IT Voice

Blog

  • Common Misconceptions About SOC Reporting

    Common Misconceptions About SOC Reporting.png

    (more…)

  • 5 Powerful Reasons to Test Your Cybersecurity Today

    It’s natural for an organization to plan for success. However, that success could all be for nothing if you don’t also plan for worst-case scenarios, especially breaches to your information technology systems. Continuity of operations and disaster recovery plans are essential for taking proactive action against the very real threats to data security today.

    Cybersecurity threats are constantly evolving and have become so sophisticated that they have taken down many major institutions that previously seemed untouchable. However, data breaches affect so much more than the IT infrastructure — they can affect your entire business operations, often with costly results.

    In this article, we’ll take a look at why periodic testing of your cybersecurity and regular reviews of your IT security policies is essential to mitigating the risk of your data and systems getting compromised.

    1. Improved Cybersecurity Increases Customer Retention

    When it comes to customer service and relations, trust is everything. Your customers demand failsafe security whether they are making an online purchase, logging on to their account or simply signing up for your newsletter. They need to know that their personal data and identity is secure. A recent study revealed that organizations that adopted an identity-centric approach to security experienced the following results:

    • A 39-percent increase in customer satisfaction
    • A 38-percent increase in revenue
    • An 87-percent increase in talent retention and acquisition

    2. Proactively Testing Cybersecurity Keeps the Government Off Your Back

    Most organizations, regardless of industry or size, are likely to face compliance obligations at some point in their business year. Statutory, contractual, regulatory and legal compliance are just some of the compliance obligations faced by businesses today.

    (more…)

  • 4 Ways Banks Prevent Security Disasters

    In September, Yahoo became the latest company to admit it had a serious data breach. A suspected state-sponsored hacker had compromised the user data, which included security question answers, passwords, phone numbers and birth dates, of 500 million accounts. Many Yahoo users also trusted the company with their bank account and credit card numbers, but the company maintained that this information was not stolen.

    The hack came at a particularly sensitive time for the tech company, because it had recently finalized a deal with Verizon to buy its core properties for $4.83 billion in 2017. Any data breach erodes user trust and creates negative press, but Yahoo’s data breach was particularly bad due to the scale of the hack. The announcement of the cybersecurity breach was also particularly troubling for Yahoo users, because data was stolen in late 2014 but they were just now hearing of the breach in 2016. Some experts speculate that Yahoo might have hidden knowledge of the data breach because it would have undoubtedly reduced the value of the company by millions of dollars.

    Tech companies are expected to have good cybersecurity programs, but for financial institutions, having exceptional cybersecurity programs is critical. A data breach isn’t just embarrassing; it could leave your clients exposed to identity and financial theft. To preserve trust in your bank, formulating a plan to prevent a large-scale security breach can reduce the risk of a reported hack landing your institution on the front page of a newspaper.

    Cybersecurity Audit: Test Your Preparedness

    Before making any changes to your existing system, it helps to evaluate your existing security approach. Garland Heart offers regulatory cyber security audits that can serve as an independent review of your current security before an external audit. The audit examines your bank’s policies and procedures to ensure it’s meeting security standards. It also evaluates the physical security of the server and other hardware and the logical security of the overall system, accounts and disaster recovery.

    Penetration Testing: How Easy Are You to Hack?

    Penetration testing is one of the best methods to uncover possible security weaknesses within your website and overall computer network. The pen test works by employing an expert who tries to hack your system to gain financial information and other data. After the testing is complete, you can review if any data could have been stolen and address any possible areas of vulnerability.

    A pen test provides essential information for preventing a real hacker from stealing financial information, but its effectiveness as a diagnostic tool is limited by the talent of the person doing the testing. Our penetration testing doesn’t rely on just firewall scanning to determine your security. Instead, we use our team of highly trained consultants and its three decades of experience to test beyond your Internet interface. After our pen test, you’ll know if your email, Internet, online banking, wireless network, and applications could potentially withstand an attack.

    For an overview of the information security essentials that helps to protect client data, you can also download this free cheat sheet. “The Complete Guide to Info Security” will provide you the information you need to understand particular cyber security vulnerabilities.

    Social Engineering: Identify Your Team’s Vulnerabilities

    Sometimes a data breach doesn’t occur due to a vulnerability in a network or application. Clever hackers can manipulate your employees into giving them the data they want by preying on your employees’ natural desire to help. These human breaches may be smaller in scale, but often they’re easier to successfully accomplish. Therefore, any vulnerability assessment should also investigate your workforce.

    Social engineering prevention works like penetrative testing on your bank’s employees. Garland Heart uses carefully trained employees who know how to possibly trick your bank’s employees into divulging personal information. Social engineering is particularly valuable because most of your employees won’t even realize that they’ve violated banking procedures by disclosing certain types of information. Garland Heart can also help your employees spot these human hackers so they don’t fall for their tricks.

    Breach Assessment: How Prepared Are You for An Attack?

    Is it possible that your bank has already had a security breach? Yahoo’s hack demonstrated how a hack can be made worse by not quickly identifying and disclosing the problem. While it’s possible that security flaws have remained uncovered by hackers, it’s also possible that a breach has already occurred. It’s also possible that no matter how carefully your bank protects its customers, a security breach could occur in the future.

