Blog

In yet another crackdown on the Google Play Store, Google has removed hundreds of phony and terms of service breaking applications (apps). The Play Store is the official app store for the Android Operating System (OS). In a survey conducted by software company Lefttronic, it is estimated that Android is the most dominant OS with 76% of the market share. Moreover, Lefttronic’s forecast suggests this number will only jump to 87% by 2022. This means every business currently has or will have at least one Android user and with many small and medium sized businesses (SMBs) permitting Bring Your Own Devices (BYOD), employees utilizing Android OS pose a major security risk.

The internet has become increasingly critical for survival during the COVID-19 pandemic and is a necessity with millions of people working remotely. A recent discovery by Digital Revolution, a Russian hacker group, reveals that Russia’s national intelligence service (FSB or Russia’s Federated Security Service) has been working on an Internet of Things (IoT) botnet project that could shut down the internet.

A Penetration Test (Pen Test) is a simulated cyber-attack against an organization to identify exploitable weaknesses. The purpose of the simulated attack is to uncover any weak spots on a network, application or endpoint that a threat actor could take advantage of and address them accordingly before an attacker can exploit them. Pen testing is becoming more critical as all companies have a network presence and thus, are susceptible to attackers. Moreover, a successful cyber-attack has major consequences that can be detrimental to the livelihood of an organization.  

Most companies are looking for ways to set themselves apart from their competition. One way they can stand apart is by proving their operational security maturity and adopting the National Institute of Standards and Technology Special Publication (NIST SP) framework 800-53. NIST is a non-regulatory agency of the U.S. Commerce Department that establishes standards across federal agencies. NIST SP 800-53 is a set of standards to assist federal agencies in meeting the requirements set by the Federal Information Security Management Act (FISMA). However, given the latest cyber security headlines, NIST 800-53 is starting to influence the private sector as well.

The business profiles and mitigation priorities of service companies today are incredibly diverse. Furthermore, with breaches occurring left and right customers are increasingly expecting proof that their data is being properly secured. One way companies can meet this expectation is by attaining Service Organizational Control (SOC) 2 compliance. SOC 2 compliance was designed to validate that service providers are handling customer data in a confidential manner and with the utmost care. Ultimately, this provides organizations that seek to become SOC 2 compliant with a competitive advantage against industry competitors.

I’ve been watching the news, as we all have been with the pandemic impacting our daily lives.  We continually see tearful appreciation and tributes to doctor’s, Nurses, healthcare workers, first responders, military, teachers, which are all truly deserved. We see their challenges and heroic actions during this challenging time.  What I haven't seen is any acknowledgement of the behind the scenes workers that allow these professionals to function in their roles.  IT professionals work in a field where generally the only time they are acknowledged is when something goes wrong.  Yet due to our Nation's dependence on IT to perform many of these functions, the IT teams that are keeping things up and rolling deserve a THANK YOU as well!  After all, IT workers are designated essential by DHS. 

With everyone willing to abandon Zoom for several pretty serious security mistakes, it seems the future of our digital world will hopefully now better see the benefits of stringent security requirements for technology we are both using and building for others to use. 

Remote work is becoming a new experience for many due to the current events that can be difficult for employers and employees to grasp. As more companies roll out mandatory remote work from home (WFH) in response to COVID-19, organizations need to consider what the new home office procedures are and the communication plan for remote personnel.

The rise in employees forced to work from home (WFH) due to the COVID-19 outbreak has led to a major spike in companies realizing they are not prepared for the new onslaught of remote workers. There is no telling how long this period could last, and subsequently, businesses are starting to evaluate how they will securely facilitate long term access for their remote workers.

Vulnerability scanning and patching is a cornerstone of cybersecurity. Deploying relevant patches is a critical step in basic security measures to minimize any organization's endpoint vulnerabilities. In response to COVID-19, many companies are now required to have employees work from home (WFH). This sudden transition to a remote workforce has resulted in essential security practices and assessments like patching, to become either delayed, neglected or forgotten. As such, we can expect attackers to take advantage of this and use vulnerable devices to infiltrate an organization.