SMB Cybercast
By CyberX
SMB CybercastJun 25, 2019
IT Asset Management (Webinar Audio)
You can't secure what you don't know exists.
Figuring out what assets you have on your network is your first step in building out a cybersecurity program.
In this webinar, we discussed why it's so important to track the assets on your network.
The audio has been turned into an episode so you can hear it too!
The 80/20 Rule of Cybersecurity for SMBs
Can you think of any company or industry today that doesn’t use computers?
It’s amazing isn’t it?
Technology is changing the way that we do almost everything.
But technological advances aren’t all rosey.
As our companies and lives become more dependant on computers, we also become more vulnerable to attacks.
Here are 5 cybersecurity attacks that you should make sure your small business is prepared to face in 2020.
We’re going to look at how the attacks work and what you can do to prepare.
- Phishing
- Ransomware
- Cryptojacking
- Online Skimming
- Fileless Attacks
Figuring Out Which Cyber Insurance Components You Actually Need Is Tough - Here Are Some Tips
"For the times, they are changing..."
Heard that before? Well, it couldn't be truer than for cybersecurity.
The industry is really changing drastically.
Just this month, we've seen several security breaches in which MSPs (Managed Service Providers) were compromised and used to distribute ransomware to their clients.
And what does the customer clients do in a situation like that?
Insurance...
In fact, every business, but especially small businesses should get cyber insurance.
It can really be a gamechanger.
So, check out this episode and learn what cyber insurance you need.
Get the PDF explaining the 3 different types of cyber insurance and what each covers.
Challenging the Cybersecurity System: Why do we continue to make the same mistakes (Part 2)
In this episode, we talk with Adam Gordon from ITProTV and Chris Foulon from the Breaking into Cyber podcast to discuss some of the things that organizations are getting wrong with cybersecurity.
It's pretty obvious to most people that something in the industry simply isn't working - obvious by the ever-increasing number of breaches we hear about.
Join us as we discuss these fundamental mistakes that are costing so many organizations. Learn so that your organization doesn't make the same mistakes.
Challenging the Cybersecurity System: Why Do We Continue To Make The Same Mistakes (Part1)
In this episode, we talk with Adam Gordon from ITProTV and Chris Foulon from the Breaking into Cyber podcast to discuss some of the things that organizations are getting wrong with cybersecurity.
It's pretty obvious to most people that something in the industry simply isn't working - obvious by the ever-increasing number of breaches we hear about.
Join us as we discuss these fundamental mistakes that are costing so many organizations. Learn so that your organization doesn't make the same mistakes.
Why you should model your cybersecurity program on an industry framework
The California Consumer Privacy Act is right around the corner. Organizations will need to be compliant starting in 2020.
CCPA is a game-changer for the cybersecurity space.
The ability for your customers to sue you for breaches without even having to prove damages is a huge change.
But you can be exempt from legal liability if you "have reasonable security measures" in place and use encryption.
In this episode, we're going to talk about some of the security frameworks that you can use to build security programs.
Common SMB Cybersecurity mistakes and misconceptions
Cybersecurity is a concern that all companies have to deal with. It’s not something only for large companies.
You see, like it or not, we are actually in a cyber war. Nations are actively targeting and attacking one another.
Companies just find themselves caught up in the cross fire.
In today’s episode, our guest, David Sims, a MSP owner talks about some of the common mistakes and misconceptions that SMBs make around security.
Ex-CIA Analyst tells why every small business is a target of nation states cybersecurity attacks
You have probably heard someone say or even thought at some point - I don't have anything of value for a cyber attacker.
If so, you are actually very very wrong.
In this episode, Angela Hill, an ex-CIA analyst walks us through how and why nation states are actively targeting and compromising small and medium businesses.
You will be surprised to find that they value every business as a target.
Links from show:
https://www.dni.gov/index.php/ncsc-how-we-work/ncsc-know-the-risk-raise-your-shield/ncsc-travel-tips
Security Awareness Training: Building transformational programs that actually effect change
In today's episode, our guest, Perry Carpenter from KnowBe4 provides insanely actionable advice on how organizations should implement security awareness programs.
You see:
Just throwing information at employees doesn't make them any better. Instead, organizations must overcome the 3 areas of human weakness to implement change.
Perry walks us through this and more. You'll love the episode.
Also, check out Perry's new book: https://amzn.to/31jKHWV
Using the CIS20 security controls as a starting point for a security program (Part 2)
For small and medium organizations, implementing a formal security program can see like a huge task.
However, breaking this into small steps can help make that goal seem more attainable.
The CIS 20 security controls is a framework that every SMB should begin implementing. Under CCPA, organizations that are following a proven framework, will be exempt from some of the litigation liabilities. CIS 20 is one of the frameworks that California attorney generals have accepted in the past.
If you don't have a security program in place, your organization is like tacking the problem in an ad-hoc manner. Should an attack happen, being organized will give a much greater attempt of surviving.
Using the CIS 20 security controls as a starting point for a security program (Part 1)
For small and medium organizations, implementing a formal security program can see like a huge task.
However, breaking this into small steps can help make that goal seem more attainable.
The CIS 20 security controls is a framework that every SMB should begin implementing. Under CCPA, organizations that are following a proven framework, will be exempt from some of the litigation liabilities. CIS 20 is one of the frameworks that California attorney generals have accepted in the past.
If you don't have a security program in place, your organization is like tacking the problem in an ad-hoc manner. Should an attack happen, being organized will give a much greater attempt of surviving.
What exactly is cloud security? Is it any different than traditional security?
With the widespread adoption of cloud technologies in the last decade or so, we so often hear about cloud security.
In this episode, Adam Gordon, an educator and experienced professional discusses cloud security with us. What exactly is the cloud? How is it different? Is it really new? And the top attack vectors are a few of the topics that we discuss.
Check out the show notes here:
M is For Malware: A Security Consultant's Passion Project
Curtis Brazzell is a security consultant who has been working in information security for several decades.
One day, while reading a bed-time book to his toddler, Curtis had an idea.
Why not write a cybersecurity A-B-C book for kids.
We know that children need to be taught security principles early, right? Curtis's book is the perfect piece to start conversations with children.
To support his book launch, check out his kickstarter here:
https://www.kickstarter.com/projects/curtbraz/m-is-for-malware
HIPAA is an example of the minimum security controls organizations should implement
Donna Grindle from www.helpmewithhipaa.com shares amazing advice with us.
You see:
HIPAA is a great example of the minimum controls most organizations should have in place. Even though HIPAA compliance is only mandated to healthcare practices and their business associates, there are examples for all.
Donna breaks down the various components of the HIPAA regulations - the privacy rule, the security rule, and enforcement.
She also explains that many organizations are considered business associates to HIPAA covered entities and don't even know it. You'll want to listen to be sure your organization isn't in violation.
Security Awareness Training Is One of the most Effective Security Controls
Does your organization have a security awareness program in place? If not, why? Security awareness training is one of the best security controls that an organization can implement.
You know what's even better? It's completely free. Yes FREE.
Gabriel Friedlander from Wizer Training joins us in this episode to talk about his resource that he has developed. Most organizations have a shortage of trained IT security professionals. With training, you can turn all of your employees into security lookouts to give you early warnings when attacks are underway.
SMB Threat Landscape - The Threats and Attacks Small and Medium Organizations Should Be Aware Of
Every organization and person that uses the internet today is at risk of cyber attacks.
In this episode, we are looking at the common attacks that SMBs face every day. We begin with a brief look at the evolution of cyber attacks and end looking at various attack methods and what exactly attackers want from you and your organization.