In our modern age, it is natural to want to modernize your business in order to keep up with the times and keep customers interested, so investing in the cloud can often seem like a natural pathway for changing businesses, but it does come with some risks. Not paying attention to the very real risks of compromising cloud security – which can seem like a faraway, non-important issue – can cost you greatly, and, at worst, could ruin your business. Customers put their trust in you to keep them and their data safe, so compromising that can be the absolute faux par, which will destroy your business’ reputation and ensure that no future success can be enjoyed. But enough with the fear-mongering: how can you stop these security slips ever happening in the first place? Knowledge is your best tool, so knowing about the dangers often prevents them from becoming issues.Details
Recently, ransomware attacks have been on the increase in school districts nationwide and there are no signs of it slowing up. This is happening because school systems typically suffer from a smaller IT staff, older equipment and less-than-optimal cybersecurity expertise. For cyber criminals, schools are becoming the low hanging fruit for theft.Details
Open-source software is a great way to add proven functionality to your application, but it comes with risks in the form of software vulnerabilities. If you are using open-source components (and with all likelihood you are), it is important to keep track of new vulnerabilities as they are discovered, so you can upgrade to the latest, patched-up version of the software.
One tool you can use to keep track of open-source vulnerabilities is the list provided by the Open Web Application Security Project (OWASP), which was last updated in 2017. The OWASP Top 10 covers the most critical security risks for web applications.
The following tips should help you protect your software against the OWASP Top 10 vulnerabilities.Details
Gartner has recently conducted a research on world wide public cloud revenue and forecasted a growth of 17.5% in world wide public cloud services market in 2019. The total is expected to reach to a whopping amount of $214 billion, up from $182.4 from 2018.Details
Running a business these days often means managing a series of online accounts and figures, with a little shipping and perhaps some calling. Of course, this lacks the physical security of physical businesses. Many turn to other monitoring and management packages that can be accessed by clients, while algorithms and other features keep access to where it’s necessary. Cloud security can be tricky and without at least some education in the field, users can make simple mistakes that could ruin businesses.Details
Internet of Thing (IoT) devices have taken over our lives. Everything from your refrigerator, thermostat, and light bulbs are talking to the cloud. This is generating an unprecedented amount of data that is traversing the Internet and needs to be stored somewhere, hopefully securely.Details
Does your business continuous traffic from European countries? If your answer is yes then you should be fully aware of Europe’s new data privacy law – GDPR. It will definitely affect you if you don’t know it.
In this article, we are going to discuss everything about what GDPR is, how it is going to affect your approaches of data collection and how to make your site GDPR compliant.Details
In terms of IT security, mobile is top of the agenda in 2019 for businesses, especially as now workers access the majority of the required data through mobile devices, with smartphones top of the list. With information often the most valuable asset that a company possesses, mobile breaches are a huge threat to businesses of all sizes. These are the specific threats to look for now and in the near future.Details
Connecting the Branch to the Cloud The expansion of the network is about much more than adding new devices and platforms. Maximizing the benefits of an extended, scalable, and highly elastic network requires dynamic interconnectivity and orchestration between all of the various elements. Nowhere is this more apparent than in the need to connect edge…Details
Hacking isn’t just about computers. It’s a skill. It requires keen observation, resourcefulness, and creativity. And as a teen, I see hacking all the time on social media. They’re called teen influencers. And it’s got both the good and the bad of hacking. You see, I’m a busy person: family obligations, work, work friends, school,…Details
BYOD is defined by Google as the practice of allowing employees of an organization to use their own personal devices for work purposes. This includes mobile phones, laptops, and tablets. Given the sharp increase in the number of companies taking advantage of all that BYOD offers, several similar acronyms have developed, such as BYOT (Bring…Details
Cryptocurrencies have changed the business world by adding yet another asset that individuals and organizations can invest in. Although only 3% of people currently trade with digital money, the number of investors is growing steadily all over the globe.Details
We recently held our second annual CISO roundtable that brought in the attendance of fifteen CISO’s for a candid conversation regarding their concerns, challenges and advice on protecting their organization. Last year’s roundtable showed that Long Island has a security community that’s hungry to learn and grow from each other. This was also evident from the attendance at the first BSides Long Island, which was held in January. It was no surprise that our second roundtable was just as lively and informative as these two events. Throughout the agenda for the night the topics covered ranged from continued challenges, improvement, and future considerations. We’ll briefly touch on a few throughout this blog so the extended community can learn from their wisdom and insights.Details
Moving to the cloud takes you out of the data center business and enables you to focus your company’s efforts on what it does best. Cloud providers have a massive advantage over in-house and on-premises solutions in that they are backed by millions of dollars of research and development, as well as an international network of hardware dedicated to providing the best possible IT solution for their clients.Details
Last month Bob Violino wrote a great article about “The dirty dozen: 12 top cloud security threats.” At CCSI we are seeing many of our customers with aggressive “move to the cloud” or “cloud first” initiatives. As they move forward, we always advise them that they keep a close eye on their security posture and attack surface.Details
Today, people expect to be able to access their information anytime, from any type of device, and from anyplace in the world. Mobile devices and the Cloud have fed this expectation. With all of this access comes an increasingly complex network infrastructure.Details
The cybersecurity and tech job markets are booming and it’s a great time to be a job seeker or employee in this field. Just because there’s job security doesn’t mean that you should let off the gas pedal. As an employee or prospective employee in the tech field, you should always be looking for ways…Details
Often, when speaking to many organizations, I often hear confusion about Pen Testing, ie: what it is, how it differs from vulnerability assessments and what are the best use cases. I’ve decided to write this blog in the hopes of helping my customers better understand these differences and use cases of each.
