mobile logo
27
October

Are You Cyber Strong?

October 27, 2020
In Industry
By Secure Sense

Welcome to the last week of Cyber Security Awareness Month! As we wrap up this month, we will be discussing the Human Disadvantage and Security. Today we’re breaking down what it means to be cyber strong and staying secure.

If you’ve been following along on the blog this month, you should be well versed in many basic security measures you can take (even if you’re not a security expert!) to ensure you are staying safe online. We know that continually cyber threats impacting businesses and individuals alike continue   to increase and become harder to prevent, detect and recover from. For the sake of your own security, and that of the organization you may represent, it’s more important than ever to be aware of what those threats look like and what to do to make sure you don’t fall victim to a cyber crime. Continue reading below to better understand what it means to be Cyber Strong.

Some Considerations on the Path to Cyber Strength

Think before you click

As we’ve mentioned in a few of our blogs this month, phishing has become more prevalent than ever before- disguising as trusted sources like your bank, or a popular brand like Netflix. Anybody can be a victim of a phishing scam and requires you to be aware of what a scam looks like and what can happen if you get caught off-guard by a scammer. Always be wary when you receive an email from an unknown sender, or from a familiar address, that contains links or attachments that you weren’t expecting. Many times, these attackers disguise themselves as a known source, expecting you to trust the link or attachment within the email. Never click a link or download the attachment without safely investigating the source. Learn more from the blog about phishing and how to avoid being a victim of a scam here.

Don’t share important information online

Many phishing scams ask you to share personal information such as address, bank information, social security numbers, and more. Organizations should never ask you to verify such sensitive information like banking or SIN via e-mail, consider that a major red flag and think hard about why they would be requesting this information in this manner.

So, not only should you not share this information with anyone via email, you should be very careful where you use this kind of information on websites and any accounts you may have. For example, if you are purchasing something online, always make sure the website is secure and trusted before giving your financial information.

Your accounts should have unique passwords

Any account you have created online, whether its an email account or a personal account on a website, you should always have a unique, strong password. A great way to keep track of your passwords is to use a password manager that can safely store your passwords for you. A few tips for a strong password:  have 10-12 characters, use upper-case and lower-case letters, use at least one symbol and one number. This week, we will be going in depth on the criteria on creating a strong password and having good password hygiene, so be sure to keep an eye on the blog!

Connect to secure Wi-Fi

It is recommended to never connect to a public Wi-Fi unless you absolutely have to. You should always be very careful in doing so as public Wi-Fi connections are never as secure as a private connection and your data will be vulnerable. Try to always connect to a private Wi-Fi or VPN, especially when you’re working remotely. In the event you have to connect to a public Wi-Fi, do not use any apps with private information and never share this sensitive data over public networks.

Steps you can take to keep yourself safe

Always keep your devices updated

Patching your software is very important to minimize your devices actively exploitable vulnerabilities. Although it may be frustrating when your computer decides to update in the middle of your workday, it’s in your best interest to ensure everything is up to date to avoid being vulnerable. Many times, your computer will let you know when it’s time for an update on your system or any applications you are using.

Enable antivirus software and Firewalls

In addition to keeping your operating software and apps updated, you should install and regularly update an antivirus software. If you are using a company computer, they will likely install an antivirus software for you. If you are using a personal device, make sure to install a reputable antivirus or anti-malware protection to help keep malicious actors at bay.

Your organization may have a firewall installed to your organizations network, however, if you’re working remotely you may want to consider installing a firewall on your home network as well.

Back up your data

In the event that something does happen and your computer is compromised, it’s always best to have a current back up of your data, either on the cloud or a physical backup, so that you don’t lose anything important if your device needs to be re-imaged or you encounter dreaded ransomware.

Stay informed and keep in touch with your IT team

Keeping up with cyber security training and staying up to date on new scams is a great way to stay cyber strong. In the event that you click something you shouldn’t have or just want to know more about cyber security best practices, don’t be afraid to reach out to your organization’s IT team. If you see something that doesn’t seem quite right (such as a phishing email) or unexpected behaviour from your software, make sure to let your IT team know.

In honour of Cyber Security Awareness Month, we will be sharing insight on the latest cybersecurity news, tips from Secure Sense experts and general security knowledge geared towards keeping you out of the headlines and focused on what matters most, your business. Don’t miss a beat by following along on our TwitterFacebook and LinkedIn Pages.

Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions or want to learn more about how we can improve your organization’s security, our services or just want to chat security please give us a shout.

Post Tags:

Related Posts

Effective Patch Management Tools for Your Organization

Welcome back to the...

The Evolution from Password Managers to Privileged Access Management. Which is right for you?

Welcome back to the...

A Secure Sense Competitive Advantage

Welcome back to the Cyber Security Month blog! In last week’s blog, we talked about the importance and value of an MSSP, what sets Secure Sense apart from other MSSP’s and how Secure Sense can help your business. Today, we want to continue the conversation around the competitive advantage of working with Secure Sense and what sets us apart in the world of managed security.

