“Seeing Yourself in Cyber”  Since the 2004 declaration by the President of the United States and Congress, we dedicate each October as Cybersecurity Awareness Month. The annual campaign is sponsored through a conjoined effort between the Cybersecurity & Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) — providing support from both the federal government and private industry organizations.  Every year, CISA and the NCA seek to use October to raise awareness of cybersecurity...

The Guide to Risk Management and Cybersecurity Assessments   The idea of understanding your cybersecurity risks, program, threats, and potential impacts seems like an obvious item on a business leader’s to-do list — yet often only done when a firm needs to “check a box” for compliance purposes. A proper assessment and analysis is the first step for robust risk management and cybersecurity program development — regardless of contractual, regulatory, or insurance underwriting requirements. One estimate,...

Enforcing best security practices through governance and formal procedures  Similar to how firms use employee handbooks to outline all the requirements and expectations for professionalism in the workplace, businesses should also implement rules for how users of company resources and applications must act and operate as it pertains to the company’s data security. Hence, the use of organizational information-security policies. These are formal rules, guidelines, and procedures that employees must follow to prevent or mitigate...

On September 22nd, 2022, the Crowdstrike Fal.Con cybersecurity conference concluded — providing numerous seminars and industry updates to security practitioners on solutions to enhance organizational security postures, identify risks, and fully understand some of today’s lingering threats.   Our CEO and founder Delta Munoz attended this conference and came back with tremendous insights to incorporate into the Ascension Global Technology expertise and services. For example, this year, there was a particular emphasis on solutions for automating...

In 1996, a Microsoft employee used the first Virtual Private Network (VPN) to provide a secure connection to the Internet — which later was adapted into a popular method for remotely connecting with private corporate networks by the 2000s. Obviously, a lot has changed since then in terms of IT environments and infrastructure — that now highly utilize cloud and hybrid computing.  VPNs are services that let users access a network, such as the Internet...

Truly popularized in the mid-2000s, multi-factor authentication (MFA) has been security practitioners’ go-to response whenever someone asks, “what can I be doing right now to protect my data and accounts?” It’s often listed as a default best practice to defend against many cyber attacks and attack vectors such as phishing, business email compromise (BEC), keystroke logging, brute force, and certain types of man-in-the-middle (MiTM) attacks.  Recent events, however, have called into question MFA’s capabilities to...

Today, many small and mid-sized businesses find themselves in similar situations when it comes to managing cybersecurity risks — they know there are prominent threats to their organization that they need to take seriously, but don’t have the means or knowledge to do so.  The first thought that comes to mind, especially with those firms trenched with stringent data-security compliance requirements, is starting an internal cybersecurity team headed by a full-time Chief Information Security Officer...

Heading into mid-to-late Summer, many organizations use this time of year to strategize or restrategize how they’ll prepare for a major crisis. A huge component of this process is planning for business continuity (BC) and disaster recovery (DR). Without a robust system of practices, technology, and strategies dedicated to carrying on with operations and retaining its brand image, an enterprise could become obsolete after just one incident.  Whether you’re referring to a natural, cyber, political,...

Protecting Backup Solutions From Threats and Vulnerabilities  As we have recently hit the end of the financial tax season and concluded some of the busy periods companies endure for selling their product or service, this is the time of year when many organizations reevaluate their business continuity and disaster recovery plans. While they likely consider natural disasters and political events that could halt their operations, one area that needs to be assessed is cybersecurity.  The...

Best Practices for Managing Organizational Data Breach Privacy At conferences, networking events, trade shows, or even just at social gatherings, the topic may have come up that put you in a position where someone was telling you about a data breach or other cyber incident their business incurred. While the conversation may have been genuine and not meant to diminish their employer’s reputation, there’s no doubt that you end up viewing that organization much differently...