Now that you have read The Ping: What is Compliance?, you are probably especially aware that your company might need to become compliant in one or more areas. Whether that be PCI, CJIS or something else, you might need to meet minimum regulations to keep your company safe.
2019 is here, and it is a special year for all concerned due to many Microsoft products going End of Life (EOL) in January of 2020. We’ve covered the whys of EOL in previous pings, so in this edition we would like to remind you of the importance of keeping your servers updated and workstations rebooted when prompted. We discussed this necessity in The Ping: Updates and Upgrades, and we encourage you to review it. Staying ahead of the game will help prevent down time from malware and slow systems or hardware crashes. This edition of “The Ping!” should answer any lingering questions about Microsoft’s EOL policy and dates.
As the year draws to a close, we want to remind you of how important it is to stay diligent with your cybersecurity awareness training and security updates. This year, like years past, cybersecurity breaches have topped headline news and may have affected you personally. Let’s review some of the larger breaches and malware risks this year. These are security breaches that allowed someone or some group to access personal information, and they could even access some examples of how that information was used.
For each area of concern with sensitive data, there are published guidelines to follow in order to achieve compliance. Reading and digesting the guidelines in whole can be a difficult task. There are decision making tools, technical requirement write-ups, security policies, and security procedures to pour through. So, without getting into the nitty gritty, we want to answer some of the frequently asked questions that come our way.
Criminal Justice Information Services (CJIS)
Criminal Justice Information Services, or CJIS, is a division of the FBI that provides criminal justice information needed to perform law enforcement duties. It “serve[s] as the focal point and central repository for criminal justice information services in the FBI.” – FBI. In Texas this information is disseminated via the DPS and includes details such as vehicle registration, criminal history, driver’s license, license plate, firearm, etc. Because this information is highly sensitive and needs to be protected, CJIS provides security compliance requirements and performs audits to ensure these requirements are being met. Below are just a few example requirements of the Security Policy…
- Security Awareness Training
- Perimeter Intrusion Detection
- Advanced Authentication
- Maintain Log History
- Change Management
- Device Encryption
Failing a single audit flags an agency as non-compliant. If compliance is not achieved, the agency can lose access to the information and tools needed to perform their duties.
What is compliance? Some of you might be acutely aware of this term, and others might have little to no idea. In broad terms, business compliance means following the rules required to secure your business and the people that interact with it. More specifically, compliance is aimed at information security. Business Compliance means you are complying with requirements by a credible organization or government department that promotes the security and protection of sensitive information.
Cybersecurity starts first, and foremost, with people. Even with a secure perimeter, the people using the network can introduce risks to the environment. Teaching your employees what to look out for and where their responsibilities lie are the first steps to closing the security gaps and lessen the chances of your business falling victim to a vicious attack.
Recently we’ve had a few questions from customers regarding upgrades and updates. Let’s dive into the purpose of these updates and upgrades to break down the reason why they are so important.
Everyone wants to save money, but sometimes making the cheaper decision right now will cost you more in the long run. Let’s discuss a few things you want to watch out for when buying hardware and software to meet your IT needs.
*Special Alert* – Extortion Email Scam
A worrying new type of phishing email is going around using stolen data from high-profile websites. These emails include a password that has been used with the user’s email address in the past in an attempt to scare that person into sending the scammer money (typically Bitcoin). Since the emails include personalized information, they appear credible in ways typical phishing emails do not. Typically, the scammer is claiming that they have recorded “compromising activity” and blackmailing the user for their silence.
Within the last year, Facebook, MyHeritage, Ticketfly, Under Armour, and several other high-profile services have been compromised.