Onepath Cybersecurity Self-Assessment Tool

Standard

Today, Onepath released our new Cybersecurity Self-Assessment Tool.  This simple, 20 question, tool will help you determine your organizations cyber-security posture, in plain English.

This was created by our marketing team, with expert oversight from Greg Chevalier, our VP, Information Security Practice.  Take the assessment and let me know what you think.  We think it’s a great tool to help our clients and friends understand the ever changing cybersecurity landscape and where they may be vulnerable.

Here’s the email announcement that went out this morning:

obe_email_banner_general24e2

There are many steps that companies need to take to defend themselves, their systems and their data. Those steps, however, and the degree of cybersecurity protection required depend on a number of factors, including the individual business’s risk assessment and tolerance.

Going through these processes can be complicated and overwhelming, leaving many businesses not knowing where to start. Even companies that have programs in place, and have taken steps to improve their information security position, are now left wondering if what they’ve done is right, or is enough.

Onepath has created a cybersecurity self-assessment tool to help businesses establish a baseline of their current security level and posture. The questions cover the basics – the blocking and tackling needed to establish an information security foundation. It may be just a start, but it could be that critical first step you take to get your business on a path toward cyber-protection.

startbutton28e2

Cyber Supply-Chain Attacks

Standard

I recently attended a webinar sponsored by the FBI‘s InfraGard program, which I am a member of.  I wanted to share some useful information from this webinar.

weaklink1-600x293Do you know what a cyber supply-chain risk is?  If not, you should.  Simply stated, a cyber support-chain risk is the risk of a hack or data breach from a 3rd party that you allow to access your secure computer network.  This could be anything from a consultant that works for you to your air conditioning or security system vendor, if they connect remotely into your network to manage these systems.

Here is some thought provoking informatin regarding cyber supply-chain risks:

  • 50% of data breaches are attributable to a 3rd party vendor.
  • 83% of organizations do nothing to manage third party risk.
  • 80% of data breaches are discovered by someone outside the breached organization.

So, what are some of the things you can do to mitigate your risk?

  1. Assess the risk before you allow a vendor access to your network.
  2. Understand your level of risk.  Is a large company a large risk and a small company a smaller risk?  Not necessarily.
  3. Perform an independent security assessment to understand your level of risk.  This assessment should include, at minimum:
    • Network/Perimeter Scan.
    • DNS Resilience.
    • Email Security.
    • Web Application Security.
    • Hacker Threat Analysis.
    • Breach Metrics
    • Patching Candence.

Keep in mind that doing an assessment is just the start.  It’s important to have the tools and processes in place to manage the assessment results.

If you life in a regulated world, you have even more to worry about.  If you take credit cards, you need to comply with PCI 12.8.  If you are in healthcare, you are governed by HIPAA and if you do business in or have employees who are residents of the EU, you much comply with GDPR.

It’s not a matter of if you will be at risk, it’s a matter of when.  You need to have a plan for dealing with a breach caused by a vendor.  Understand your communication and reporting responsibilities and develop your plan now, not after you have an incident.

Remote Workers Pose More Risk

Standard

Shred-it, the world leader in document destruction, has released their 2018 State of the Industry Report and it includes some interesting findings with regard to remote workers.  You may click on the link to request a copy of the full report from Shred-it, if interested.

us-sec-trackerThe stat that is most striking is that 86% of C-Suite executives believe that remote workers increase the company’s risk of suffering a data breach.  When looking just at small business owners, that number is 60%.

Employee negligence and a lack of information security is cited as the number one reason for this concern.  When employees work remotely, they may not be as careful as they are when working in the office.  This could be a result of using public WiFi or using devices other than company issued assets.

If you allow employees to work remotely, you should insist on several simple steps to help keep your business safe.  While not all inclusive, the following are six basics that should be considered a must for anyone who works remotely.