The cyber threat environment is dynamic and constantly evolving. There are new vulnerabilities discovered on a daily basis. Attacks are getting more sophisticated – they’re getting more complex and flying under the radar of traditional detection technologies.Details
The ripping benefits of cloud computing have been widely touted – business agility, scalability, efficiencies and cost savings among the top. Fortunately, more and more companies are seen migrating and building mission-critical Java applications specifically for cloud environments showing no signs of slowing down. At the same time, such technology has exposed us to threats and risks previously unheard of.Details
Cloud security is the protection of data, applications, and infrastructures involved in cloud computing. Just like on-prem IT security, cloud security still has concerns like unauthorized data leaks, weak access controls, susceptibility to attacks, and threats to availability.Details
Agile development has been increasingly evolving since the creation of the Manifesto for Agile Software Development in 2001. The desire to create better development methods has introduced a methodology that promotes efficiency, collaboration, flexibility, and fast turnaround. Now, eighteen years later, agile development is rising in popularity and might soon replace the traditional waterful approach.…Details
There are multitude of reasons many companies are migrating to the cloud. Some are migrating to the cloud to aid in increasing the productivity of their IT staff, as well as the overall workforce. Others are looking to scale down data centers, help to lessen infrastructure sprawl, and modernize legacy applications. Additionally, some organizations are re-thinking…Details
The two-year transitional period implemented by the New York State Department of Financial Services (NYS DFS) regarding their Cybersecurity framework, 23 NYCRR 500, finished this past March 1, 2019. This doesn’t mean the work ends here, but essentially it’s just getting started. The state of New York allowed institutions, or covered entities, a 24 month break in period before having to adhere to all phases per year. The training wheels are off and all phases will have to be obtained yearly moving forward.Details
Natural disasters such as hurricane’s, earthquakes, and fire can put a school district’s data out of reach. These are obvious reasons to have a solid disaster recovery strategy in place. In the aftermath of Superstorm Sandy that hit the East Coast (NJ, NYC, and Long Island), there were several school districts that were unable to gain access to their systems for days or weeks after the storm had passed. This made it impossible to generate transcripts, pay bills, and in some cases, process payroll.Details
There’s no question that digital safety and data security are serious concerns for everyone these days. Businesses big and small simply cannot survive without some kind of security program in place. While some of the more common cyber attacks include viruses, malware and ransomware — the latter being particularly buzz-worthy these days — there’s one…Details
Going online has several risks, ranging from identity theft to theft of cash and other items. Some privacy is important as you surf the Internet. You have a choice of two technologies- VPN and SSH to help enhance some protection and privacy. These two technologies are not competing, but work in different ways to ensure…Details
Whether you are planning to migrate a single critical application, or a major portion of your infrastructure, thorough research and a mindful approach are needed before transitioning to the cloud. Many IT groups have struggled moving key enterprise applications to the public cloud, learning from their mistakes, they used these lessons learned for greater success in subsequent migrations.
If you’re one of the many thinking of moving your IT infrastructure to the public cloud or have committed to the idea, but are struggling how to go about it, you don’t want to be the one caught trying to re-create the wheel only to fail miserably. Using the lessons learned from those that have gone before you, helps to maximize your chances of a successful cloud migration on the first attempt. If done right some of the benefits to be realized are reduced cost, streamlined day-to-day operations, IT team expansion, flexibility, and scalability, just to name a few.Details
Malicious actors are consistently and persistently looking for new avenues to compromise sensitive data and they’ve found one such entry through legal firms.
Legal firms play a unique role within the economy by being at the center of personal and business-related transactions. Legal firms are involved with large enterprises, governments, small businesses and individual cases. The data maintained by legal firms is both sensitive and valuable and attackers have taken notice. Legal firms are under a barrage of attacks due to the data and relationships they maintain. Many of these firms are focusing on user endpoints when it comes to reducing their risk.Details