Entries by Eric Hess

Getting Started: Building the Foundations of Cybersecurity for Small to Medium-Sized Businesses

Cybersecurity
Cybersecurity has become a significant concern for all businesses. Most businesses have, at least, attempted to put in measures to secure their systems. While at it, small to medium-sized businesses or enterprises (SMEs) have shown lesser concern for the need for cybersecurity compared to larger firms. Often belittling the probability of attacks, SMEs risk their cyber infrastructure even more....

Good Cloud Security Management Starts with Security Policy Monitoring and Deployment of Appropriate Cloud Security Solutions

Cloud Security Solutions / tools
Cloud security solutions providing automated policy auditing and enforcement are easy ways to manage the significant risk posed by policy deviations.  This article will illustrate how policy contributes to cloud security, highlight the challenges of policy auditing and enforcement that can potentially be resolved with cloud security solutions, and suggest a strategy for baselining...

People, Process, and Technology: The Trifecta of Cybersecurity Programs

Cybersecurity program
Introduction Ensuring that your company’s systems are protected against cyberattacks depends on the proper functioning of each element of your cybersecurity program.  Those core elements are people, process, and technology.  It starts with your team or your “human firewall”, since this can be your weakest link if you neglect it.  Both your people and your...

A Spike In Cyberattacks for Small to Medium Sized Businesses

Cyberattacks for Small to Medium Sized Businesses
Small and medium-sized businesses (SMBs) in the United States have become a favorite attack target for hackers and other cybercriminals according to the new research released by the Ponemon Institute.  Their report, “2019 Global State of SMB Cybersecurity”, notes that approximately 76 percent of SMBs located in the U.S. have experienced a major cybersecurity incident in the past 12 months....representing a "significant increase" in cybersecurity incidents.  In...

Enhancing Third Party Provider Risk Management Through Aligning the Contracting, Security and Diligence Functions

Third Party Provider
As the founder of a law firm and two cybersecurity firms, my clients often reach out to me to manage technology contracts that have cybersecurity and privacy implications. My clients span the small with minimal processes to larger firms with Chief Information Security Officers (CISO’s), a separate risk functions, and legal departments. I get...

Android SMS OTA Vulnerability

Android SMS OTA Vulnerability
A security flaw in multiple smartphones, including those manufactured by Samsung, Huawei, LG, Sony and other Android manufacturers, leaves users vulnerable to advanced phishing attacks.  Check Point Research disclosed their findings to the affected vendors in March 2019 however some vendors have not implemented fixes.  The affected Android phones use over-the-air (OTA) provisioning, a tool used by mobile network...