If your organization is one of the millions that uses WordPress for hosting its websites, take heed to a

Continue reading

Citrix Bleed Exploitation - Be Proactive to Help Shield Your Organization From Attacks

December 8, 2023

We want to draw your attention to the recent ransomware attack on a third-party IT service provider

Continue reading

Microsoft Automatically Deploying MFA Policies

30, 2023

Microsoft has started automatically deploying Microsoft-managed conditional access policies that may impact

Continue reading

Citrix Bleed Vulnerability

November 2, 2023

Citrix NetScaler ADC and NetScaler Gateway products have been in the news recently regarding a critical

Continue reading

Cybersecurity Awareness Month

October 12, 2023

In an effort to support Cybersecurity Awareness Month, 10-D Security has developed a quick, online training called, “Spot the Phish”....

Continue reading

Wanted: Information Security Officer

October 6, 2023

Looking for a new Information Security Officer? What skill sets should be considered? As information security professionals, we are often asked by our clients about the basic skill sets to look for when hiring a new....

Continue reading

Here Comes Passkeys!

September 29, 2023

The next version of Windows 11 (23H2) due October 2023 adds support for passkeys. Google also added passkey support for Google accounts back in May of this year and many popular websites allow you to utilize this feature as well. So, what are passkeys?....

Continue reading

Security Incident Notification Rule and Service Providers

September 21, 2023

Back in November of 2021, the OCC, FRB, and FDIC jointly issued a final rule requiring banking organizations to notify their respective regulators within 36 hours of a declared computer-security incident....

Continue reading

Pig Butchering – What to Know About this Virtual Currency Scam & FinCEN Alert FIN-2023-Alert005

September 14, 2023

The Financial Crimes Enforcement Network (FinCEN), on September 8, 2023, issued a critical alert (FIN-2023-Alert005) regarding a prevalent virtual currency investment scam known as "Pig Butchering". This alert serves as a warning....

Continue reading

Standard Password Complexity Rules Just Don’t Cut It Anymore

September 7, 2023

Microsoft Active Directory has had password complexity requirements built-in for a long time. Most administrators are familiar with the standard settings. You can set a minimum length....

Continue reading


August 31, 2023

At 10-D, we appreciate you, our clients! We truly enjoy working with you and our partnership. To share some of the reasons we appreciate all of you....

Continue reading

Everybody is talking about disclosure rules…

August 24, 2023

Ok, maybe not everybody, but the SEC and NCUA have been! The SEC recently adopted rules for disclosure ....

Continue reading

Cloud Solutions – Vendor Management to Security Management

August 17, 2023

Proper due diligence of your vendors is an important part of your information security program. When one of your vendors is also a cloud....

Continue reading

The Next Best Seller? FFIEC BSA Exam Manual Updates

August 10, 2023

It’s been a hot minute, but last week the FFIEC rolled out updates to BSA/AML Examination Manual. For those playing at home....

Continue reading

MFA Notification Fatigue Attacks

August 3, 2023

I can still recall my first horror movie starring a werewolf. The bad news was that a scary monster was coming. The good news, there was a way to definitively stop it....

Continue reading

Cybersafe Travel

July 27, 2023

Whether you are traveling for business or going on vacation, information security should always be part of the itinerary. Here are several tips to ensure you....

Continue reading

IT Asset Management – It helps secure your environment and saves you money!

July 13, 2023

We’re going to revisit something we sent out a few years back, because it’s good to periodically reinforce the (sometimes boring) fundamentals, such as asset managementy....

Continue reading


July 6, 2023

As enforced by guidance and in some cases regulation, the expectation exists that institutions follow the CIA triad of “confidentiality, integrity, and availability....

Continue reading

The Rockets' Red Glare

June 29, 2023

10-D hopes you have an awesome 4th of July! Enjoy your time with family and friends, take in a parade, chow on some BBQ and strawberry shortcake....

Continue reading

Have your findings been remediated appropriately?

June 15, 2023

Over the past several months, we have received an increasing number of requests to review the remediation of the findings from our audits and assessments....

Continue reading

Security Toolbox: Steganography

June 8, 2023

Steganography, simply put, is the art of hiding information within an object. That object could be a picture....

Continue reading

Importance of Disabling Legacy Applications Such as Internet Explorer

June 1, 2023

"Legacy” applications are products that are no longer being supported and therefore are not releasing any updates. When an application....

Continue reading

To Reopen or Not to Reopen, That is the Question!