    Breach assessment works to protect your bank against past and future breaches by creating tests that simulate a breach. Garland Heart also uses social engineering techniques to further identify any possible environment weaknesses at your bank.

    Right now, bank cybersecurity programs are a best business practice to protect your clients and preserve your institution’s insurance. And although there hasn’t been a major hack of a U.S. bank yet, data breaches that have affected millions of consumers have drawn interest from government regulatory bodies. Just days before Yahoo announced its data breach, New York State announced its intent to pass regulations to require that bank cybersecurity meets certain benchmarks. While nothing has been finalized, this move is a clear indication that your financial institution should expect more scrutiny aimed at its cybersecurity methods.

    Hackers can destroy the hard-won trust of your clients. Contact us for a free quote, and learn how to protect your bank from cyber attacks.

  • How Safe is Public Wi-Fi?

    The modern digital age is more convenient than ever. Not only can you walk around with a tiny supercomputer in the palm of your hand, you can use that supercomputer to connect to the entire world over the internet, with multiple options for network protocols. However, when it comes to the cybersecurity of your mobile devices and the data they contain, the entire world is often less risky than the person sitting at the restaurant table next to you.

  • 4 Practical Ways to Step Up Your Software Supply Chain’s Security

    When it comes to optimizing your software organization’s security regime, you’re probably used to focusing on end products and your own infrastructure’s regulatory compliance concerns. While your software-supply chain probably isn’t the number-one place you think of when you’re planning to hone your security measures, it’s still a vital cog in the machine. That makes it an area that requires robust security measures.

    Even better, increasing the security in your supply chain sector can improve your productivity and the quality of your products while also reducing your security risks. Whether you’re operating with an information-security consulting partner or working with your own resources, here are four tips to improve your supply chain security management.

    information security consulting

    (more…)

  • Meet Nonnie the Service Dog

     Hi! My name is ‘Nonnie’, a service dog in training @ Freedom Service Dogs of America. I am currently being taught to open doors, pick up items, pull wheelchairs, go for help and give lots of love to people with disabilites.  I don’t know who I will help yet, but it could be a child with austism, a veteran with post traumatic stress disorder or an elderly person in a wheelchair.  No matter who, I will do my best to assist them with life tasks and help them regain their independence.

    IMG_6414-644408-edited-555360-edited.jpg

    (more…)

  • 5 Smart Tips to Back Up Your Data Now

    In a world where every company’s business is increasingly its own data, it’s always a good idea to ensure that data is backed up. This is especially true in the way it encourages adopting a proactive security mindset, allowing small and mid-sized businesses to address the risk of a cyber attack or security breach before it happens.

    As ransomware attacks continue to make headlines, the value of your own data has never been clearer. Though you may not realize it now, you certainly would if you were to log in one day and discover that you can’t access even a single file on your systems without paying hundreds or thousands of dollars to the attackers behind a ransomware virus that had hijacked your computers.

    5 tips for backing up your data (more…)

  • 6 Key Tips for Penetration Testing in 2016

    The need for penetration testing has become a fact of life in 2016. As businesses grow more reliant on online activities — and often require 100 percent effective network uptime — penetration testing remains the best way to ensure your systems are safe and secure.

    However, penetration testing is definitely not a “set it and forget it” security process for your organization. As part of a comprehensive incident response plan, penetration testing needs to be tailored to your specific needs and the specific topography of your network landscape.

    Here are six key tips to ensure your penetration testing is effective and well suited to your systems.

    6_Key_Tips_for_Penetration_Testing_in_2016.png

    (more…)

  • What Small Companies Should Really Know About Cloud Security

    While the bulk of data security breaches affect large corporations, hackers can target small and medium-sized enterprises (SMEs), too. As a result, small businesses — often deemed an attractive target by cybercriminals because these companies lack the infrastructure of multi-million dollar conglomerates — are investing heavily in cloud security. However, not all cloud computing vendors are the same. If you want to incorporate cloud technology into your small business, there are a few things you need to know.cloud_security_for_small_businesses.png

    (more…)

  • 3 Key Guidelines for CISOs in the Era of the Cloud

    Before the cloud, most business chose to store their data on internal servers they managed. Because of this, accessibility typically was limited to helping reduce how vulnerable a business’s information was to hackers. With the inception of the cloud, companies have poured billions of dollars into this technology and the corresponding cyber security features. As information is instantly sharable anywhere in the globe and potentially no longer locally managed, this exposes vulnerabilities for both users and their companies. As the needs grow for access and data management including these enhanced security features, it was the Chief Information Security Officer (CISO) and his or her team that were delegated with the task of information security, storage, and data protection.

    From the vantage point of the CISO, a growing concern may stem from not just having an increased budget for cyber security concerns, but having solutions that do not constrict operational efficiency. Problems exist with ill-fitting security products that aren’t tuned to meet the customers or business needs. To help CISOs target the most important cloud security features they need and to give them the protection they require for their compliance departments, best practices and regulations, they may need the help of a third-party agency, testing and process improvement. The goal is balancing security with functionality.

    Here’s how to accomplish just that.

    (more…)