In addition to our dedicated customer success teams and our 24×7 SOC (read more in the previous blog here) Secure Sense’s white glove service stands out in many other ways. Continue reading to find out the secret keyphrase, and our competitive advantage.

Expert engineers/analysts

Our experienced technical team comes from diverse technical backgrounds, representing a wealth of security knowledge. They play an integral role in everything we do at Secure Sense; from evaluating partners to developing services, allowing us to focus entirely on the best products and the highest training certificates.

Our engineers, architects, and analysts are required to ensure they are up-to-date on technical training. In addition to solution technical training, our technical team has focused on training in the following areas:

  • Communication for clearer and more accurate ticket updates​
  • Troubleshooting skillsets have led to fewer escalations internally, and ultimately shorter times to remediate​
  • Critical analysis skills which have measurably improved our ticket responses in providing higher quality responses to tickets.

This training has had a measurable increase in the quality of our services, as well as time to remediate and reduce escalations.

Our SOC has many teams that work with our expert analysts to ensure you receive the most from your service. In addition to our security analyst team, Secure Sense has four other technical teams: the reporting team, the threat intel team, the automation team, and the purple team.​

Automation team:

The Secure Sense automation team reviews customer requests, as well as potential customer controls, and ties those controls in with our managed services for automated systems mitigation, stopping threats in their tracks.​

The team is also responsible for:

  • Automated SIEM log analysis, tied into our Threat intelligence team to streamline the ingestion of IOCs into our managed services.
  • Implementing our vendor vulnerability review and remediation systems allows us to reduce our critical vulnerability remediation windows and provide improved visibility into coverage and reporting.
  • Delivering smart-responses from our SIEM solution, and implementation of Reporting team recommendations and improvements.​
  • Automating reporting and alerting directly into our ServiceNOW portal, providing short response times to customer alerts

Reporting team:

Secure Sense has created a dedicated reporting team to streamline and bring more meaningful data to our customers on a regular basis. This team not only builds custom reports, but also analyzes how our customers are using our services, identifying any particular improvements that we could be making to the services, and providing recommendations to the rest of the managed service teams.​

Our reporting team also builds datasets and analyses based on our customer tickets, as well as managed service systems, to identify new use cases and patterns that we can leverage to improve services internally.​

Threat intel team:

Our internal Threat Intel team reviews various events that have occurred and identifies the relevant TTPs. They provide this intelligence to our purple team which will operationalize it.​

The Secure Sense threat intel team focuses on both systematic collection of IOCs and analysis thereof, as well as individual TTPs that are used to identify new and emerging threats. ​The team looks at those tools, Techniques and procedures that threats are using in the market, and identifies how they could be leveraged against our existing customer base, along with better enhancing our services to detect those TTPs when in use.​​

Purple team:​

Secure Sense’s Purple team reflects the blend of both defensive or blue team skillsets, along with offensive or red team skillsets. The team takes tools, techniques and procedures identified by the threat intel team, analyses our customer’s environments and identifies if we can detect them. ​ With customer collaboration, the Purple team can provide execution packages where we can simulate specific components of a threat, and then validate that we have visibility into that TTP being run in a customer environment.

Professional services

Secure Sense’s implementation and support experts are experienced in a wide variety of Professional Services engagements with specialized tactical teams within our extended technical bench, focused on specific technologies and or products.

In most cases, Professional Services are project-based services that require a skilled engineer or architect for a one-time project or short-term change in your organization; or a senior consultant to provide a wide range of risk advisory services. Project teams will also typically address any ongoing support or maintenance after the initial project is complete.

Our cybersecurity consultant team and senior architects hold a broad range of top industry certifications and credentials, along with many years of experience in the industry. Our methodologies for common engagement types have been developed and refined to reflect the most up-to-date best practices and to scale to projects of any size, including global enterprise enablement.

A few of the engagements we commonly offer include:

  • Cybersecurity Architecture Assessment and Design
  • Solution Implementation Services
  • Health Checks
  • Penetration Testing
  • Vulnerability Assessments
  • Threat and Risk Assessment
  • Enablement & Training
  • Ongoing Support

Secure Sense focuses on continual training and certification among our technical ranks in order to provide the most knowledgeable technical support.

Security training

Secure Sense offers security training and can assist in helping your organization to create its cyber security training program. From general employee awareness training to specific security training for your IT and security staff, Secure Sense can help your organization combat the threats they face on a daily basis. Our team is able to offer:

  • Engaging user awareness training for end-users
  • Technology training for security solutions and products
  • Security Analyst training
  • Threat hunting training
  • Threat simulations to give your internal security teams practice in using internal tools
  • Tabletop exercise development and execution to simulate incidents and incident response

Your Key word is “Purple Team”

Don’t forget! Take this keyword and head to our LinkedIn page here to comment on it for your chance to win one of many prizes this month!

As always, if you’re interested in learning more about Secure Sense’s competitive advantage or any of our services, don’t hesitate to reach out to us at 866-999-7506 or sales@securesense.ca!

Continue reading