Articles In Security

By Michael Hawkins, Posted in Security

It is that time of the year when the festive spirit comes out of all of us and we spend additional time with our families and friends. At the same time though, hackers and criminals become more focused on finding ways to wreak havoc or extort ransom money from unprepared victims. It is for that reason that we are taking a quick look at three key security technologies that are a crucial part of any ransomware strategy. Data Loss Prevention (DLP) Data that is exfiltrated from an organization and falls into... read more.

• December 20, 2021

By Nancy Rand, Posted in Security

In November, Troy Leach, Senior Vice President, Engagement Officer for the PCI Security Standards Council (PCI SSC), and Suzie Squier, President of the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC), discussed the protection of payment data during this holiday season.   https://blog.pcisecuritystandards.org/be-on-alert-this-holiday-season In October, the PCI SSC blog focused on their Work from Home Security Awareness Training, which is available from the council.... read more.

• November 29, 2021

By Gotham, Posted in Security

This is a guest blog from Proofpoint, a leading cybersecurity company that protects organizations' greatest assets and biggest risks: their people. Today’s organizations face a variety of challenges and security risks, ranging from ransomware to phishing campaigns. For this reason, many organizations invest significant time and resources to detect and prevent external threats. But one area that is often overlooked is the insider threat. There are three primary types of insider threats: Malicious:... read more.

• September 20, 2021

By Gotham, Posted in Security

This is a guest blog from Proofpoint, a leading cybersecurity company that protects organizations' greatest assets and biggest risks: their people. Today’s organizations face a variety of challenges and security risks, ranging from ransomware to phishing campaigns. For this reason, many organizations invest significant time and resources to detect and prevent external threats. But one area that is often overlooked is the insider threat. There are three primary types of insider threats: Malicious:... read more.

• September 20, 2021

By Michael Hawkins, Posted in Security

It is worth revisiting some of the basics of ransomware in order to remind ourselves of why we need so many security controls to protect against it. How does ransomware get into our computers? The most common path is through an email that contains attachments that are infected with the malware. In this scenario, infected PDF files are very common, but Microsoft Word and Excel files and other types are seen also. Another common infection path is browsing to an infected web site. These sites will usually pop... read more.

• September 13, 2021

By Nancy Rand, Posted in Security

The PCI Council has published a series of blogs on payment data security as part of their task force for small merchants.  Topics include: Back-to-Basics: Think Before You Click Back-to-Basics: Properly Configured Firewalls Back-to-Basics: Secure Remote Access Back-to-Basics: Use Strong Encryption Back-to-Basics: Keep Software Patched Back-to-Basics: Use Strong Passwords Back-to-Basics: Reduce Where Payment Data Can Be Found PCI SSC Shares Resources for Navigating Changing Payment Environmen... read more.

• September 08, 2021

By Nancy Rand, Posted in Infrastructure, Security

On August 5, 2021, the PCI DSS Council and the Cloud Security Alliance (CSA) issued a joint statement on the importance of cloud scoping. https://www.pcisecuritystandards.org/about_us/press_releases/pr_08052021 https://www.pcisecuritystandards.org/pdfs/PCI_Cloud_Security_Alliance_Cloud_Bulletin.pdf Best practices focus areas are discussed: Data protection, Authentication, Systems management, DevOps & DevSecOps, Data governance and Resiliency. These best practices are important to the security of clou... read more.

• September 02, 2021

By Ed Bratter, Posted in Infrastructure, Security

One of the benefits of Microsoft 365 is the ability for users to collaborate and share with co-workers, clients, vendors, partners, and people external to the organization. This benefit, however, comes with a downside; users can either purposely or inadvertently expose information that the organization would not want shared externally.   To complicate matters, newly established tenants leave the door wide-open for publishing data to external entities. As a result, users can share data with outside ind... read more.

• July 27, 2021

By Timothy Karl, Posted in Infrastructure, Security

With anti-malware scanning software it is very important to have the proper malware exclusions in place. A misconfiguration of these settings may lead to performance issues which can may cause outages of critical applications and services due to file contention and locking. IT administrators need to find a balance between a malware-free environment and affecting the reliability and performance of any applications or services. Anti-malware exclusions can come from a variety of sources. Each anti-malwar... read more.

• July 02, 2021

By Michael Hawkins, Posted in Security

This is part two of our two-part Ransomware Readiness series. Click here to read part one. Ransomware has recently had several high profile cases, including attacks on Fujifilm, JBS, and the Colonial Pipeline. These attacks continue to highlight the importance of the security controls that help to stave off or limit the damage. Gotham Technology Group has developed a ransomware remediation assessment service that analyzes your current technology state and staff training while making recommendati... read more.

• June 23, 2021