May 25, 2023

It may have been a long time since any of us read Hamlet in high school English class, but the line, “To be or not to be”, remains one of the most quoted from all of William Shakespeare’s plays....

Continue reading

Microsoft 365 Security Review Observations

May 11, 2023

Here are a few items of note that keep popping up in Microsoft 365 Security Assessments with our clients....

Continue reading

The New Era of "Disclosing Isn't Enough"

May 4, 2023

By now, perhaps you have read the FDIC FIL-19-2023 and OCC Bulletin 2023-12 both dated April 26, 2023, addressing “authorize positive, settle negative” (APSN) transactions and representment fees....

Continue reading

Backup versus Archive – What’s the difference?

April 27, 2023

You’re doing periodic backups of all your critical data and systems. Those backup data sets have a defined retention period, which means data will not be available after the expiration date of the backup set....

Continue reading

Its 4/20 - Still Dazed and Confused?

April 20, 2023

It’s 4/20 and our certified cannabis banking professional (CCBP) auditors love to use this day to refresh everyone on how the marijuana landscape has changed....

Continue reading

Are You Changing Your Backup Tool Set?

April 13, 2023

Backup and recovery software for Windows infrastructure has significantly evolved over the last number of years. Occasionally, you may have a need to....

Continue reading

Come On Now... Tell the Truth

April 6, 2023

Remember that game show “To Tell the Truth”? Three contestants all claim to be the same person – one is telling the truth but the other two are imposters? Then a panel had to guess who was really telling....

Continue reading

It's Like Déjà Vu All Over Again

March 23, 2023

Yogi Berra was probably more well known for his nonsensical expressions than his play on the baseball field – but who doesn’t like a good Yogi-ism? I mean, if anyone know what the feeling....

Continue reading

A Non-Technical Look at Patch Management (Part 2 of 2)

March 16, 2023

This is the second part of a 2 part series on understanding patch management and vulnerability scan results. Last week, we looked at the complexity of patch management....

Continue reading

A Non-Technical Look at Patch Management (Part 1 of 2)

March 9, 2023

At 10-D Security, we perform a lot of vulnerability scans. An internal vulnerability scan is an essential part of helping our clients identify if their patch management (or vulnerability management) process is working. The resulting reports are detailed, technical, and have a lot of numbers....

Continue reading

Cyber Incidents and the NCUA - WST

February 23, 2023

Effective September 1, 2023, federally insured credit unions must notify the NCUA within 72 hours, after it reasonably believes that a reportable cyber incident has occurred....

Continue reading

OCC Issues Revisions to Fair Lending Booklet - WST

February 16, 2023

On January 12, 2023, the OCC released revisions to the “Fair Lending” booklet of the Comptrollers Handbook....

Continue reading

Sweet Relief: OCC Announces Changes to HMDA Data Reporting Requirements/Examination Practices - WST

February 9, 2023

On February 1st, the OCC issued a bulletin (2023-5) to inform affected banks and OCC agency examining personnel that the loan origination threshold for reporting HMDA data....

Continue reading

Think before you click... - WST

February 2, 2023

Phishing emails are becoming more realistic, and it is important to know what to look for and to be on the lookout. Certain things to review in emails to confirm legitimacy can be....

Continue reading

Lock It Down! - WST

January 26, 2023

Whether it’s our homes, our cars, or our bicycles, we know if we truly want to keep our valuables, we need to lock them up. Leaving ourselves exposed may not always lead to problems....

Continue reading

Password Managers and the LastPass Breach - WST

January 19, 2023

Keeping track of your various passwords these days is nothing to scoff at. The ubiquitous solution to password generation and storage has been password managers where you only need to remember a single, complex password....

Continue reading

In This Economy?? - WST

January 12, 2023

Just as inflation has changed many things for all of us in the last year, we see that even regulations are not immune to adjustments due to changes in the Consumer Price Index. The following changes....

Continue reading

The Infamous Excel Password File - WST

January 5, 2023

If you’ve been in the IT world as long as we have, you will remember a time when storing passwords in an Excel spreadsheet was not only the norm, but also considered relatively safe when combined with NTFS....

Continue reading

Identity Management – Know Your Environment, Know your Users - WST

December 28, 2022

Managing and supporting all the identities used by an organization is often a daunting task, but it is critical to understand and control all the various accounts in your....

Continue reading

Critical Patch Available for FortiGate Firewalls - WST

December 12, 2022

Fortinet just published details of a vulnerability that could allow remote code execution by an attacker (without any authentication) through FortiGate firewalls that have....

Continue reading

Add-ins and Consent - WST

December 7, 2022

Continued advancement of programming knowledge is making it easier for just about anyone capable of understanding a programming language at a basic level to create applications. This includes add-ins meant to enhance....

Continue reading

Vendor Management - A Key Component in Risk Management - WST

December 1, 2022

When it comes to your Information Security Program (ISP), you own it! However, not everything in your ISP is within your direct control. That is why good vendor management....

Continue reading

I Can Pillage Your Castle Without Climbing the Walls - WST

November 17, 2022

One trend we have noticed in our Penetration Tests is the difficulty of getting a presence on internal networks has gone up over the past few years. Many organizations have implemented....

Continue reading

Junk Fees - The Newest Catch Phrase - WST

November 10, 2022

Over the past few months, more headlines are circulating, and consumer protection groups are speaking out against the assessment of fees that confuse or deceive consumers or take advantage of a situation – aka “junk fees”....

Continue reading

OCC News - Office of Financial Technology - WST

November 3, 2022

The OCC announced last week that it is launching a new Office of Financial Technology in early 2023. With the rapid expansion in the technology space....

Continue reading

Do you really think it's a good idea to post that? - WST

October 27, 2022

We know as an Information Security Officer you can’t be there at the moment when someone from your organization is making a decision that could impact the safety and security of your data....

Continue reading

New Update – FFIEC’s Cybersecurity Resource Guide for Financial Institutions - WST

October 20, 2022

Ransomware is an ever-growing concern for all organizations, and likely isn’t going away any time soon....

Continue reading

End of General Support: VMware ESXi 6.5 & 6.7 - WST

October 13, 2022

VMware will end extended support for VMware ESXi versions 6.5 and 6.7, on Saturday, October 15, 2022. More information on this end of support is available at...

Continue reading

Two New Zero-Day Vulnerabilities Affecting On-Premises Microsoft Exchange Server - WST

October 5, 2022

On September 29, 2022, Microsoft reported investigating two zero-day vulnerabilities impacting Microsoft Exchange 2013, 2016, and 2019. Microsoft is reporting attacks...

Continue reading

Disaster Preparedness - Helping Your Customers Prepare, Recover, and Rebuild - WST

Sept 28, 2022

In the span of less than 2 weeks, the US will deal with two significant hurricanes causing substantial destruction and even more anxiety about recovering. Much of 10-D’s staff have...

Continue reading

It's Not Just GLBA Any More - WST

Sept 22, 2022

On August 11, 2022, the Consumer Financial Protection Bureau released Consumer Financial Protection Circular 2022 – 04 titled “Insufficient Data Protection or Security for Sensitive Consumer Information”...

Continue reading

What's an Immutable Backup? - WST

Sept 14, 2022

Ransomware resiliency is still top of mind because attackers are getting better at their game. Once access is gained into a network...

Continue reading

System Administration: Inheriting Legacy Systems - WST

Sept 8, 2022

Many of us who have worked as system administrators have had the privilege of inheriting established systems that have been in service for many years...

Continue reading

Microsoft 365: Deprecating Basic Authentication in Exchange Online - WST

Sept 1, 2022

If you are administering Microsoft 365 and Exchange Online for your organization, you may remember that Microsoft announced in September 2021 that they are deprecating support...

Continue reading

Zero-Day Chrome Vulnerability No. 5 for 2022 - WST

August 18, 2022

The fifth Google Chrome zero-day vulnerability of 2022 has been disclosed. Automatic update patches are being pushed out in stages, but anyone can manually update now...

Continue reading

Sign, Sign, Everywhere A Sign - WST

August 11, 2022

Blockin’ out the scenery, breakin’ my mind. Do this, don’t do that – Can’t you read the sign?...

Continue reading

Don't Post That Pic! - WST

August 4, 2022

A little advice on oversharing sensitive personal information this week....

Continue reading

Train your employees how to be mean...(it's not what you think!) - WST

July 14, 2022

Overall, most people are friendly by nature, and it’s socially awkward to NOT hold the door open for someone. Unfortunately, bad actors know this....

Continue reading

Change Control - The Whys and the Whats - WST

July 7, 2022

Change Management is the process of managing the integrity, and availability of your IT environment (e.g., hardware, software, firmware) when modifications are introduced....

Continue reading

Top 8 ways to have a safe and happy Independence Day! - WST

June 30, 2022

While you are out enjoying your 4th of July holiday, here are a few tips to keep in mind....