  1. Only allow company work to take place on company issued or managed devices.  While many companies now support a “BYOD”, Bring Your Own Device policy, those devices still need management, to ensure that company data is not stored inappropriately in locations that the company has no visibility to.
  2. Public WiFi should be avoided.  With nearly all mobile plans now supporting unlimited data, employees should use their mobile hotspot feature when not at their home or remote office.
  3. Only access company resources via HTTPS connections or over a company managed VPN.
  4. When in public spaces, be mindful of wandering eyes.  Whether at a cafe or on an airplane, nose neighbors and people sitting behind you are in easy sight of confidential information you may have on your screen.  Consider a privacy protector for these instances or sit in a location that prevents others from viewing your screen.
  5. Never let a friend of family member use a company issued or managed device.  You never know what they may expose you to.
  6. Report a lost or stolen device immediately!  If you suspect you may have exposed company data in any way, report it immediately!

Shred-it also released a great infographic that summarizes their report, which you may access here.

Stay safe out there!

I’m Still Blogging

Standard

My posts have not been as regular of late and I wanted to let you know why.  With summer getting in to full swing, I actually managed to take a little PTO.  At the same time, business has been booming and I’ve been extremely busy with work at Onepath.

I’m hoping to be back to regular blogging this week, so keep watch for new posts.  In the meantime, I’m enjoying the thrills of business travel.  This week it’s our Columbus office and wouldn’t you know it, my rental car upgrade sports a Cobb County, GA plate.  That’s where Onepath is headquartered.  I thought that was fitting.  I was also pretty tired, having arrived pretty late at night 🙂

Sharing My Colleagues Work

Standard

I am very fortunate to work with some great people.  Below is a selection of informative articles that some of them have written for our web site at 1path.com.  I think you’ll enjoy them and learn a few things as well.  These pieces highlight some of practice areas, including IT Services, Cloud Services, Application Management and Building Technologies.  Enjoy!

FistBumps.jpg

Five Signs You Should Invest in IT Support
by Eric Ellenberg

You’re a business owner and things are going well. Your customers are happy, your employees love their jobs, and your business is profitable and humming along. Congratulations! You’ve put in some long days and dealt with some tough problems to get here, so take a moment and celebrate your team’s accomplishments.

But increasingly, you’re getting questions about technology. The computers you bought a few years ago aren’t running so great, and your employees need help with them. Your accounting software is a few years old and needs an upgrade to keep up. You’re thinking it might be time to switch to a new customer relationship management system (or start using your first) to better track your current customers and reach out to new prospects. You’re getting emails about PCI compliance, but you’re not sure what the next step is. You’re getting a lot of email that looks a little off that’s actually trying to steal your confidential information. Some of your people have gotten a nasty virus that took them out of commission. That college grad in the office is telling you to move to the cloud, but you’re not exactly sure what that is or how to make it work for your business.

Continue reading…

Clouds.jpg

Your Cloud Security Is Only As Strong As Your Expertise
By Armon Aghaie

When your day-to-day is consulting with prospective clients in IT, you begin to get a feel for which technologies are having the biggest impact. Questions that are asked, articles that are published, etc. all give pretty clear indications about how technical markets are evolving over time. Naturally – it likely comes as no surprise – cloud and security are at the top of everyone’s mind.

Cloud has gone through an interesting evolution as it relates to security. Four years ago, you couldn’t convince most IT leaders that housing their highly important information on the same infrastructure as someone else would ever be a good idea. Makes perfect sense, right? When people share an office, they need only turn their head to see what others are working on. Why wouldn’t it be the same when people share servers?

Fast forward, and now we are talking about how cloud infrastructure has some of the highest levels of regulatory compliance including PCI, HIPPA, GDPR, multi-national, government, and many more.

Continue reading…

NewProd

Online Product Catalog Allows Firm to Monetize Their Data
Underwriters Laboratories (UL) Case Study
By Raquel Valdez

An industry-leader in certifying and validating products to be green certified wanted to re-platform their online product catalog, in order to monetize it and become the global source for green products. They wanted their new catalog to be an evolution of their older one, expanded to include data from other green partners and a complete network of green products across all markets. They also had an immediate, urgent need to complete the project by the end of the year and needed a trusted partner they could rely on.

The company approached Onepath. The Application Management Services team had previously built an online product catalog for a smaller company devoted to air quality testing, which had since been acquired. Once the acquisition took place, all IT was brought in-house, and they continued using the catalog that Onepath had built. When the need to update and revamp another product catalog arose, Onepath was the obvious choice.

