Effective Solutions Through Partnership

Category Archives: Ransomware

Equifax Data Breach: Next Steps

Cyber Security, Information Security, Information Security Management System (ISMS), Information Technology, ISO27001, KAI Partners, Ransomware, Sacramento, Small Business, Startup Company, Technology

As you may have heard, there has been a major breach of data at credit bureau Equifax.

It’s now more important than ever to protect yourself. To check whether you were affected by this data breach, visit: https://www.equifaxsecurity2017.com/potential-impact/. It’s quick and easy—it took our staff less than a minute to check their status.

If you were compromised, check out this article on ways you can protect yourself:
http://money.cnn.com/2017/09/07/technology/business/equifax-data-breach/index.html?iid=EL

Remember, KAI Partners can help your organization assess its security protection through our small business information security risk assessments and Information Security Management System frameworks.

3 Top Cyber Security Infographics

Best Practices, Cyber Security, Infographic, Information Security, Information Security Management System (ISMS), Information Technology, National Cyber Security Awareness Month, Ransomware, Risk Assessment, Small Business, Technology

October is National Cyber Security Awareness Month! While we think cyber security should be at the forefront of everyone’s minds every day, we are glad to see a month dedicated to all things security. To help you be aware of the best insight and advice on this subject, we’ve rounded up some great infographics from around the Internet to share with you today. Take a look at these infographics to make sure you are applying the most up-to-date best practices to protect you and your business.

Remember, KAI Partners can help you to identify gaps in your security efforts. Email us at info@kaipartners.com to address and help minimize your cyber security risks.

Via Stay Safe Online (National Cyber Security Alliance)

 

Via Digital Guardian

 

Via Trend Micro

Ransomware Rescue Plan [INFOGRAPHIC]

Best Practices, Cyber Security, Infographic, Information Security, Information Technology, Ransomware, Technology

A few weeks ago we shared some news and tips on protecting yourself and your business against ransomware. We also wanted to share this infographic from Trend Micro, which breaks down ransomware–its history, how it works, and how to protect against it–in an easily-digestible way.

Via: Trend Micro

How to Help Protect your Business Against Ransomware

Best Practices, Cyber Security, Information Security, Information Technology, Ransomware, Technology

Ransomware

By Julie Kendall

We’ve all heard the term ransomware, but what exactly is it and how can it effect your business? ransomware is malware that will lock up your system, often encrypt your files, and demand payment either in bitcoins or other currencies to get the encryption key to unlock those files.

Scary, right? So, how does ransomware get onto your system and, more importantly, how can you protect your business from this damaging piece of malware?

Our friends at Trend Micro recently published a comprehensive article on ransomware, going over its history, as well as steps you can take to defend your system against ransomware. According to Trend Micro, “Ransomware can be downloaded onto systems when unwitting users visit malicious or compromised websites. It can also arrive as a payload either dropped or downloaded by other malware. Some ransomware are known to be delivered as attachments from spammed email, downloaded from malicious pages through malvertisements, or dropped by exploit kits onto vulnerable systems.”

If your business is not adequately protected, your data is at risk of falling prey to this type of attack on your corporate workstation. The sophistication of this type of malware—which was first seen in Russia in 2005 and had spread to North America by 2012—continues to evolve. According to Trend Micro, “The latest developments show how threat actors are experimenting with new features, such as offering alternative payment platforms to make ransom payments easier … or developing methods that can help spread and infect more systems faster.”

While there is no one panacea to prevent ransomware from attacking your environment, a multi-layered approach that prevents it from attacking your network and systems will help minimize the risk.

Trend Micro provides some ransomware defense mechanisms to consider, all of which are worth your time to review. Among solutions discussed are mail and web gateway solutions, as well as cloud-based hosted email security. Of course, the basics will always serve you well. As recommended by Trend Micro:

  • Avoid opening unverified emails or clicking links embedded in them
  • Back up important files using the 3-2-1 rule—create 3 backup copies on 2 different media with 1 backup in a separate location
  • Regularly update software, programs, and applications to protect against the latest vulnerabilities

These are just a few highlights from the article—we encourage you to take a look to find out more about ransomware and ways to keep your system safe.

Remember, KAI Partners works with organizations to help identify gaps in security efforts and look at what steps you should consider implementing to ensure safety. Contact KAI Partners at info@kaipartners.com to help you address these risks and train your staff to minimize your information security risks.