Continue reading

Elder Financial Exploitation - WST

June 23, 2022

Sadly, we’ve all seen, heard, or read articles regarding the proliferation of scams during the past two years. I would venture to guess that most of you are like me....

Continue reading

Memory Lane - WST

June 16, 2022

As 10-D is approaching our 18th year and it has fallen to me to write the WST this week....

Continue reading

Avatar and Flood Insurance Compliance – Two Types of Blues - WST

June 9, 2022

In mid-May 2022, five regulatory agencies jointly issued revised Q&As regarding federal flood insurance laws and implementing regulations....

Continue reading

New Zero-Day Vulnerability Affecting Microsoft Products - WST

June 2, 2022

On May 30, Microsoft reported a zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT)....

Continue reading

Are You Still On Track? - WST

May 26, 2022

Can you believe it, we are almost halfway through 2022! By now you should have most all your compliance/security assessments, audits, and reviews scheduled for the year....

Continue reading

Do Your Backups Match Your Expectations? - WST

May 19, 2022

A previous WST described what a business impact analysis (BIA) is and how it’s a key component of your business continuity program and disaster recovery....

Continue reading

Are You Sure That Laptop is Secured? - WST

May 12, 2022

One of the many areas we look at when conducting an IT audit is the security of portable devices, including laptops. With the proliferation of laptops that are now enabling so many remote workers....

Continue reading

Risk Assessments vs. Audit - WST

May 5, 2022

From time to time, we are asked “Why do we need to do a risk assessment? Isn’t that the same as an audit?” Since the terms are sometimes used interchangeably, we thought we’d talk through these foundational concepts....

Continue reading

Security Exception Tracking - WST

April 28th, 2022

In even the most rigorously managed networks or systems, there’s always some exception to security policies that must be allowed at some point. Maybe it’s a critical operational need, maybe it’s a temporary issue during a big rollout, maybe something new has cropped up and the rules need to be bent for little bit to keep the wheels rolling…it happens....

Continue reading

Pandemic Planning in the Endemic State - WST

April 21st, 2022

I believe we can all agree that nothing prepares us more than having to deal with a Business Continuity Management event than an actual event. We can always derive better plans through results from testing and actual events. President Dwight D. Eisenhower’s take was: “[I] have always found that plans are useless, but planning is indispensable.” At the very least, having a plan gives us a jumping off point....

Continue reading

Pen Testing Guide - WST

April 14th, 2022

We regularly field questions about testing methodology and examiner expectations. And while some of our answers can be very specific to your network and institution, the foundational concepts carry through to all...

Continue reading

Moving Patch Management to the Front Burner - WST

April 6th, 2022

As tensions mount in Europe, our clients have reached out for advice on how to counter the possibility of foreign attacks. A few weeks ago, we released helpful tips related to strengthening security fundamentals, https://10dsecurity.com/wst/cybersecurity-fundamentals.html. As we continue to bolster our defenses, now is a great time to schedule any delinquent patch management across your environment. Patching efforts should include...

Continue reading

Spring Cleaning: Digital Dust Bunnies - WST

March 31st, 2022

Spring has officially sprung! If you are like us, you are swapping out closets with lighter clothing, and beginning an annual “spring cleaning” of the home. But why stop there at the house? What about peeking into your virtual closets to see if there are digital dust bunnies ready to be swept away? If it has...

Continue reading

Lock the Doors! Understanding and Securing Your Systems - WST

March 24th, 2022

Government agencies continue to warn of potential cyberattacks targeting US entities related to the ongoing conflict in Ukraine. Just this week, President Biden and the Cybersecurity & Infrastructure Security Agency (CISA) warned...

Continue reading

Tough Love, Scared Straight - WST

March 17th, 2022

This week we have a blog post where Mike Smith supplies some tough love and straight talk on securing Microsoft 365, and why it’s important to enable multi-factor authentication and disable insecure protocols that don’t support it...

Continue reading

Red Flags on Potential Russian Sanctions Evasion Attempts - WST

March 10th, 2022

On March 7, 2022, FinCEN issued an alert advising all financial institutions to be vigilant against potential efforts to evade U.S. imposed sanctions and restrictions implemented in connection with the Russian Federation’s invasion of Ukraine. The Office of Foreign Assets Control has...

Continue reading

Protecting Non-Public Personal Information - WST

March 3rd, 2022

Back in 1999, when Michael Jordan was enjoying his second retirement and everyone was freaking out about Y2K, Congress passed the Gramm-Leach-Bliley Act (GLBA), which ensured the safeguarding of consumer non-public personal information (NPI). The GLBA dictates what...

