Advocating for Liability Protections

Advocating for Liability Protections

With internet connections to our businesses being open to the world, we lack the ability to control the inbound traffic. This is because we do not have control over what network connections are routed to us from our internet service provider.

6 Tips for Increasing Your Online Privacy

6 Tips for Increasing Your Online Privacy

For individuals inside of an organization, maintaining your privacy is one key to becoming more secure. Organizations need to be very cautious with what data they inadvertently leak into the public.

Opening the Door for Cyber Crime

Opening the Door for Cyber Crime

Currently, various Governments across the world are making determinations over what types of businesses should remain open and which ones should close. Millions and millions of people will lose their jobs and money will become a desperate necessity. Many networks will be left unguarded; or merely guarded by automated controls, only to alert administrators in the event of an incident. Unfortunately, these automated controls don’t always work.

DNS-over-HTTPS

DNS-over-HTTPS

While DoH is designed to add security to Internet traffic, there are also significant concerns with this feature being automatically implemented. Its implementation may be beneficial for personal use, but will cause significant issues for organizations and their networks.

Security Testing Your MSP

Security Testing Your MSP

Most people never ask the MSP what their security practice is, let alone ask for a third-party assessment of the organization. I hope this post convinces anyone looking at hiring, or who already uses, an MSP to get verification of their practices.

Look for Reduced Risk, Not Perfection

Look for Reduced Risk, Not Perfection

Security is a role now in most every mid-sized company and larger. Smaller companies may need to outsource it, but having someone dedicated to securing the infrastructure and data is as key a role as operations.

Doing More Than Just Phishing Training

Doing More Than Just Phishing Training

Phishing continues to be the major threat to end users and organizations as we enter 2020. As networks become more restrictive at the firewall level, attackers continue to create innovated ways around phishing and what they are after.

Why Executives Resist Security Initiatives

Why Executives Resist Security Initiatives

You will be hard pressed to find people asking the IT department for tighter security controls that affect them and how they do their work. So, it is likely that if a request comes from the executive office to implement tighter security controls, what they are really wanting is to implement tighter security controls on everyone else and in the background.

10 Questions to Ask Your Cyber Security Provider

If you have a cyber or a managed security provider, a general IT firm, or your brother in-law handling your cyber security you need to ask them some questions. Or maybe you don’t have one yet but are considering hiring someone. Regardless of where you are at today, as 2020 approaches you need to take a hard look at your positioning and who you are working with.


Believe it or not, just because a firm does IT work, cyber security work, or says that they provide security services does not officially verify them as secure. We have tested a lot of organizations and I can assure you that not everyone passes our tests!  For one example, it is a known statistic that 82% of IT people will fail a phishing test.


Regardless of who you work with, us or anyone else, I wanted to arm you with some necessary questions you need to ask anyone touching your network. Here are 10 great questions you should ask and some comments to think about.


1. When was your last security assessment from an outside firm? Can I get a copy of the executive summary?

Every organization needs an assessment from an outside firm. It is impossible to self-analyze accurately.

2. What type of multi-factor authentication do you use on your devices and line of business applications?

If they don’t use MFA your information is not secure.

3. How many people inside the organization have or will have access to my system? How do you encrypt my passwords? How do you control access to my information internally?

Unfortunately, not everyone is honest. Your security provider should limit access to your system, encrypt it, and revoke it if an employee leaves the company.

4. How often do you conduct Phishing Testing?

Spear-phishing tests are necessary at any organization and you want to make sure that your security provider is conducting proper and frequent tests. It could be your information they are after.

5. How often are your employees required to attend training?

Training by an outside company is especially important for technicians and testers to make sure they are up-to-date with the current trends. They also should also be attending regular conferences. We require all employees who are actively testing to do this.

6. Are all technicians and sales reps certified on the equipment they support or sell?

Regular training and testing is required by most partnerships. But, in most cases, not every employee is required to do this. You need to make sure that those on your system are qualified and not fumbling around.

7. Are all of your employees background checked?

Seems straight forward but not common in IT.

8. What are 5 trends that will affect technology in my specific industry in the next 2 years?

If they cannot answer this, then they should not be selling to you.

9. What is DPI?

Throw them with a specific question. Just so you know, Deep Packet Inspection, commonly referred to as DPI, is how you inspect SSL/HTTPS traffic. DPI is basically how you access anything secure on the internet. 80% of all traffic on the internet is sent securely, and by default your network is incapable of scanning this traffic. There are ways to scan for this threat and people who know security can easily accomplish this. If you are not scanning this traffic you are missing any array of risks. Furthermore, if your provider does not know how to do this or what it is, don’t work with them.

10. Can I meet or have a call with someone from your executive team?

If you get a no, walk away. If you get a yes, ask them all of these questions again to make sure you get the same answers. Many top employees are exempted from security requirements putting you at great risk. You also want to make sure you have a relationship with someone who is responsible for the business success.

The Power of Training

The Power of Training

Get your IT and cyber security team(s) trained on whatever platforms you employ.  This isn’t a luxury item anymore, it is required.

South Carolina Insurance Data Security Act (h4655) Simply Explained

South Carolina Insurance Data Security Act (h4655) Simply Explained

One of the main components of the Data Security Act is to perform a Risk Assessment. This component is recommended to be performed by a 3rd party security consultant. This requirement is to be in place by July 1, 2019 and is to be performed annually by July 1st. 

It’s Office 365 and it’s still YOUR problem

It’s Office 365 and it’s still YOUR problem

The internet is seeing the growth of large-scale email solutions such as Office 365 that bring cloud-based email solutions in an easy to manage and reliable package.

Using RDP for Remote Access? Time to Rethink Your Strategy

Using RDP for Remote Access? Time to Rethink Your Strategy

The problem with Remote Desktop Protocol, commonly referred to as RDP, is its susceptibility to abuse and that it can be a launchpad for an infection or hacking within your network.