5 techniques to creating an invincible password

One of the most important aspects of an IT security professional is being able to not only have a strong password, but also teach others in your company to follow this same password making process as well. You are only as strong as your weakest link, and we all know that most cyber-attacks start from human error. The dos and don’ts of making a secure password may seem tedious at first, but in the long run it is the best option to stay protected.

First step, we will get rid of idiom “passwords” because now we will be creating “passphrases”. You don’t want to just use one of two words as the main part of your passphrase. Dictionary and brute force attacks are become more advanced, cracking single word passwords in minutes. What you want to do instead is take a phrase that you can remember, but not something too relatable to yourself. Some examples would be like the chorus from your favorite song or the first sentence in your favorite book. Use my example below for now:

Read More

Creating a useful data flow and network topology

As the security professional at your company, you need to know what exactly you are protecting and how it moves throughout your systems. I like to compare it to a king’s castle, you are the knight protecting the exterior of castle made with stone walls and surrounded by water (firewall). Inside the castle is all the gold, But you don’t have any idea how much gold, if it’s gold or silver and how that gold moves around the castle. This is where your network topology and data flow diagram comes into play. Being able to map out all of your network resources and show all the integrations, endpoints and encryption levels of this moving data is a key part of a security professional’s job.

When starting out, try drawing out the diagram manually first. This allows you to go around to your company and ask the hard questions. This is a lengthy process but it will give you great knowledge and understanding of how your network is pieced together. Once you have a firm understanding of how many servers you have, where they are located in correspondence with your firewalls and also who has access to these servers, you can begin mapping out the dataflow between all of your connection points. Getting a rough copy of your infrastructure is the hardest step because it is a very manual process.

Read More

FDIC Cybersecurity Framework Features Four Areas Critical to Bank Security

Long gone are the days when a financial institution’s primary security concern was protecting cash in the bank vault, the Federal Deposit Insurance Corporation (FDIC) acknowledges in its recent article, “A Framework for Cybersecurity,” released on February 1, 2016.

Instead, the framework asserts that cyber-attacks now represent “one of the most critical challenges facing the financial services sector,” and highlights four information security components essential to combating the most common types of cyber-attacks:

  1. Corporate Governance of Cybersecurity. To effectively combat electronic threats, financial institutions must foster a corporate culture prioritizing cybersecurity. Bank management and the board of directors bear the responsibility of establishing cybersecurity as an “enterprise-wide initiative” spanning all divisions of the financial institution.
Read More

5 No-cost Security Resources You Should Use!

Information Security is a vital part of any corporation or small business. As the Security expert at your company, it is essential to use the newest tools and services to stay ahead of the industry. For a large corporation this may not be an issue to acquire top of the line services for a price. It is not as easy for the small business class of IT/Security professionals. A lot of these tools cost a pretty penny, but there are some free options that every Security professional should have in their arsenal.

Read white papers
White papers should be your best friend in this industry. Most of them are free and they are in abundance online. White papers are well written reports that cover one topic in a very detailed manor. Anything from web application security to implementing a firewall can be found with ease. Written by professionals with different opinions and strategies. Some great sources for updated white papers included Sans, Rapid7, Sophos and even Amazon web services. You can’t learn unless you read, the more papers you read, a better understanding you will get on what Security strategies work best with your specific company.

Virus/malware scanning tools
Having a tool that can scan files and URL’s for possible viruses is a vital part of being a security professional. Luckily there are some free versions of these toll that work great for both small business and enterprise level security. A popular one is actually an online tool that will scan URL’s and files to detect anything malicious. This tool is called virus total, just type it in to google and it will be the first result. Most companies that offer paid subscriptions for virus protection will offer there virus scanners for free as well.

Read More

iSheriff Named Finalist for Network Computing Awards 2016

Preview

iSheriff is proud to have been named a finalist for the annual Network Computing Awards 2016. iSheriff's Cloud Security is a finalist in the "Bench Tested Product of the Year" category.

The award winner and other results will be revealed at an gala evening ceremony on March 17th at the Hotel Russell in London. The category iSheriff is a finalist in is to be decided by judges who have tested the products, rather than a popularity vote.

Read More

What's Wrong with "Best of Breed" Approach for Security?

Hard to believe, but there is lots wrong with using best of breed security solutions, especially if you are a small business.

It's true that many organizations employ individual security solutions to monitor and control each threat vector individually. This is an approach known as the “Best of Breed” approach. The idea is to get the best product for each security task and employ them for that task. This has become a tried and true approach for well-funded firms that have trained personnel to administer these products.

Read More

Threat of the Month: The Executive Staff and Middle Management

What is it?

A departing executive or manager could be the most dangerous point of data exfiltration facing your organization.

How does it work?

By the nature of their job, executives and managers have access to most, if not all of the information available inside of an organization. When they leave an organization, it is common for sensitive data to leave with them.

Should I be worried?

Yes. Consider how diligently new executives and managers are screened before entering the organization.

Read More

Subscribe to Email Updates

About iSheriff

iSheriff is the leading provider of content and endpoint security from the cloud. We keep organizations and individuals safe from cybercrime, malware and digital threats. Thousands of businesses across a wide array of industries have deployed our solutions, including some of the most sophisticated buyers of security technology worldwide.