Skip to content

Featured article

Published on

The Image is trying to make a point that governance includes PCI compliance and can be a basis of making proper IT decisions with the future in mind. Where the focus of compliance and regulations efforts are on specific actions and data, governance can be all encompassing and most important create an environment where proper decisions are made with the right people in the room. Nothing is missed, whereas the compliance efforts are only doing what they have to.

Our latest blogpost at https://oversitesentry.com/compliance-vs-framework/ (a bit more information)

Featured article

Published on

Is it important to focus on Security? How much should we pay attention to Computer Security? Can we relegate Computer Security or as some coin the phrase 'Cybersecurity' to an afterthought? Or at least a small line item in the plan for 2019!

Your company could have a serious problem if circumstances cause problems to cascade to a dangerous level.

So 'IF' there is a ransomware attack on the most important data that we use, and we cannot recover the data(for whatever reason) is that important enough to pay more attention?

As the image above notes in six months we could be out of business if we did not prepare properly setting up backups for our data. Sometimes ransomware just destroys data and it cannot be recovered.

Contact us to get someone to review your backup plans and more to make sure that your business will be viable even after a ransomware attack.

Published on

Thursday the 2nd of January https://www.radio63119.org/thursday At 10:30am I will be on the Dr. Stan Fine Show of "Business Inside and Out with Dr. Stan Fine"

Also at https://www.facebook.com/Radio63119/ may have a livestream. (searching in Facebook for radio63119 works too)

Here is the livestream link: https://www.facebook.com/Radio63119/videos/779825965873107/

Or tune your FM radio to K W R H - 92.9FM within 10-20 miles of Zip code 63119 (Webster Grove)

We will be discussing how to help Small businesses:

Some things you should know "Psychology of Security" and more

After the show airs the 6 questions and some answers will be reposted here.

  1. Why are small businesses getting hacked? (even though they do not have a lot of money/resources)
  2. Who is attacking us now?  Is it criminals? Young people experimenting? Nationstates?
  3. What method of attacking is most likely to hack you? What is the weak link?
  4. How is the Psychology of Security hampering Human tendencies when it comes to Cybersecurity?
  5. What can you do to prevent getting ransomware?
  6. What is a general rule of thumb to defend your technological devices?

The show went well (link above of the Facebook Live link)

Published on

As I wrote in my blogsite www.oversitesentry.com PCI compliance is a good way to get started if you have not yet done so on the path of creating good Cybersecurity in your organization.

IF you are accepting credit cards, then you _should_ be PCI compliance standard capable. So it is a lot to take on if you have nothing, but it can be easier if you do not develop computer code so that you accept credit cards.

My slightly simplified headings:

First inventory all your systems (software and hardware).

  1. Firewall maintenance (set up proper procedures to edit the ACL - Access Control List)
  2. Change your default passwords (and create a password policy)
  3. Protect stored cardholder data (if you are not developing software or have a website that you are developing - this may not be necessary)
  4. Encrypt Cardholder data - i.e. use devices that encrypt cardholder data (or develop this properly)
  5. Protect all systems against malware (using anti-virus software)
  6. Develop and maintain secure applications (only if you are developing software)
  7. Restrict access to cardholder data (if developing authenticate before giving access)
  8. Identify and authenticate access to system components
  9. Authentication physical access (only qualified people should access credit card systems)
  10. Track and monitor all access to network resources and cardholder data (log systems)
  11. regularly test security systems and procedures
  12. Maintain a policy that addresses security information for all personnel
12 parts of PCI compliance

So from this point one can remove step 6 if there is no computer code helping you accept credit cards.

Step 4 should be handled by the credit card processor devices

Step 3,7,8, and 9 is easier with no coding.

Now all you have to focus on is 1,2,3,5,10,11, and 12 which you should be doing already, maybe you have no documentation, but it is being done (or should be).

If you ask me, 1,2,5,10,11,12 should be done no matter whether you have credit card processing or not. Someone should be accumulating bits and pieces until you have a proper security policy.

