Skip to content

To do that what I need to do is to hand you hundreds of pages of Information Technology understanding specific for your environment.

I.e. when you need to figure out how to do this thing that is cybersecurity for your environment does it seem like you are building a new house brick by brick? Well, I have good news to tell you - I have 1000 bricks to dump in your lap. Here are the bricks - build a nice house.

Good Luck!

This analogy seems a bit much, but maybe give you a better understanding that many security people have a complex explanation

So instead what i recommend is to wait for my book as it will be out soon -

Then you can develop a risk management strategy and Security policy just to get started.

You can get a fixvirus.com webcover when you join our email list for news on the book. Oversitesentry page with webcover email list form.

Psychology of security –Humans avoid security on purpose sometimes, essentially a risk gambler. In my upcoming book we will discuss the interesting phenomenon where 'enough' people are not paying attention(about 30%) so that everyone now is being attacked more. (with so many machines as an attack surface the criminal hacker has a target rich environment)

We seem to be in a kind of catch 22 in cybersecurity

A lot of people and thus companies do not want to tell others if they need help or have problems (in their cybersecurity). It could just be that it is too complex an issue.

Many managers or owners are not aware the danger that they are in, they think they are not a target(too small to get attacked). Not true, at minimum the computer itself is of use as an attack platform.

These are just some of the reasons about 30% are not doing necessary prevention tasks.No communication of problems here, causes a lot of people not to pay attention.

Ultimately this causes the rest of us problems since their machines are used to attack the rest of us.

Contact me to discuss how you can work on your processes.

My Book titled: Too Late You're Hacked! – Defending Your Small Business’ Computers and Networks

Stage 4 editing – which means I reviewed their comments and fixed some more contextual issues, some clarity issues, and others. Indicated 15 items to watch when publishing software has manuscript.

Grammar editing is next (not sure how long that will take), but the manuscript at 41k words needs a once over with a grammar expert.

The steps after that will consist of the manuscript moving off the Word platform(8.5” x 11”) into the Book publisher software. (the book will be 6” x  9”) here is where we will find out how many pages it will be. With 38 illustrations, and 91 citations, an appendix with a glossary, and  a PCI outline.

We are not done yet but I see the light at end of the tunnel.

Cover art is being worked on - the following is the basic media image with a logo placeholder.

I went on Radio63119.org again on the 16th with the Inside and Out show with Dr. Stan Fine https://www.facebook.com/Radio63119/videos/828354904257304/ is the link to the livestream - which is online at the Radio63119 page on Facebook. Or tune your FM radio to K W R H - 92.9FM within 10-20 miles of Zip code 63119 (Webster Grove)

The main theme was Cybersecurity and how one can defend against Cyberattacks.

CrowdCyber – Use your voice to contact businesses to help them survive a Cyber catastrophe.

Will your favorite business go out of business in 6 months after a ransomware attack? Or will they bounce back?

Check oversitesentry.com to help your local businesses defend against Cybersecurity attacks.

The show goes over the following 6 questions:

What is worst that can happen in cybersecurity?

2. How is psychology of security harming some small businesses?

3. how to prevent a disaster in cybersecurity?

4. how can anyone with concern for small businesses help the businesses.

5. What is crowdCyber?

6. How much time and effort should be spent on cybersecurity?

Thursday the 2nd of January https://www.radio63119.org/thursday At 10:30am I will be on the Dr. Stan Fine Show of "Business Inside and Out with Dr. Stan Fine"

Also at https://www.facebook.com/Radio63119/ may have a livestream. (searching in Facebook for radio63119 works too)

Here is the livestream link: https://www.facebook.com/Radio63119/videos/779825965873107/

Or tune your FM radio to K W R H - 92.9FM within 10-20 miles of Zip code 63119 (Webster Grove)

We will be discussing how to help Small businesses:

Some things you should know "Psychology of Security" and more

After the show airs the 6 questions and some answers will be reposted here.

  1. Why are small businesses getting hacked? (even though they do not have a lot of money/resources)
  2. Who is attacking us now?  Is it criminals? Young people experimenting? Nationstates?
  3. What method of attacking is most likely to hack you? What is the weak link?
  4. How is the Psychology of Security hampering Human tendencies when it comes to Cybersecurity?
  5. What can you do to prevent getting ransomware?
  6. What is a general rule of thumb to defend your technological devices?

The show went well (link above of the Facebook Live link)

 

Worried about Cybersecurity?  Or do you want to improve your Cybersecurity program?

With the new Facebook data leak scandal in the spotlight - are you concerned over how your company deals with customer data?

 

Our latest blogpost at Oversitesentry: http://oversitesentry.com/protect-privacy-of-client-data-using-new-ways/ discusses what could happen as the new EU privacy regulations are going to be enforced.

Make no mistake the regulations in America will also change (towards Cyber privacy).  As self-regulation has not worked for the industry.