Continue reading

DirSync, AD Sync, Azure AD Connect - WST

February 24th, 2022

Here at 10-D Security, we are constantly updating our Microsoft Security Review services to keep up with changes that Microsoft makes to everything from the placement of configuration controls in administrative consoles to...

Continue reading

Wanted: Information Security Officer - WST

February 17th, 2022

Looking for a new Information Security Officer? What skill sets should be considered? As information security professionals, we are often asked by our clients about...

Continue reading

Backups and Testing Backups - WST

February 10th, 2022

We hope everyone is enjoying the new year so far and wish everyone well in their endeavors for the remainder of 2022. Here’s a friendly note on the subject of backups. It is the guidance and typically the examiner’s expectation that ...

Continue reading

Cybersecurity Fundamentals - WST

Feruary 3rd, 2022

With the growing geopolitical instability in the world today, now would be a great time to review security fundamentals. If you are looking for ways to sharpen the tools in your cyber defense toolbox, here is a list of suggestions...

Continue reading

Make your passwords stronger with a simple trick! - WST

January 27th, 2022

Last week, we mentioned the dangers of reusing passwords across multiple services. Now, we would like to tell you how you can make your passwords stronger to prevent...

Continue reading

Reusing passwords is (always) a very bad idea! - WST

January 20th, 2022

Since high profile breaches involving user credentials (usernames and passwords) continue to occur, we thought we’d revisit what the bad actors do with this information, provide ways you can help protect yourself, and point you to a tool that alerts if your email address has been included in a breach...

Continue reading

Who Got The Keys - WST

January 13th, 2022

Would you let someone else be in charge of your house keys? How about the keys to the front door of your business? ...

Continue reading

2022 Security & Compliance Check List - WST

January 6th, 2022

Where did 2021 go? Happy New Year’s All! It is time to take a close look at your 2022 schedule to make sure the critical elements of your information security and compliance programs are mapped out...

Continue reading

Year-End BSA/AML Happenings - WST

December 27th, 2021

Just like Santa has had a busy month, so too have the financial regulators! During December, changes to the FFIEC BSA Examination Manual have been issued, a Notice of Proposed Rulemaking (NPRM) concerning beneficial ownership has been published, and a Request for Information has been posted seeking comments for changes to BSA regulations.....

Continue reading

Log4j vulnerability - WST

December 22nd, 2021

If you have been on the internet at any point in the last couple weeks, you have no doubt heard about the log4j (Log4Shell, CVE-2021-44228) vulnerability making waves through the consumer and enterprise environment. To help underscore the seriousness of the issue, note that.....

Continue reading

Building Blocks of a Business Impact Analysis - WST

December 16th, 2021

An organization’s Business Impact Analysis (BIA) is an important component of any Business Continuity Plan. A strong BIA allows an organization to effectively prioritize resources when designing your continuity structure, processes, and equipment. BIA development generally involves .....

Continue reading

Illicit Consent - WST

December 9th, 2021

Let’s face it, most of us click “accept” without thinking about it. We install software, and don’t read the EULA. We just click “Accept.” We install an app on our.....

Continue reading

Where to find training expectations in guidance - WST

December 2nd, 2021

This week’s WST was inspired by a client asking, “What information IT/Information Security training should we do?” The easy answer is that all institutions must perform annual information security awareness training. However, we went spelunking through.....

Continue reading

Anticipation and Thanksgiving - WST

November 24th, 2021

As an auditor, I am sometimes reminded, either directly or indirectly, that I am pessimistic, and have been described as “negative” at times. Well, yeah! Although I .....

Continue reading

Firewall Management - WST

November 18th, 2021

It’s always a good time for a refresher on some best practices and expectations for firewall management. Here are some concepts that should be observed while managing firewalls:......

Continue reading

Possible FedLine Assurance Attestation Extension - WST

November 12th, 2021

Did you run out of time to get your FedLine® Assurance Program attestation performed before the end of the year? Well, there may be some relief.......

Continue reading

Multi-Factor Authentication – Stronger Security, but Training is Key - WST

November 5th, 2021

Back in the good old days, Multi-Factor Authentication (MFA) seemed like a silver bullet. “If only we got MFA enabled on email/VPN/etc., we can stop worrying about that high-risk service!” The industry .......

Continue reading

Onsite Social Engineering: Up Close and Personal - WST

October 14th, 2021

Most everyone is aware of phishing, vishing, and other forms of electronic social engineering. It’s important to remember that social engineering can occur in-person as well. Responding appropriately in these situations can be an important part of an organization’s security stance.......

