504-588-2000
525 St Charles Ave
Contact Us

Cybersecurity Beyond the Basics: Compliance Frameworks

Cybersecurity Beyond the Basics: Compliance Frameworks

When it comes to creating a cybersecurity process that can consistently translate security expectations into actionable tactics, you need a framework. Frameworks are how regulations for data confidentiality and safety are communicated and enforced in many industries. For example, any company that gathers and stores information about your health or medical care must be compliant with HIPAA. What is a Compliance Framework? A cybersecurity compliance framework is a set of guidelines and best practices that enable consistency and clear communication about security expectations. Compliance frameworks communicate cybersecurity standards, but they don’t provide instructions for exactly how those standards should be […]

Read More

Cybersecurity Beyond the Basics: Systems Hardening

Cybersecurity Beyond the Basics: Systems Hardening

What do cyber-criminals do when they need more computing power? They steal it, of course, and something connected to your network could be captured and enslaved in a global botnet army if you haven’t hardened your systems. This is what occurred in 2016 when a huge Denial of Service attack targeted high profile websites and hosting providers.* Here’s how it happens. A cyber-criminal searches the internet for devices that have weak, default or no passwords or other holes that can be exploited. When they find an open door, they confiscate the computing power and turn it in the direction they […]

Read More

Cybersecurity Beyond the Basics: Penetration Testing

Cybersecurity Beyond the Basics: Penetration Testing

When you want to know if what you’re doing to protect your organization from cyber-attack is effective, you should check your security controls with a penetration test (or pen test). A pen test simulates what a real attacker might do to get into your network and capture the credentials and privileges that would give them ultimate power to do anything they want in your IT systems. Discovering if your systems can be compromised is a good thing for you to do if you’re a business leader managing risk. However, the need for a pen test may be dictated by someone […]

Read More

Cybersecurity Beyond the Basics: Managed Detection and Response

Web apps have made it easy for just about anyone to start a service business. All you have to do is buy a subscription to the software and off you go. Along with the latest software, you’ll get access to tutorials and tech support, and you can even join an online forum where you can interact and learn from others in the same business. Sounds great, doesn’t it?  Yes, it’s great except this is not what it seems. This is the cyber-criminal ecosystem and the improvements that have allowed business technology to evolve so quickly are the same kind of […]

Read More

Cybersecurity Beyond the Basics: Network Segmentation

An employee gets an email that says their invoice is attached. Opening the attachment downloads a computer virus that encrypts the files on their computer in seconds. The virus spreads to other computers in the company and soon the entire network is taken down and a cyber-criminal is demanding a hefty ransom in return for the encryption key that’s required to release the data. This is what cyber experts call – a cold, dark day. It’s the day when you have a cyber-attack. While cyber-attacks like this ransomware scenario can happen quickly, these days it’s more common for the bad […]

Read More

Cybersecurity Beyond the Basics: The Principle of Least Privilege

With a Zero Trust strategy for cybersecurity, the presence of an intruder is assumed. That means that tactics are needed to limit exposure and the potential damage that the intruder can do. One of those tactics is the Principle of Least Privilege. Least privilege involves matching up permissions to access data with the job or tasks that need to be done. This starts with determining exactly what data is needed to perform specific functions and then establishing limits. Historically, companies have been quite relaxed when it comes to allocating permissions with user and even administrator accounts because opening up access […]

Read More

Cybersecurity Beyond the Basics: What is Zero Trust?

Imagine that you’re in charge of protecting a castle. The castle has a drawbridge and a moat around it. You have guards stationed at the drawbridge who monitor the people coming into the castle. The guards let citizens in and keep known bad guys out. Because the guards prevent the bad guys from coming into the castle, the citizens can safely go about their business. Now imagine that the bad guys have found other ways to get inside the castle besides the drawbridge. They’re scaling the walls unseen at night. They’re getting past the guards by disguising themselves as citizens. […]

Read More

Cybersecurity Basics: 12 Essential Layers You Can’t Ignore

It used to be that all you had to do to secure your network and protect your data was to create a technical barrier around it and you were good to go. Sadly, that’s not enough anymore. Cybercriminals have evolved their tactics and the technology that your people work with every day has changed too. You’re probably using more cloud apps and have your people working from more locations than ever before and cybercriminals would love to exploit the vulnerabilities that you don’t know are there. The bottom line is that yesterday’s cybersecurity strategy isn’t going to address today’s risks. […]

Read More

“Is This Email Real?” 4 Questions to Ask Yourself

Every day every person with email is put to the test. No matter the job title or position, we all get phishing emails. And no matter your knowledge of cybersecurity, you make the initial decision of whether a message is malicious. So, when deciding whether to call the IT Help Desk, here are some solid, simple tips and tricks from the top to help ANYONE dodge bad guys’ phishing hooks, nets, and spearguns. Not everyone has the time to call their IT provider’s remote support just to check emails every morning. You can follow the ‘WHO, WHAT, WHERE, AND WHEN’ […]

Read More

IT Disaster Preparedness

‘Storm preparation’ is a term with which people across the gulf coast are intimately familiar. Most of the tools we need from June to November (and this year possibly longer) have become second-nature. Sandbags. Non-perishable foods. Battery-operated radios. Flashlights. But in the IT world, there are other tools we use in storm and disaster preparation, devices that are essential to any small business trying to stay afloat during a catastrophic event. As Bellwether’s Data Assurance Engineer, it is my job to use Backup and Disaster Recovery tools to protect our clients. These essential tools preserve a company’s files and servers […]

Read More