The Cyber Scoop Newsletter

WELCOME TO THE APRIL 2024 NEWSLETTER

Cyber Scoop is KeyStone Solutions monthly newsletter about the latest trends, topics, and articles relating to cybersecurity. As a Managed Service Security Provider (MSSP), KeyStone’s expert team helps small to medium sized businesses with IT services including virtual Chief Information Security Officer (vCISO), cybersecurity, help desk support, Governance, Risk, and Compliance (GRC), cloud solutions, and KeyStone’s signature service, IT Team as a Service (ITTaaS) which is an all-encompass solution.

From The Desk of the CISO

Developing a “Security Aware Culture”

By Rob Ashcraft, CISO at KeyStone Solutions

woman look up portrait in vr glasses hologram, glowing virtual headset with connection, earth sphere and lines

An important element of building a robust information security program is to get everyone onboard, that is to have security awareness ingrained into your organization’s culture. Once an organization has created a sound cyber strategy, developed comprehensive security policies, implemented technical and physical controls, the toughest challenge still remains, implementing the administrative controls. This means getting employees to understand how security policies apply to their everyday system use and making the right choices. The best way to achieve the adoption of policies is to make it part of the business culture. Business management authority, Peter Drucker stated, “Culture eats strategy for breakfast.”

Read The Full Article

Lost and Stolen Devices: A Gateway to Data Breaches and Leaks

Commentary by KeyStone’s Rob Ashcraft

Man lost smartphone on street, cellphone laying at sidewalk

I like this article in Security Week titled “Lost and Stolen Devices: A Gateway to data Breaches and Leaks” and agree that security considerations for lost and stolen computing devices are often overlooked. Most information security policies that I review do not specifically address lost or stolen computing devices, nor have procedures to handle those situations. However, the risks for data leakage, financial loss and reputational harm can be high if proper security controls have not been implemented.

This is an important risk factor to consider and here are my takeaways from the article:

The theft / loss of computing and data storage devices pose a serious risk. Even if your organization’s devices are password-protected, threat actors can employ various techniques to bypass security measures and gain access to files, emails, and other confidential information. Without device encryption, threat actors can access data and even account credentials on lost or stolen devices, therefore organizations should consider implementing device encryption. Strong password policies and multi-factor authentication (MFA) are minimum security measures to prevent unauthorized access to devices and accounts.

Organizations should consider the following:

  • Educate employees about the importance of safeguarding their devices and provide training on secure practices.
  • Enable “find my device” or other device-tracking features to locate idle, lost, or stolen endpoints.
  • Scan all laptops to find out what data exists and delete sensitive data that does not need to be on that device, as well as train and encourage users to store sensitive data in secure cloud storage solutions rather than on local devices.
  • Ensure that all sensitive data is encrypted, both on the device and during transmission.
  • Test mission-critical security controls to ensure they are up-to-date and functioning properly (e.g., anti-virus, anti-malware, encryption).

Click on the link below to read the article from Security Week.

Read The Full Article

View Live Cyber Threat Map From Check Point

Check Point Live Cyber Threat Map Jan 22, 2024