Critical infrastructure is mentioned in the news by politicians and many other agencies who oversee or work within an industry that is considered critical to the United States and its daily functions. The Department of Homeland security labels critical infrastructure as the following and it “includes the vast network of highways, connecting bridges and...
Continue readingSecure or “Secure Enough”?
When we talk about security, it is often not clear what the end goal is beyond an unspecified "secure state." Which begs the question, when is security good enough? I almost never hear business leaders or security professionals begin a security conversation from this perspective, but this is precisely the conversation business leaders should...
Continue readingSoftware Whitelist or Blacklist?
Today I am writing on the subject of a security control known as whitelisting/blacklisting, or sometimes seen as “deny all, permit by exception”. This control is usually seen as part of cybersecurity compliance efforts, or when organizations have reached the maturity level to begin formalizing their security standards. This can refer to software, applications,...
Continue readingSurviving Below the Cybersecurity Poverty Line
Recently an article came out titled “How to Survive Below the Cybersecurity Poverty Line” which raised some interesting points for small to mid-sized businesses. The cybersecurity poverty line is defined as the point at which an organization does not “have the means and resources needed to achieve and maintain a mature security posture and...
Continue readingThe Future of Cyber-Insurance Policy Security Requirements
As Cyber Attacks continue to escalate, more and more businesses are looking to Cyber Insurance Policies to protect against financial losses. As cyber insurance becomes more popular, we at Sher-Tech are seeing changes to the underwriting process. Currently, when seeking an insurance policy, the insurance company will send you a questionnaire seeking information on...
Continue readingCyber Security Tips
Never leave workstations unattended. Always log off or lock your device. Consider setting up auto-lock after a period of inactivity. Cyber-security is a team sport. You are only as good as your weakest player. Build Cyber-awareness in your team to prevent phishing and other social-engineering attacks. Keep your software up to date. Turn on...
Continue readingDo not Pay the Ransom!
As we have all heard by now, the colonial pipeline hackers were paid 5 million dollars. The data that was extracted from all accounts, at least available information, was a mix of financial and accounting files. I get it, sometimes paying the ransom can assist in returning your business back to normal, or at...
Continue readingCybersecurity and Oil Pipeline Madness
As I write this today, there is a panic in the air of impending gas shortages and gas prices rising. As the summer travel season is soon to arrive, there is instability in our oil and gas infrastructure. All this mayhem and human concern has been caused by a criminal syndicate, DarkSide. The cyber...
Continue readingHuman Process
am confident that training is the most vital component to prevent most of our IT security issues. I believe in a holistic approach. Training and communicating with technology users is the most effective way in keeping your network and data safe. For instance, the sign in process. Do all your users have passwords or...
Continue reading