Continue reading

More Grim News from the Pandemic - WST

October 7th, 2021

According to a recent release from FinCEN, there has been a 147 percent increase in online child sexual exploitation (OCSE) between 2017 and 2020, including a 17 percent increase year-over-year in 2020. These......

Continue reading

Cybersecurity Awareness Month - WST

September 30th, 2021

Tomorrow is October and it’s Cybersecurity Awareness Month! For the 18th year, we’ll mark a national month to raise awareness about the importance of cybersecurity and how to be more ......

Continue reading

Weekly Security Tidbits - WST

September 23rd, 2021

Sometimes all the little things add up …. And such is the case for today’s Weekly Security Tip! Check out the following tidbits, Help Wanted, Cannabis Banking is One Step Closer to Being Legal, Padcast Anyone......

Continue reading

FinCEN National AML/CFT Priorities - WST

September 16th, 2021

On June 30, 2021, FinCEN, in consultation with other US Dept of the Treasury offices, relevant regulators, law enforcement, and national security agencies, released the first government-wide priorities for anti-money laundering and countering the financing of terrorism (AML/CFT) policy (the “Priorities”)......

Continue reading

The R Word - WST

September 9th, 2021

It’s always in the back of your mind. In 2021, it is on the news almost weekly. It’s no surprise there is a 185% jump in attacks in the first half of this year, as compared to the first half of 2020.....

Continue reading

CISA list of Bad Practices - WST

September 2nd, 2021

The Cybersecurity & Infrastructure Security Agency (CISA) released a statement on adding single-factor authentication to its list of bad practices that are exceptionally risky. See .....

Continue reading

Remember your Service Accounts - WST

August 26th, 2021

Most organizations have some type of onboarding/offboarding process they use when handling staff changes. When a new person joins the team, there’s a process for getting.....

Continue reading

Managed Service Provider Oversight - WST

August 19th, 2021

Many financial institutions outsource some or all of their Information Technology operations and management to third-party organizations, commonly known as.....

Continue reading

Managing Core User Access Risk - WST

August 12th, 2021

There is no question the core system is a high-risk adventure for every financial institution. This is why user access reviews have been an important part of managing this risk. The process of .....

Continue reading

IT Staff Augmentation - WST

August 5th, 2021

Are you keeping up on IT and Information Security work? Great! What if business is growing, and you’re starting to think “We are working a little too much to keep.....

Continue reading

Cloud Policy - WST

July 29th, 2021

Cloud services are nothing more than infrastructure, software, or platforms hosted outside your data centers. If you have anything – core applications, email, SIEM, mobile banking.....

Continue reading

Evacuation Plans and Non-Employees - WST

July 22nd, 2021

Undoubtedly, your institution has an evacuation plan that covers many scenarios, including but not limited to weather, active shooter, civil disturbance, and others. What do you.....

Continue reading

Overly Permissive Access - WST

July 14th, 2021

Recently, the United States Supreme Court issued a decision where all nine justices found in favor of former Georgia police sergeant Nathan Van Buren and levied an opinion affecting the Computer Fraud and Abuse Act of 1986.....

Continue reading

Cannabis Banking Series – Continued - Policy Framework - WST

July 8th, 2021

As more states legalize medical and/or recreational use of marijuana, your institution will need assistance to navigate the various aspects of cannabis-related businesses (CRBs). While still illegal at ....

Continue reading

Now Available: FFIEC Architecture, Infrastructure, and Operations Booklet - WST

July 1st, 2021

On Wednesday, June 30, the FFIEC released a significantly updated operations booklet called the Architecture, Infrastructure, and Operations Booklet . This new AIO Booklet replaces....

Continue reading

Mini-Series 5 of 5

The Best things to do with Microsoft 365 - Manage your email security - WST

June 24th, 2021

Here are some simple steps that can be taken to improve your security posture as it pertains to malware and email....

Continue reading

Mini-Series 4 of 5

The best things to do with Microsoft 365 – Other Security Controls - WST

June 17th, 2021

We continue our series on basic and helpful security tips for your Microsoft 365 instance. Keep in mind, some of these tips require 365 Business Premium or Enterprise subscriptions, and can be configured in multiple locations, including Conditional Access policies ...

Continue reading

Some Attention May Be required – WST

June 10th, 2021

Vulnerabilities affecting three widely-used platforms are demanding some attention in this week's WST...