THAT is what we do!! We can help you with creating a security policy from scratch. Contact Us

Published on

 

NSA insights video(7/18/18) gives an overview of what is happening in their Cybersecurity Threat Operations Center.

The presentation explained when the Equifax hack happened due to a strut vulnerability the nation state actors were attacking US government networks looking for this vulnerability within 24 hours of release.

 

Interesting to note Dave Hogue technical director, National Security Agency(NSA) said that there is still a faulty thinking, as 1/3 of respondents  to a survey think that there is a better chance of getting struck by lightning than getting cyberattacked. This thinking is clearly wrong, but the perception is there.

I agree with this assessment - there is clearly a faulty thinking in many places.

Contact us to discuss this in detail.

 

 

 

Published on

So now we are in July 2018 and the 3rd quarter has started in earnest, have you completed  your compliance reports for 1st and 2Q?

PCI compliance is just a bunch of check marks right?

Just say your network is secure, the payment transactions are all encrypted, all the employees know what to do in all situations, etc. etc.

Did you perform Risk Analysis as the PCI compliance documents require at PCI Security standards?

Unfortunately if you ever do get breached and you do not have all the paperwork, the fines will make paying an auditor for years chump change.

Contact us to audit or create Compliance security policies.

Published on

 

Worried about Cybersecurity?  Or do you want to improve your Cybersecurity program?

With the new Facebook data leak scandal in the spotlight - are you concerned over how your company deals with customer data?

 

Our latest blogpost at Oversitesentry: http://oversitesentry.com/protect-privacy-of-client-data-using-new-ways/ discusses what could happen as the new EU privacy regulations are going to be enforced.

Make no mistake the regulations in America will also change (towards Cyber privacy).  As self-regulation has not worked for the industry.

You may have needed a security policy for PCI(Payment Card Industry) compliance in the past, but you will likely need a way to write down what your policies are, hence the need for a security policy for many regulations today and tomorrow.

Good news on that front  -  At Fixvirus.com we have a spring cleaning special April - through May   we will offer our Alpha scan at half price.

If you are in need to just discuss some Cybersecurity first - contact us and the half off - still stands.  Half off consulting time and material up to 10 hours.

 

There are many projects we are involved in, but we have a strict policy of not discussing our projects with the world. For the right project, we are willing to make monetary concessions so that we can use your project as an example on our marketing efforts.   We would never divulge details just general items such as:

Company ABC has improved security policy - performed Alpha scan due diligence.

 

   

CISA Certified Information Systems Auditor®

 

Published on

Do you need a fresh perspective?

Is your IT staff overworked? Do they get projects completed on time and under budget?

What is the true value of knowing your Cybersecurity risks and threats?

Does your IT staff have the experience to give you a proper report of your Cybersecurity compliance reports?

CISA certified means Certified Information Systems Auditor. Which means you will get a proper report after a thorough review.

We know that 25% of companies do not patch their computers within any reasonable time period, this is a very large amount of companies. We also know that 22% of companies do not backup their files.

So there is a large amount of entities not doing what they should to protect themselves and us as well.

since the problem is if they get infected, now their machines may have your email address in their address list.

And then you wonder, why is this person sending me an email?  Well, their machine was compromised and is now sending spam malware to everyone.

And guess what, the badly configured machines will get attacked again and again.

This is not like lightning - Cybersecurity strikes again and again until you fix the processes for good. although there are no guarantees at least you can make the risk minimal.

Contact Us to discuss how to check your IT staff and make sure you will stay in business even after an attack. Or to get your ship in shape before something happens.

Published on

https://www.youtube.com/edit?o=U&video_id=QNLB185u9Nw

I bet you did know you are playing Cybersecurity Russian Roulette? Do you have a 500Barrel Gun or a 1000barrel gun?

How would you find it? Well we have to find out what kind of software you have…  and the vulnerabilities they have.

Attack timeline vulnerabilities

What can be done? Patch your devices, learn how to perform risk management with all digital devices.

Don’t play Cybersecurity roulette, you can have risk management that can mitigate risks and keep things manageable.

Also posted on my Blog at Oversitesentry