The National Institute of Standards and Technology (NIST) has produced a five-part Cybersecurity Framework: (1) Identify, (2) Protect, (3) Detect, (4) Respond, and (5) Recover:
a) In the Identify phase, we will help you to catalog your network assets and existing policies.
b) The Protect phase covers the network hardware such as firewalls, intrusion detection/protection systems (IDS/IPS), and security information & event management (SIEM) systems.
c) The Detect phase centers on detecting events on your network that may have malicious origins.
d) The Respond phase constitutes a review of your incident response policies and procedures.
e) In the Recover phase, we focus on how your company will return to normal business operations after a cyber attack. The range of incidents can range from one hacked email account to a full ransomware infestation.
Businesses have an obligation to protect the Personally Identifiable Information (PII)of both employees and customers/clients. Those that do not protect this information are vulnerable to lawsuits. Do you have a PII handling policy? Do you have a PII encryption policy? Do you send unencrypted emails containing PII over the internet? Are the hard drives of old computers wiped, degaussed, and destroyed? Cosecure’s PII Cyber Risk Assessment will help you answer these questions and more.
Information Governance is an overarching term referring to the policies and procedures used to manage the information that an organization creates, collects, and handles. This includes both digital and paper records; structured and unstructured data, including those stored in databases, on file systems; and the aspects of cybersecurity needed to keep all of that data as safe as possible to avoid fines and the loss of your competitive edge. Regular updates is a hallmark of a good Information Governance program. Our Information Governance cyber risk assessment will review your cybersecurity posture.
Does your company accept credit card payments? If so, you may be on the hook for special cybersecurity measures required by the Payment Card Industry (PCI). Version 3.2.1 of the PCI Data Security Standard (PCI DSS) increased the security requirements applicable to covered servers, even if the payment is passed to a third party for final processing. Are you aware that you are not allowed to store the three- or four-digit Card Verification Value (CVV) after the transaction is complete? If you do and there is a breach of your network, you could be held liable by the bank who issued that card https://www.merchantmaverick.com/what-is-credit-card-security-code-cvv2-cvv-cvc/ . Did you know that to remain compliant with the PCI-DSS standard, you have to install all critical security patches within one month of their release? This is true for all systems on the network. Allow us to help you find out if you are in compliance.
If the thought of ransomware does not strike fear into your heart, you may not know the full extent of your vulnerability to it. Do you backup your data? If so, how often? Are those backups stored online or offline? If they are on a device connected to the server, even if it doesn’t have a drive letter, it can be encrypted by ransomware https://social.technet.microsoft.com/Forums/windowsserver/en-US/ce9371d7-5e91-401c-be58-a63fcf38bbf0/unhide-windows-server-2016-backup-drive-following-ransomware-attack?forum=ws2016.
There are many ways to breach a network and with persistence, any network can be compromised. What is left over at the end of the day is the ability to recover from the attack. Is your sensitive data encrypted when it is not in use? As more and more companies are mitigating ransomware with actionable backup strategies, cybercriminals are increasing their chances of being paid by exfiltrating your data and threatening to release it unless you pay the ransom. Are you protected?
Today’s workforce environment is like nothing we have ever seen. There are more people working remotely today than ever before, which completely changes the cybersecurity landscape in which your company is working. If your company’s computers are sitting on the same networks as your employees’ children on their Small Office Home Office (SOHO) routers — which may have never been updated — how protected are you? Most VPNs allow a split connection between the remote office LAN and the home LAN. This is how you are able to print on your home printer while connected to your office network. This means that infected devices on the home networks can be a threat to your company information. This is a tough situation to be in as you do not own your employees’ home networks. However, there are ways around this that we can help you establish. Contact us today for a free consultation.
No person or company can do it all. We all need assistance from outside experts, and that means using outside vendors. No matter how careful we are with our own networks, what can you say about the cybersecurity posture of your third party associates? Does your cloud provider have a SOC2 Type I report? How about a SOC2 Type II report? Do you know the difference between the two? Do you handle HIPAA data? Do you have HIPAA BAAs in place with all of your vendors who also handle PHI data? Let us help you navigate this complex landscape. Contact us today for a free consultation.