Continue reading…

Firefighters

Emergency Response Radio Coverage (ERRC): Coming to a Building Near You
By Caleb Clarke

When emergency responders enter a building, they rely on radio equipment to communicate with one another and dispatchers, but within certain buildings, standard radio signals become impaired and stop working altogether. When time is most critical, first responders can be cut off from receiving further instructions, coordinating with one another, or requesting additional resources and equipment.

Various building structures and architectural materials can negatively impact the transmission of radio signals and prevent them from working. Standard radio signals have always had this problem, putting emergency responders and those needing rescue at risk, but fire codes weren’t really updated to require minimum performance requirements for emergency radio coverage until inadequate radio communication was determined to be a contributing factor in the death of 343 firefighters during 9/11. Both the National Fire Protection Act (NFPA 72) and the International Fire Code (IFC 510) updated their requirements to include Emergency Responder Radio Coverage (ERRC).

Continue reading…

Goodbye Net Neutrality

Standard

june11-graphic-4

Despite the fact that an overwhelming majority fo the citizens of this country support net neutrality, politics has prevailed over the will of the people.  Such is the state of our current political system.

We still live in the greatest democracy that humanity has ever known, but it is flawed.

The House of Representatives has so far, refused to act on the issue.  If you are a regular reader of my blog, you know that the Senate voted to overturn the FCC repeal of net neutrality.  For that overturn to move forward, the House needed to act and they have not.  Should the House choose to act at some future date, then the President would also need to sign off.

At this point, all we can do is bombard the House and White House with plea’s to listen to their continuents and vote to overturn the FCC’s repeal.  For now, we are left to sit back and see if the large broadband Internet providers change the way their networks operate or if costs begin to rise in order to maintain unfettered access to all of the Internet.  Only time will tell.  Hopefully, watchdog groups will keep an eye on this, as there is still a transparency requirments, so providers must disclose if they begin to prioritize traffic.

Keep the pressure up at a grass roots level.  It’s never to late to save net neutrality, but as of today, the prior protections are officially no more.

An Undersea Data Center

Standard

You read that right, an underwater data center has been created by Microsoft.  Yes, that Microsoft.

The so called “submarine data center” is a giant tube packed with a whopping 864 servers.  The ocean will offer natural cooling to the data center that sits on the ocean floor off the Orkney Islands off the coast of Scotland.  Cooling is one of the most expensive components of a traditional data center, so this renewable aspect of cooling should cut down on a major cost component.

The tube is about the size of a shipping container and is designed to the deployed rapidly off the coast of major cities allowing for more expansion of cloud capabilities.  What’s not yet clear is how any hardware or power failures would be addressed in a large tube that sits about 100 feet below the ocean surface.

Microsoft plans to monitor this new prototype data center for a year, to determine it’s future viability.  While Microsoft is touting the renewable energy aspects of this development, one does have to wonder if there will be any heat bleeding from the tube and any ambient noise coming from within that could disrupt the marine ecosystem where these tubes are placed.  It will be interesting to see what is learned over the coming year.

sunk-data-center

Here is a link to more details, including videos and photos of the data center.  It’s worth a look and read.

https://news.microsoft.com/features/under-the-sea-microsoft-tests-a-datacenter-thats-quick-to-deploy-could-provide-internet-connectivity-for-years/

It’s Internet Safety Month #CyberAware

Standard

Happy June!  Did you know that June is Internet Safety Month?  Well now you do.

The National Cyber Security Alliance, NCSA, has declared June Internet Safety Month and this year, the focus is on mobility.  I recommend reading the NCSA press release “Stay #CyberAware on Mobile Devices during Internet Safety Month and All Year Round” for a wealth of informational resources.

This years theme centers around kids getting out of school and families taking summer trips.  It’s all about mobility and your online presence.  Major topic areas cover “Be Smart About Socializing”, “Stay in the Game Safely”, “Getting Ready to Go”, and “While on the Go.”  There are also links to virtual events that you may be interested in participating in.

Enjoy the month of June and the entire summer.  And do so safely.

NCSA