Continue reading

Mini-Series 3 of 5

The Best things to do with Microsoft 365 – Privileged Accounts - WST

June 3rd, 2021

We continue our series on basic and helpful security tips for your Microsoft 365 instance. Keep in mind, some of these tips require 365 Business Premium or Enterprise subscriptions, and can be configured in multiple locations, including ...

Continue reading

Cannabis Banking Risk Assessment - Tips from the 10-D Hotbox - WST

May 27th, 2021

MMFA is the single-most impactful thing you can do to improve the security posture of ANY application accessed by users. It doesn’t matter if it’s hosted internally, in the cloud, only accessible from your domain, or...

Continue reading

Mini-Series 2 of 5

The Best things to do with Microsoft 365 – Access and Authentication - WST

May 20th, 2021

MMFA is the single-most impactful thing you can do to improve the security posture of ANY application accessed by users. It doesn’t matter if it’s hosted internally, in the cloud, only accessible from your domain, or...

Continue reading

Mini-Series 1 of 5

The Best things to do with Microsoft 365 – Microsoft Secure Score - WST

May 13th, 2021

Most small- to medium-sized institutions don’t have a full-time employee available to devote to Microsoft 365 administration and security. If you are the person spinning about...

Continue reading

Document Sharing Services - WST

May 6th, 2021

Financial institutions often have a requirement to receive documents from customers, including financial statements, tax documents, and other types of information critical...

Continue reading

Protect you Organization's Online Presence - WST

April 29th, 2021

Nearly all organizations maintain more than just a website when it comes to their online presence. Social media is a convenient, ubiquitous way for businesses to maintain and build a...

Continue reading

Cannabis Banking Series - Is Cannabis Right for Your Institution? - WST

April 22th, 2021

Another 4.20 has come and gone, and for many institutions it means another year of puffing and passing the cannabis can down the road. A short blurb in your policy stating...

Continue reading

Disaster Recovery Failback - WST

April 15th, 2021

Many financial institutions have developed extremely detailed disaster recovery (DR) / business continuity (BC) plans. Those plans normally...

Continue reading

BSA - Upcoming Changes and Challenges - WST

April 8th, 2021

As Americans we often see the United States as the constant leader on a global scale - be it in athletic competitions, industry, military strength, or just...

Continue reading

Workstations and DR Plans - WST

April 1st, 2021

You’ve just put the final touches on the latest revision to your corporate Disaster Recovery plan. You have made arrangements to...

Continue reading

Audit and Examination Tips - WST

March 25th, 2021

Here are some helpful tips for audit and examination preparation to hopefully make the process go smoother for your institution and...

Continue reading

Where’s Your Data? - WST

March 18th, 2021

Many organizations have opted to move some IT functions to the cloud. Sales management, off-site backups, document management, file sharing, and others are among...

Continue reading

Mozilla Firefox Monitor - WST

March 11th, 2021

With the number of breaches that seem to occur each year it can be difficult to keep track of where your data may have ...

Continue reading

Microsoft Exchange Server - Patch Now! - WST

March 4th, 2021

On Tuesday, March 2, 2021, Microsoft released out-of-band advisories detailing serious vulnerabilities in...

Continue reading

FedLine Security and Resiliency Assurance Program - WST

February 26th, 2021

Beginning 2021, institutions that utilize FedLine services (FedLine Web, FedLine Advantage, FedLine Command, and FedLine Direct) must conduct an...

Continue reading

Do you Overshare? - WST

February 18th, 2021

Have you ever been in the grocery store check-out line and heard the person in front of you recite their entire life history while they're checking...

Continue reading

Networks Need Vaccinations Too! - WST

February 11th, 2021

As we watch the first COVID-19 vaccinations roll out to those who need it most, it got this particular Security Engineer thinking about how vaccinations...

Continue reading

Ransomware - There's a Tool for That - WST

February 4th, 2021

In a previous WST, you may have noticed a bulleted item for a Ransomware Self-Assessment Tool (R SAT). Or you may not have. Regardless, it's...

Continue reading

The Scope of SARs - Something Old and Something New - WST

January 28th, 2021

Did you know that filing Suspicious Activity Reports, or SARs, is not limited to ...

Continue reading

In with the new year, out with the Flash - WST

January 20th, 2021

The writing has been on the wall for a while now regarding Adobe Flash Player, ...

Continue reading

Back to Basics: Understanding Risk Concepts - WST

January 15th, 2021

People often make judgements and decisions about risk. Modern technology environments are complex and pervasive ...

Continue reading

2021 Security & Compliance Checklist - WST

January 7th, 2021

Yep, another year has flown by and a new year is here. Now is a great time to take a close look at your 2021 schedule...

