pen test

Pen Test vs. Vulnerability Assessment: Which is Right for my Organization?

Often, when speaking to many organizations, I often hear confusion about Pen Testing, ie: what it is, how it differs from vulnerability assessments and what are the best use cases. I’ve decided to write this blog in the hopes of helping my customers better understand these differences and use cases of each.

The cyber threat environment is dynamic and constantly evolving. There are new vulnerabilities discovered on a daily basis. Attacks are getting more sophisticated – they’re getting more complex and flying under the radar of traditional detection technologies.

cloud security

The essential checklist for Cloud security

The ripping benefits of cloud computing have been widely touted – business agility, scalability, efficiencies and cost savings among the top. Fortunately, more and more companies are seen migrating and building mission-critical Java applications specifically for cloud environments showing no signs of slowing down. At the same time, such technology has exposed us to threats and risks previously unheard of.

23 NYCRR 500

Training Wheels are Off – NYS DFS Transitional Period Finished

The two-year transitional period implemented by the New York State Department of Financial Services (NYS DFS) regarding their Cybersecurity framework, 23 NYCRR 500, finished this past March 1, 2019. This doesn’t mean the work ends here, but essentially it’s just getting started. The state of New York allowed institutions, or covered entities, a 24 month break in period before having to adhere to all phases per year. The training wheels are off and all phases will have to be obtained yearly moving forward.

cloud education

Cloud Services for K-12 School Districts

Natural disasters such as hurricane’s, earthquakes, and fire can put a school district’s data out of reach. These are obvious reasons to have a solid disaster recovery strategy in place. In the aftermath of Superstorm Sandy that hit the East Coast (NJ, NYC, and Long Island), there were several school districts that were unable to gain access to their systems for days or weeks after the storm had passed. This made it impossible to generate transcripts, pay bills, and in some cases, process payroll.

law firms

Legally Dangerous Attackers

Malicious actors are consistently and persistently looking for new avenues to compromise sensitive data and they’ve found one such entry through legal firms.

Legal firms play a unique role within the economy by being at the center of personal and business-related transactions. Legal firms are involved with large enterprises, governments, small businesses and individual cases. The data maintained by legal firms is both sensitive and valuable and attackers have taken notice. Legal firms are under a barrage of attacks due to the data and relationships they maintain. Many of these firms are focusing on user endpoints when it comes to reducing their risk.

social media

7 Ways Social Media Sabotages Your Cybersecurity

Social media can do wonders for you as an individual, as well as if you are running your own online business. It can help you build a loyal following, spread word and awareness about your brand, and reach out to other like-minded people, as well as customers. And the best about it is that it’s incredibly easy to do, since everyone you are looking for is already there. It is estimated that there will about 2.77 billion users on social media in 2019!

However, because the power of social media is so easy to utilize, most people let their guard down when it comes to cybersecurity, which can come back to haunt them at some point in the future, in a number of different ways. In order to avoid that, let’s take a look at seven ways in which social media sites sabotage your cybersecurity.