Cybersecurity Blog

Compliance

  • Shadow IT and Rogue Applications

    Authored by Lindsay Timcke

    The last ten years have shown an unprecedented growth in application development and deployment. Presently there is pretty much an application for anything and everything you can imagine. From a corporate standpoint what this has led to is a dramatic increase in groups or even individuals within companies purchasing software that meets their department needs. Over time this application will grow in size and complexity while the user community and importance to the group for completing their daily tasks will also increase. From a compliance and audit standpoint the above introduces many points of concern.

    Read More

  • Vendor Management – Outsourcing the Task, Not the Risk

    Authored by Lindsay Timcke

    One of the most overlooked areas of Cybersecurity and creating a solid defensible cybersecurity posture for your firm is vendor management. With most firms in the 21st century being heavily invested in relationships with outside vendors who monitor, develop, deploy, extract, and oversee many aspects of our network infrastructure, it is imperative that each firm approach these outside resources as just an extension of their own organization. This means the controls you have in place at your organization should also be in place at each of your vendors.

    Read More

  • Microsoft 365 Security: Is Your Organization’s Data Safe?

    Authored by David Sun

    Microsoft 365 came of age just as organizations quickly adopted remote work during the pandemic. In their urgency to migrate, many IT departments did not have the time to fully research the new platform and all its security features, opting to use the default settings. Once migration was complete and systems running reliably, organizations — fearing disruption — may not have gone back to change the settings.

    Read More

  • Gramm-Leach-Bliley Act (GLBA) Final Ruling Presentation

    What is included in the final GLBA rule published on October 2021? How might this impact you? When does the rule take effect? We will be presenting on the updated rule at the Higher Education virtual conference on 2/22/22. Here is the link if you are interested. 2022 Higher Education Virtual Conference : 2022 : […]

    Read More

  • Preventing a Password Compromise

    Authored by Zoran Jovic

    Password compromise is one of the most serious threats organizations face today. Attackers are attempting to gain access to your credentials 24/7, and tailor many, if not most attacks with the main goal of gaining access to credentials. Once the attacker has a username and a password, they become an authenticated user with access to systems and applications! While it may be hard to expect you to never make a mistake, a combination of user awareness training and effective security controls can help minimize the risk of a compromise. Whether you already have implemented mitigating controls, or are just starting on your journey, CLA can help verify and enhance your security posture.

    Read More

  • Learn about CIS Controls v8

    Authored by Bill Sugnet On May 18th, The Center for Internet Security (CIS) released version 8 of the CIS Controls. From the earliest versions, the CIS Controls totaled 20 and were even referred to as the CIS Top 20 at one point. In version 8, CIS has added one control, and combined a few others. […]

    Read More

  • Ransomware? – Tips to Mitigate Against Ransomware

    I presume that you are also aware of the most recent attack on one of the nation’s largest pipelines that carries gas from Texas to New York. This was also as a result of ransomware. On May 13, 2021 the National Institute of Standards and Technology (NIST) released some tips and tricks for dealing with ransomware.

    Read More

  • Change Your Password If You Use The ParkMobile Parking App – Your Information May Be Compromised

    The data for approximately 21 million customers who use the ParkMobile parking app has been compromised. If you use this app some of the potential information that is being sold right now includes your mailing address, license plate number, email address, passwords and phone numbers.

    Read More

  • Does Your Business Continuity & Disaster Recovery Plan Protect You In The Current Pandemic Environment?

    With the pandemic we have seen an increase in inquiry to assist with the development or review of business continuity plans (BCP) and Disaster Recovery plans (DRP). Business continuity focuses on your process for recovering critical functions, while disaster recovery is more narrow in focus and most times is a subset of your BCP.

    Read More

  • CLA Cybersecurity Alert: Microsoft Email Server Attack Update

    On March 2, Microsoft first announced a series of vulnerabilities that enabled hackers to break into the company’s Exchange email, calendar programs, and in some cases integrated voice messaging. China — among others — has allegedly used this vulnerability to spy on a wide range of industries in the United States ranging from medical research to law firms to defense contractors.

    Read More

Subscribe to Blog   

Protecting your data from cyber threats starts with confidentiality, integrity, and availability. CLA’s cybersecurity team understands the threats you face — and how to help keep your organization safe. Check back often to learn about risks, trends, IT security attack and defense, and mitigation and response techniques.