TCT is committed to helping you keep your organization secure and compliant. Every quarter, we publish compliance and security insights that you can share with your employees to fulfill periodic security reminder requirements your organization may be subject to.
As an added bonus, we’ve highlighted some developing security trends and featured a quick tip to get more out of your compliance management.
Your Employees Are Your Biggest Security Threat
Everybody in your organization has an important role in security and compliance. It’s easy to get distracted in the day-to-day work, and security best practices get set aside.
As you’ll see in the articles below, you can’t afford to become lax in your security and compliance activities. The biggest security threat to your organization is your own employees. Whether it’s human error, forgetfulness, or complacency, your data is only as safe as the next mistake.
Security best practices don’t have to be burdensome or time consuming. Here are some things each person in your company should be doing day to day:
- Know the signs of an email scam
- Report anything that looks suspicious to the appropriate personnel
- Follow smart password practices
- Know and follow security policies, even for remote work
- Staying on top of any periodic compliance tasks, as assigned
- Setting access permissions to only what is necessary, for each person in the company — and updating them whenever someone’s role changes
Managers and directors should keep their direct reports accountable for following your organization’s security policy. Accountability is absolutely essential — otherwise, you’re just asking for trouble.
Quick Tip: Don’t Go It Alone
Whether this is your first rodeo or your tenth, managing compliance can be full of chaos and anxiety. Sometimes it can make all the difference in the world to have an experienced partner come alongside you.
Consider retaining a consultant to help get (and keep) your compliance under control. Your partner will give you the level of service you need — whether it’s a lot of help or just a bit.
TCT compliance consulting never replaces internal personnel — instead, we work with your team to supplement your needs. Our consultants have deep experience with Assessors and Auditors. We can act as a second pair of eyes from an objective perspective, so you can be fully prepared for your next audit. We’ve been there and we know what it’s like to try to manage security and compliance efforts when you’re under-resourced or under-experienced.
What’s Going on in Security Today
Via SecureWorld. FireEye’s Red Team tools are used around the world to poke, prod, and find holes in organizations. CISA released a CERT Alert notifying people that these tools were stolen. It is believed they were stolen by nation-state hackers. This would give these hackers the ability to find vulnerabilities in an endless number of potential victims around the world, and then they could exploit those vulnerabilities.
Via TreatPost. SolarWinds has hired former CISA director Chris Krebs and former Facebook security executive Alex Stamos as consultants to right the ship. SolarWinds was recently involved in the tumultuous attack on the federal government when the network-management platform was hacked by Russian attackers, leading to DHS, Treasury, Commerce, and DOJ breaches.
Via SecureWorld. A cyber attack was launched on the European Medicines Agency during the course of the coronavirus pandemic. The breach was successful, and the attacker was able to extort information in relation to Pfizer and BioNTech’s COVID-19 vaccine information. This was the second breach of a medical agency in 2020 involving information about the COVID-19 vaccine. The attack had no impact or slowing effect on delivering the vaccine to European nations.
Via ThreatPost. Dark Web pricing is starting to skyrocket for Microsoft RDP servers and Payment Card Industry (PCI) data. The average Dark Web price for a single credit card in 2019 was $14.64. That number at the end of 2020 was $20.16, marking a 30+% increase in one single credit card price in one year. Access to a Microsoft RDP server with global admin access is merely $10 per server. To buy a completely hacked RDP server is $35 per server on average.
Via Krebs on Security. GoDaddy employees fell victim to a social engineering scam, resulting in access to a limited number of customers having their DNS settings changed, which allowed for internal customer email accounts to be taken over. With those email accounts, some infrastructure and document storage were able to be compromised.