Continue reading

SolarWinds and the Big Hack - WST

December 17th, 2020

Well, hacking is certainly in the news this week! We initially resisted adding to the cacophony of news stories and email alerts flooding your inbox, ...

Continue reading

Cannabis-Banking: Movement on the Hill - WST

December 10th, 2020

While Congress may not be making much progress passing a second COVID stimulus relief bill, something historic did happen in Washington D.C. last Friday...

Continue reading

File Share Permissions - WST

November 6th, 2020

During our IT audits, we consistently find file shares containing sensitive information with poor access restrictions. Most of the time, the super sensitive...

Continue reading

Budge-IT - WST

October 8th, 2020

It’s October and for many that means it is budget time. Or, did you assume it will just be a part of IT’s budget? According...

Continue reading

Browser Password Storage Thoughts - WST

October 1st, 2020

Browser Password Storage Thoughts - WST There is some risk when allowing a user’s browser to remember passwords. If a bad actor gets access to a machine, they...

Continue reading

Fighting the Good Fight - WST

September 24th, 2020

Earlier this month, the Financial Crimes Enforcement Network (FinCEN) put out a cryptic statement regarding the unlawful disclosures of suspicious activity reports (SARs). According to FinCEN, various media outlets were intending to publish a series of articles based on...

Continue reading

IT Asset Management-Secure your environment and save money too! - WST

September 17th, 2020

Do you keep an accurate and up-to-date inventory of your IT assets? If not, you may be wasting money and decreasing your overall IT security posture. One of the most important aspects of managing your IT environment is...

Continue reading

Increase in Cybercrime During COVID-19 - WST

September 3rd, 2020

As the pandemic continues to rage on, we’ve discovered some of the hardest working people during this time are fraudsters and scammers who never seem to be impacted by high unemployment rates. According to a recent FinCEN Advisory...

Continue reading

Don’t Let OneDrive Mess up your Vulnerability Scan! - WST

September 3rd, 2020

Recently, many of our clients have had significant increases in the number of vulnerabilities found during their Internal Vulnerability Scans. One of the primary reasons for this is...

Continue reading

Don’t Suffer from Alert Fatigue – WST

August 20th, 2020

We live in a busy, and often stressful world. With most of us carrying around at least one always-connected device, we...

Continue reading


August 7th, 2020

Much like the contested area that separates two foreign powers that do not trust each other, a network DMZ is a place where you...

Continue reading

Adobe Flash is almost done - WST

July 28th, 2020

Adobe will stop distributing and updating Flash Player after December 31, 2020. We shouldn’t be surprised by this...

Continue reading

Don't Let Urgency Lead to Insecurity, Part 2 - WST

April 29th, 2020

We wanted to expand on our WST about securing remote access from a few weeks ago with some additional...

Continue reading

Keep Yourself from being Roasted - WST

April 9th, 2020

First an attacker must use the initial user account they compromised to scan Active Directory for accounts with a SPN (Service Principal ...

Continue reading

Complaint Management Programs - More Important Now Than Ever -WST

April 7th, 2020

Chances are that a Consumer Complaint Management Program review has become a key part of your most recent ...

Continue reading

Don't Let Urgency Lead to Insecurity-WST

March 31st, 2020

Across the country, institutions are finding themselves dusting off almost forgotten pandemic plans and quickly trying to adjust to new...

Continue reading

Attackers are Opportunistic,  Keep New Remote Users Safe - WST

March 19th, 2020

As institutions and companies around the world scramble to support a new or enlarged remote workforce, we are already seeing attackers...

Continue reading

COVID-19 Is your Pandemic Plan ready? - WST

February 28th, 2020

You already have a rock-solid pandemic plan, right? Of course you do. But given the current coronavirus (COVID-19) news, it...

Continue reading

We Accept the Risk - WST

February 20th, 2020

Risk. The hot potato of any organization. There are so many options of what to do with a risk potato once it's ...

Continue reading

Infosec Blocking and Tackling - Vulnerability Management - WST

February 20th, 2020

Vulnerability management! Now there is a sexy subject. Managing the various vulnerabilities in your environment (which is generally a lot ...

Continue reading

Upgrading 2008 R2 Domain Controllers - WST

June 27th, 2019

With Microsoft ending support for Windows Server 2008 R2 on January 14, 2020, related anxiety-induced reluctance and procrastination are completely understandable ...

Continue reading

Keep your institution off the evening news.

Contact Us