In a nutshell, the Principle of Least Privilege means limiting access to whom and for what is necessary to perform one’s duties. The concept of restricting access to data, information, applications, operating systems, servers, network equipment, etc.. is nothing new. In fact, the concept has been around for decades and ignored for just about as […]
Category: Blogs
No Ransom, No Cry
The recent WannaCry (WannaCrypt) malware attack further shows how many organizations are still unprepared to prevent, respond and recover from such attacks. This malware and a lot of other viruses typically take advantage of a well-known exploits, most of which have a fixes/updates to mitigate these issues. Case in point, MS17-010. This security update had been out almost […]
Protecting Your Organization’s Reputation – Part 3
Welcome to Part 3, of the multi-part series on “Protecting Your Organization’s Reputation”, where we’ll be focusing on the area of Data Loss and Leakage Prevention. As discussed in the previous installment, sender verification, anti-spoofing and messaging signing (digital signature) technologies/controls are a great first step, but that still doesn’t protect from malware and other […]
Protecting Your Organization’s Reputation – Part 2
We’ve all heard of the increases in e-mail phishing/scamming/spoofing. Typical phishing or spear phishing scams usually include a malicious URL or attachment, that attempts to install malware or to gather more information (credit card, bank account, etc…), while whaling is a pure social engineering hack. If your organization falls victim to these exploits, it can […]
Protecting Your Organization’s Reputation – Part 1
Organizations can get a bad reputation from a variety of externally initiated and/or internally created issues, such as: poor customer service, spamming/spoofing, CEO/CFO spear phishing scams, leakage of customer personal/financial/health information, environmental dumping, financial malfeasance, and the list goes on. For many of these issues we can mitigate the probability and impact and/or provide corrective actions. […]