You may have needed a security policy for PCI(Payment Card Industry) compliance in the past, but you will likely need a way to write down what your policies are, hence the need for a security policy for many regulations today and tomorrow.

Good news on that front  -  At Fixvirus.com we have a spring cleaning special April - through May   we will offer our Alpha scan at half price.

If you are in need to just discuss some Cybersecurity first - contact us and the half off - still stands.  Half off consulting time and material up to 10 hours.

 

There are many projects we are involved in, but we have a strict policy of not discussing our projects with the world. For the right project, we are willing to make monetary concessions so that we can use your project as an example on our marketing efforts.   We would never divulge details just general items such as:

Company ABC has improved security policy - performed Alpha scan due diligence.

 

   

CISA Certified Information Systems Auditor®

 

Do you need a fresh perspective?

Is your IT staff overworked? Do they get projects completed on time and under budget?

What is the true value of knowing your Cybersecurity risks and threats?

Does your IT staff have the experience to give you a proper report of your Cybersecurity compliance reports?

CISA certified means Certified Information Systems Auditor. Which means you will get a proper report after a thorough review.

We know that 25% of companies do not patch their computers within any reasonable time period, this is a very large amount of companies. We also know that 22% of companies do not backup their files.

So there is a large amount of entities not doing what they should to protect themselves and us as well.

since the problem is if they get infected, now their machines may have your email address in their address list.

And then you wonder, why is this person sending me an email?  Well, their machine was compromised and is now sending spam malware to everyone.

And guess what, the badly configured machines will get attacked again and again.

This is not like lightning - Cybersecurity strikes again and again until you fix the processes for good. although there are no guarantees at least you can make the risk minimal.

Contact Us to discuss how to check your IT staff and make sure you will stay in business even after an attack. Or to get your ship in shape before something happens.

https://www.youtube.com/edit?o=U&video_id=QNLB185u9Nw

I bet you did know you are playing Cybersecurity Russian Roulette? Do you have a 500Barrel Gun or a 1000barrel gun?

How would you find it? Well we have to find out what kind of software you have…  and the vulnerabilities they have.

Attack timeline vulnerabilities

What can be done? Patch your devices, learn how to perform risk management with all digital devices.

Don’t play Cybersecurity roulette, you can have risk management that can mitigate risks and keep things manageable.

Also posted on my Blog at Oversitesentry

 

Malware is becoming more sophisticated - and it is difficult if not impossible to catch every virus/malware that is being created constantly.

cantcatchallmalware

If this is a true statement:  "My IT department will not catch all malware that is being created"  even with anti-virus Next gen firewall and more. Now what?

 

We have to try to detect the malware as fast as possible after it affects the computer - and then react to it.

 

But you say - what do you mean - I catch all the viruses and malware...  i have anti-virus and a new firewall that inspects network traffic, I have anti-spam which removes all the known viruses.

Ok let me do this for you:   100% of all KNOWN viruses and malware are caught by your awesome people and technologies.  Known only.

Are you familiar with new attacks that can exploit software before it has been patched? Otherwise known as Zero-day or 0-day.

I have discussed this before at my blog Oversitesentry¹ Zero-days are very dangerous as there is no defense against them. So at this point I want to show you our difficulty in defense of the network and computers:

 

nevermindthedetails  from youtube Video of Pablo Breuer CircleCityCon²

For example: At any 1 point in time there are 0.001% of people that can write one 0-day exploit per year (this is a reasonable timeframe) 1 out of a 100,000.

We know China is very interested in Cyber warfare and stealing secrets - making money etc. So in China there are 1.357 Billion people in China(2013) as per Google.

So therefore there will be 13,570 0-days written in a year. So let's say 85% of these 0-days are caught by our defenses because the attack looks similar to a current known virus (which we detect) or otherwise effect.

So 85% of 13,570 = 11,535  of which consists of detected zero-days.

So unfortunately 2,036 0-day attacks will not be identified.

 

And now you know why the Attacker has the advantage  - it is hard to keep up with 2000+ new attacks per year - almost 6 per day.

I have said this before(attacker advantage)³

morepredatorsthanprey

Offense only has to be right once to penetrate successfully. Whereas the defender has to work 365 days of the year.

We have our work cut out for us - as every IT function must work just right, this is too important and thus must get audited by a separate entity like us.

Contact Me Tony Zafiropoulos 314-504-3974  to get the conversation started.  To increase your focus on the things that matter - detect and react.

  1. https://www.youtube.com/watch?v=lVkTI-3BMY8
  2. http://oversitesentry.com/newsflash-software-has-bugs-0day-vulnerabilities/
  3. http://oversitesentry.com/reviewing-all-of-the-changes-in-2015/

 

 

 

Please consider taking this survey as we are interested in your cybersecurity needs and are exploring products (apps etc.) to create and fulfill market needs.

fixvirus-logo300x200  Survey