by Brian Focht | Jan 13, 2023 | Improving Your Cybersecurity, Policies & Procedures, Small Business Cybersecurity
Zero Trust is one of the most popular phrases thrown about by cybersecurity professionals and – more importantly – thrown into cybersecurity sales pitches these days. It’s obviously important, and it’s obviously something you want. But what is it? Is it really something you need?
And, critically, how much does it cost?
In this episode of the Fearless Paranoia podcast, we talk about what zero trust cybersecurity really is. We separate the reality from the storytelling and marketing pitches. We break down the three key elements of a zero-trust cybersecurity environment, and provide helpful ways to implement nearly the entirety of the zero-trust framework with little-to-no actual cost.
For more information, a transcript of this episode, and helpful resources, check out the original post.
by Brian Focht | Jan 6, 2023 | Improving Your Cybersecurity, Policies & Procedures, Recovering from a Data Breach
There are a lot of ways to measure the impact – and relative success – of a cybersecurity program. There are tests you can run to determine how effectively your employees are adopting defenses to phishing emails. There are table-top exercises to determine your ability to defend against an attack. There are even ways to compare the costs of your cybersecurity against others in your industry.
But the best way to measure the effectiveness of your cybersecurity is in your cyber resilience – how quickly, effectively, and completely you recover from an attack.
In this episode of the Fearless Paranoia podcast, we discuss what it means to have cyber resilience, including what it means to be resilient, and how you can focus your planning and procedures to make sure that resilience is a primary goal. Remember, even the best cybersecurity can’t guarantee to keep out every potential threat. Are you ready in case today is the day your cybersecurity fails?
For more information, resources, and a transcript of this episode, check out the original post.
by Brian Focht | Dec 23, 2022 | Improving Your Cybersecurity, Policies & Procedures
The best way to make sure that you and your business are protected from cyberattacks is to employ a broad-focus cybersecurity strategy. In order to do so, you need to have a basic understanding of the threats your business faces from cybercriminals, hacktivists, and other malicious actors. One of the most commonly used weapon in the cybercriminals’ arsenal is the DDoS (or Distributed Denial of Service) attack.
The DDoS attack is a tool of disruption, and they are commonly used by cybercriminals and hackers at all levels – from the disassociated loner in his basement to those working for or on behalf of nation states and international conglomerates. Understanding the nature of the disruption, the resources it takes to maintain the disruption, and the services available to limit or eliminate the devices causing the disruption will help to protect you and your business. Do you have the right policies, procedures, systems, applications, and vendors in-place to neutralize a DDoS attack against you?
In this episode of the Fearless Paranoia podcast, we discuss DDoS attacks, including what they are, how they work, and how you can design your cybersecurity systems to limit your risk of being a victim and improve your resiliency if an attack occurs.
For more information, resources, and a transcript of this episode, check out the original post.
by Brian Focht | Dec 16, 2022 | Improving Your Cybersecurity, Policies & Procedures
The more access users have to your company’s data, the more vulnerable that data is in the event of a data breach. A malicious actor gaining access to one of your employee’s credentials gives them access to everything that employee is allowed to see. That’s why you need to restrict the access that users have to only what they need to perform their jobs.
We’re talking about implementing something called “least privilege.” Effectively, it means that users are granted the lowest level of access they can be given while still having access to the data they need to do their jobs. Nobody has admin privileges over their own workstation. Rank-and-file employees don’t have access to payroll data. Nobody has access to the password information for the entire business.
Yes, implementing least privilege will reduce your flexibility in certain situations. But requiring users to seek permission from a supervisor or manager when they need temporary higher-level access – a step that should add mere minutes to a task – is a small price to pay for how much more secure your business data will be.
For more information, resources, and a transcript of this episode, check out the original post.
by Brian Focht | Dec 7, 2022 | Policies & Procedures
If it seems like each step in preparing your Disaster Recovery Plan is the most important step, even more important than the one that came before it, I can’t blame you. That said, we’ve come to another really important step – creating your Disaster Response Team (the “Team”).
This is more like two separate steps, but for the sheer sake of time, I will combine them here. First, you’re going to need to identify all the roles and the structure of the Team. Then you’re going to have to fill those roles with people in your organization. It’s definitely two different steps.
(more…)
by Brian Focht | Nov 16, 2022 | Policies & Procedures
The first step in creating an effective plan to protect your business from potential disaster is to establish an understanding of your actual risks. Given the many types of disasters that could cause your business to cease operations, and the different ways you will need to respond to each one, it’s foolish to begin any planning without a proper Disaster Risk Assessment.
Your Disaster Risk Assessment will be the guide for your entire planning process. How do you make sure to do it right? (more…)
