Blog

You see it more and more every month. People are beginning to work from home just as often as at the office. The Internet has been a great enabler of this and will only increase in the future. But the question is now becoming if employers should be concerned with the computers employees are using at home to do work. Many businesses take the position of offering company-approved laptops to their remote employees but many more do not. And besides, now with ‘software-as-a-service’ skyrocketing in popularity it doesn’t matter which machine they use anymore. This, therefore, opens up businesses to remote employees connecting to them with unpatched, untested, virus filled systems.

The Garland Group would like to welcome and introduce Mark McSpadden to our team! We’ve worked with Mark as a contractor for a while, and he has been instrumental in designing and developing our risk assessment software, RiskKey. Mark will be key in working with Brad on a variety of other new ideas and services that The Garland Group will be offering in the near future.

The Garland Group has some exciting news it would like to announce this morning. Our growth over the last two years has been overwhelming and it’s great to note that it mainly comes in the form of referrals from our existing client base. Thank you!

A flash drive is described by Wikipedia as “flash memory data storage devices integrated with a USB (universal serial port) interface�. Memories on the flash drives can contain from 32 Megabytes to 64 Gigabytes. They are very compact, lightweight, removable and rewritable.

I did a little Social Engineering pretext calling reconnaissance work recently to see if I could get some general information (what time do employees go home for the day, locations, urban/rural areas, wire request instructions, etc.). I posed as a customer and all the employees I talked to were very helpful and would even give me more information than I asked for. I was expecting this because of that small town, community banking environment. When I got more comfortable and started asking for sensitive information, I was challenged with authentication questions, which kind of surprised me. I fumbled around and got off the phone quickly. The person I was talking to was very friendly, yet was going through proper procedures to keep the bank secure.
When we do these social engineering reviews and present the bank with our findings I am nervous about scaring employees into being ‘too secure’ (if that is possible). I would love for them to run through all their customer identification procedures before giving out any information, but on the other hand I want them to keep that community bank feel. I guess I just don’t want to scare employees into being robots when working with customers. That would destroy the core competencies of some of the banks we work with. It was nice to talk to someone that really wanted to help me, but went through the right steps to do so. The point of the story: Security and community banking is possible in the same environment, I’ve seen it.

Richard Bejtlich has a blog that I read ever so often. His focus is primarily on security, but the topic in question here reaches into the financial sector. Mr. Betlich illustrates a valid point concerning the complexity and uncertainty of Infosec in general. In a nutshell, a CIO (or IT deparment) is at a disadvantage in quantifying the financial performance of his/her department.

powered by ODEO
I am very happy to announce our very first podcast! The guys have been tossing this idea around for a while and kudos to Court and Eric for finally sitting down and recording one of their great conversations. (Also props to Eric for the intro music and editing!)

I think it is probably a pretty easy statement to make that our work environments have changed. With the advent of the Internet and the miniaturization of technologies like laptops and phones there is no longer a need for a ‘8am-5pm mentality’ that we’ve been holding on to since the Industrial Revolution. We are in a knowledge economy and we rely on our employees to bring their brains, not their brawn, to get the job done. That’s why I was so thrilled to come across this book that challenges those assumptions.

Recently two German researchers presented their findings on cracking the WPA encryption method at the PacSec security conference in Tokyo. I know this sounds like the set up to an Abbott and Costello routine, but it’s not. Its also not as serious and as dire as the researchers or the conference that announced the findings make it out to be.

(more…)

Core processing vendors have become commonplace for a one-stop shopping center for everything from core processing to firewall-network support. It’s hard not to pass up such a packaged deal that would allow all IT services outside of core processing to be bundled and packaged on one nice invoice that can be accompanied with discounts for extended years guaranteed. Sometimes it just makes sense to bundle it all from a financial and vendor management position.