 About the Author: Co-owner of KAI Partners, Inc., Julie Kendall is an IT Audit Manager with over 40 years’ experience working in project management, IT risk analysis, IT audit testing, Sarbanes-Oxley IT control testing, SAS 70 vendor reviews, and IT audit/control teaching. Julie’s work has focused on IT audit department development consulting, IT risk analysis, IT infrastructure support and application audits, vendor information security testing, IT control identification, IT SOX and ISO 27001 Information Security control compliance consulting/testing, and IT audit software development consulting/project management. Julie has provided training consultation for CISA exam reviews related to IT auditors and management training on a variety of technology controls based on different information security standards, including COSO, SOX, PCI-DCSS, HIPAA, and ISO27001. Her primary focus in the last 10 years has been with the financial services industries, high technology manufacturing, state governments, and digital content production companies.

What You Need to Implement a Successful Information Security Framework

Cyber Security, Information Security, Information Security Management System (ISMS), Information Technology, ISO27001, Ransomware, Technology

Information Security

By Julie Kendall

Last time we discussed in more detail the ISO 27001 standard for ISMS. As we wrap up our four-part series today, we’ll discuss what is needed to implement a successful ISMS framework.

What does it take to implement an effective ISMS framework?

First and foremost an Information Security Management System framework such as ISO 27001 can only be effective if executive level management support is unwavering, consistent and ongoing. Without top management buy in and commitment to support a ISMS framework you cannot expect your ISMS to be fully effective.

A centralized direction for all, clearly defined organizational responsibilities related to information security, and resource commitments in staffing and funding is required to ensure the approach to protecting sensitive information assets will be consistent and predictable. Trying to manage such sensitive assets by only relying on personal initiative is asking for trouble.

Information security should also be an integral part of an organization’s overall risk management process. Just as assessing the impact competitors is important for your company’s potential sales, assessing the impact on revenues if customers believe their sensitive data is not well protected is just as important to an organization’s success. Information security objectives must be related to business objectives and the control choices made by management must be based on a cost/benefit analysis so as to ensure the right resourcing and focus is going to the most vulnerable areas associated with sensitive information.

An information security management system must also enable people to do what they need to in a controlled and predictably safe manner. An ISMS is not effective if its implementation stops people from meeting their business objectives or does not provide management any assurance the activities done by staff are predictably safe.

An effective ISMS must also account for continuous improvement and ongoing evaluation.  Business, like life, is ever changing and what works today may not be good enough for tomorrow. The ISMS framework should allow management a formal and regular means to determine if change in the control environment protecting sensitive information is necessary. This assumes regular control evaluations related to information security must be performed and the results analyzed by management so decisions and resources needed to affect change can be done expeditiously. Changes in business objectives and directions, economies, competition, customer satisfaction all contribute to the need to re-evaluate the ISMS for your organization and adjust as needed. New technologies, changes in trading partner needs, previously unknown vulnerabilities all require an organization to re-assess their risk profile as it relates to information security and business overall.

If your digital information is considered a valuable asset to your organization, you need to implement an Information Security Management System to safeguard those assets. Adoption and implementation of an effective, efficient information security management system framework like the ISO 27001 ISMS framework is cost effective and a ‘dollar worth spending,” before your data is lost or damaged.

For assistance in identifying gaps in your information security efforts and what steps you should consider implementing to become compliant with ISO’s 27001 standards, please contact KAI Partners by email info@kaipartners.com. We can help you address the risks associated with information security risks and train your staff to minimize your IS risks.

 About the Author: Co-owner of KAI Partners, Inc., Julie Kendall is an IT Audit Manager with over 40 years’ experience working in project management, IT risk analysis, IT audit testing, Sarbanes-Oxley IT control testing, SAS 70 vendor reviews, and IT audit/control teaching. Julie’s work has focused on IT audit department development consulting, IT risk analysis, IT infrastructure support and application audits, vendor information security testing, IT control identification, IT SOX and ISO 27001 Information Security control compliance consulting/testing, and IT audit software development consulting/project management. Julie has provided training consultation for CISA exam reviews related to IT auditors and management training on a variety of technology controls based on different information security standards, including COSO, SOX, PCI-DCSS, HIPAA, and ISO27001. Her primary focus in the last 10 years has been with the financial services industries, high technology manufacturing, state governments, and digital content production companies.

next page »