MS15-034 Critical Windows Vulnerability: What You Need to Know Now

Posted in Managed Security | Technology | Security | Strategic IT Planning | Technical on April 16, 2015

On April 14, Microsoft released a critical security patch (MS15-034) for the HTTP protocol stack, which is commonly used by Windows IIS web services. [More]

Risk Assessments and Their Importance to Your IT Security Strategy

Posted in Agriculture | Construction | Government | Healthcare | Higher Education | Managed Services | Managed IT Services | Managed Security | Manufacturing & Distribution | Not-for-Profit | IT Consulting | Security | Strategic IT Planning on March 16, 2015

Understanding and assessing risk is a fundamental way to improve information security decisions. While it is impossible to eliminate all the risks associated with systems and sensitive information in an environment, employing a risk management program helps focus limited resources to provide the greatest level of risk reduction. [More]

The Heartbleed Bug: What You Need to Know Now

Posted in Technology | IT Infrastructure | Security on April 9, 2014

While Microsoft’s push of the final patches for Windows XP might normally be seen as a big deal, a vulnerability in the OpenSSL library has managed to steal the spotlight. CVE-2014-0160, which is more commonly referred to as the “Heartbleed” bug, has revealed that it is possible for a malicious user to retrieve memory that could include sensitive data or even the private encryption keys from web servers running OpenSSL versions 1.0.1-1.0.1f and 1.0.2-beta1. Our security and compliance team has been able to exploit this vulnerability, which means attackers can as well. [More]

Five Things a Security Expert Wouldn't Do Online

Posted in Tech Tips | Technology | IT Infrastructure | Security on January 3, 2014

If holiday shoppers learned one thing this past season, it was that cyber attacks and data breaches can happen whenever, wherever. The December 2013 cyber attack on Target stores compromised as many as 40 million credit and debit card accounts, proving that cyber attacks don’t just happen when someone gets a hold of your email account. I asked our director of information risk management (aka security guru), Mark Wilson, what five things he would never do online. [More]

GROW: Expanding Your Understanding of Internet Security

Posted in Technology | Security on November 5, 2013

For all the help the Internet can provide, the it is also a danger. Endpoint security companies like Kaspersky Lab detect cyber attacks every moment of every day. In fact, just in Q2 of this year, Kaspersky Lab products detected 577,159,385 attacks launched from online resources around the world. Here are some basic tips on how to be safe online. [More]

Creating and Enforcing an Adequate Password Policy (Part 2)

Posted in Technology | IT Infrastructure | Security | Strategic IT Planning on October 25, 2013

Still prevalent are systems that require only a user name and password to gain access to privileged information. Unfortunately, there are thousands of hackers worldwide anxiously and actively attempting to steal or circumvent this weak form of security. This is a lucrative attack vector for the hacking community and will continue to be a popular exploit until the user community becomes more aware of this formidable threat. Not until the user community recognizes the threat and discontinues the use of weak passwords will this attack vector begin to abate. [More]

Creating & Enforcing an Adequate Password Policy

Posted in Tech Tips | Technology | IT Infrastructure | Security on October 16, 2013

One of the most frequently used access control mechanisms is the simple password. Entering a password that is subsequently compared to a record in a “private” data repository often is the only mechanism used to both identify a user and authorize a user to access a program. It can be a very weak form of security if appropriate password policies are not created and enforced. [More]

How to Use VirusTotal to Find Malicious Software: Part 2

Posted in Tech Tips | Technology | IT Infrastructure | Security | Strategic IT Planning on September 17, 2013

The capabilities and utility of VirusTotal are impressive—enough in fact that Google recently purchased the company. However, as with any tool, it can be used for good or for ill. In the latter case, when an attacker deploys a piece of malicious software (perhaps as an email attachment), they hash the file first. Read on to understand what a hash is, how it works and how to calculate its value. [More]

How to Use VirusTotal to Find Malicious Software

Posted in Technology | IT Infrastructure | Security | Strategic IT Planning on September 9, 2013

For those of us who watch technology in the news it is apparent that our networks are under an increasing load of attacks ranging from the automated to the highly personal. As a network defender―whether in a technical or managerial/oversight role―it is easy to get swept up in the allure of various vendors selling a technological magic bullet to protect your network. And while those blinking light boxes can be very effective at what they do, they are not the only tool available. [More]

Employees: Your Biggest IT Security Risk

Posted in Technology | IT Consulting | Security | Strategic IT Planning on August 8, 2013

Your corporate data is more accessible to more of your employees than ever. This is true for a host of reasons―mobile devices and the growth of BYOD, a growing trend of remote and flexible work options, increased pressure to be more productive, etc. Unfortunately, these trends mean your employees are doing things that unintentionally put your data at risk every single day. [More]

Let's Talk Tech: What Does a Secure Passphrase Look Like?

Posted in Security | Tech Tips | Technology on June 6, 2013

In part one of our Let’s Talk Tech video blog series on secure passwords, Tim Collyer reviewed why a passphrase is a better choice than a password. A passphrase is often easier to remember than a password and much more secure! In part two, take a look at an example of a good, secure passphrase. Hint—length, humor and intentional misspellings are all recommended.Have a topic to suggest ... [More]

Let's Talk Tech: Password vs. Passphrase

Posted in Security | Tech Tips | Technology on May 24, 2013

If your password is something like 123456 or password it’s pretty obvious it’s not secure. It can take a lot of effort to create a secure password and unfortunately, a secure password often means we can’t remember it. Check out the latest installment of Let’s Talk Tech to learn what Tim Collyer, Sikich security guru, advises for creating a security password.

Let's Talk Tech: Why Disaster Recovery Planning is a Win-Win

Posted in Risk Advisory | Security | Technology | Disaster Recovery & Business Continuity | Strategic IT Planning on April 11, 2013

Disaster recovery planning will help your organization recover more effectively from a disruptive event. View this video to find out why this planning is a win-win for everyone. [More]

©2017 All Rights Reserved.
Disclaimer: This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice.