NYDFS propose new cybersecurity regulations, effective Jan 1 2017. Here’s what you need to know

Posted by:

Last month, the New York State Department of Financial Services (NYDFS) put forward a proposed regulation designed to impose new rigorous cybersecurity requirements on banks, consumer lenders, money transmitters, insurance companies as well as some financial service providers in New York State.

The State has indicated that securing both New York’s financial services firms and its consumers is the main priority. The aim is to lower the risk posture in light of ...

Read More →
0

IoT and DDOS: security advice following the Marai botnet attack on Brian Krebs

Posted by:

A giant botnet made up of zombie internet-connected devices (or IoT devices) was used to strike a massive Distributed Denial-of-Service attack (DDoS) against Brian Krebs’ website, the site of a well-known cybersecurity blogger, last month.

Some have estimated the botnet’s size may have been a million strong.

Worse, as Krebs reported on the 1 Oct:

 “The source code that powers the “Internet of Things” (IoT) botnet responsible for launching ...

Read More →
0

Offensive Security Unbound: introducing Red Team Service

Posted by:

With new cyber threats exploding into existence and commandeering what we would normally consider to be well-defended networks, our concern was straight-forward: how do we provide more effective security measures for our TBG Security customers?

We decided to get down to brass tacks to figure out how we could elevate IT security to the next level.

Instead of offering spot checks at set times, what if TBG Security set up a team of accredited security professionals that could use the methods an ...

Read More →
0

Yes, turning on multi-factor authentication (aka 2FA) is really important

Posted by:

When you work within an industry like IT security, you can sometimes get blindsided. Perhaps you feel untouchable by the bad stuff out there, simply because you know it exists, and you know how to secure against it.

Here’s a good example: many who are knowledgeable about IT security KNOW that multi-factor authentication (2FA) is a vital security measure, yet many haven’t turned it on for the majority of their apps (not that all apps offer 2FA, and you should reconsider ...

Read More →
0

Social engineering series: the psychological norms exploited by fraudsters

Posted by:

Be nice.
Be helpful.

These life lessons are ingrained into most of us early on, and, sadly, it’s one of the reasons why many social engineering tactics are successful.

Social engineers manipulate targets into saying or doing things that will provide the desired information, which could be login information or sensitive data like customer lists, development plans or company strategies.

In order to control these ingrained friendly and helpful behaviours – by which I mean being able to identify situations that do not ...

Read More →
0

Ransomware: expert prevention and mitigation advice

Posted by:

Ask anyone who’s been through it: ransomware attacks are nasty, insidious beasts that can spike stress levels, lean hard on resources and steal funds from organizations. They impact brand reputation, deflate morale and significantly disrupt normal business operations.

Worst of all, ransomware reports on the rise.

A recent survey shows that the biggest cost to business is downtime, not the ransom payment. The other interesting finding is that almost half of all attacks target firms with more than ...

Read More →
0

Want to outsource your IT security? 43 questions to ask

Posted by:

When it comes to outsourcing IT security, there is no one size fits all.

In the last blog post, Is outsourcing your IT security right for your organization, we looked at why some companies choose to outsource their IT security requirements.

Here, we are going to find out how you identify a good IT security firm.

IT security is specific to every organization. It depends on what assets you are trying ...

Read More →
1

Is outsourcing your IT security right for your organization?

Posted by:

Imagine you are running a large, swanky five-star hotel where guests expect to pay for luxury services. You might conclude that having full-time medical doctors on staff is worth the investment.

However, were you running a leaner hospitality operation, the associated costs of full-time doctors would simply be prohibitive, putting your business under unnecessary financial strain.

Now compare this scenario to that of a growing business needing to secure its systems, data and users from unauthorised access and malicious software.

For a few ...

Read More →
0

How to provide IT security training that works

Posted by:

All IT teams in medium to large organizations know that they should be providing regular IT security training to staff members. Small businesses should be doing it too, but might not be as aware of the need for cybersecurity training for non-IT staff.

Thing is, other jobs always seem to get in the way. Firefighting system availability, authentication, confidentiality and security issues means that training often drops down the priority list.

Even in security-conscious organizations, months, and even years, can pass without ...

Read More →
0

Are legacy apps lurking on your network?

Posted by:

Network audits can be instrumental in sanitising your systems, ensuring there are no legacy, outdated or vulnerable applications lurking on the network.

You probably don’t need us to tell you that networks are complex beasts. Network administrators walk a tightrope between making sure all files are available for the right people at the right time, and ensuring that the unauthorised are denied access at every turn.

Knowing what is on your system is vital – we’ve previously Read More →

0
Page 10 of 18 «...89101112...»