Cyber & data breach insurance has increasingly become one of the most valuable insurance coverages sought out by organizations of all shapes and sizes. As cyber-related threats continue to evolve and multiply, the insurance offers a financial umbrella for those who fall victim to attempted and successful breaches.  Cyber insurance consists of two major components; first-party and third-party coverage. First-party coverage refers to damages that happen directly to the insured as a result of a...

Endpoint detection & response (EDR) is a cybersecurity solution consisting of multiple tools (including AI) that monitor for potential security threats and address them head on. This technology works by constantly collecting information from endpoint devices connected to an organization’s network such as desktops, servers, laptops, or tablets. By “information,” we are mostly referring to contextual activity happening between the endpoint and network like logins, session types, IP address location, accessibility data, etc.   Upon collecting...

Keep this in mind as we start the 2022 Windows software patching year: Patching is not enough to keep Microsoft 365 protected. Before you purchase third-party tools that claim to protect you from all threats, or before you begin that zero-trust project, stop for a moment to evaluate whether you are doing all you can with what you have to protect Microsoft 365 users and data.  Protect against ransomware attacks Operating system patching often isn’t...

Here we go over the steps and preplanning that need to be taken after a cybersecurity incident to get your business back to operational and restore public trust.    Moving into the final stage of the NIST cybersecurity framework, we now enter the “Recover” function. The activities involved in this function would take place after an organization first had gone through the steps to “Detect” a cybersecurity incident, then quickly had to act to “Respond” to...

This NIST framework function will tell you everything you need to do to respond to a cybersecurity incident including the strategic planning and specific areas to focus on.  Continuing through the primary functions of the NIST cybersecurity framework, we get to “Respond.” After the “Identify” function where you had determined the risks, vulnerabilities, and elements of your security program, you began implementing various security controls to “Protect” your data and critical systems. You also put...

Following these consumer best practices for online shopping will help you get through the holiday season securely as well as avoid shopping scams, prevent theft of your personal data, and secure your credit card information.   Kate, a mother of three, couldn’t contain her excitement for shopping during the holiday season when she received an email offer from one of her favorite online retailers for 50% off plus free shipping on her next order. As any...

As we continue our journey with NIST, Here we show you what it means to “protect” while providing our readers with industry best practices towards your security program. A cybersecurity program’s “Protect” function is often the most thought-about area that organizations consider when looking to enhance their security program. It’s also the second of five functions of the NIST security framework issued by the United States government to provide a set of guidelines for businesses...

The NIST Security Framework is the ultimate roadmap for which the United States government outlines how businesses can develop their cybersecurity program to account for the threat landscape that is forever evolving. The framework is long and detailed but can be more easily understood when the recommended best practices and security measures are broken down into the five primary functions of security.  The first of those five functions is known as Identify, and it describes...

Each year, the U.S. government manages many different departments and agencies to protect its citizens and businesses, including providing military defense, promoting health safety measures, passing consumer protection laws, and enforcing labor laws. That’s just to name a few.  But what about more complex and evolving risks like cybersecurity? Is there any type of resource provided by the federal government for businesses to protect themselves from a cyber attack? What about guidelines recommended that could...

Thinking of adopting Zero Trust. Here are some fundamental principles you need to know. What is the Zero Trust Security Officially named in 2010, a network security model was introduced to secure organizations’ evolving IT infrastructure, which became more vulnerable after heavily incorporating cloud-based applications and databases into their current IT management strategy, creating a limitless network perimeter for organizations that could access it anywhere. This model is known as the Zero Trust Framework, sometimes...