Customer Case Study: Canna Care

Canna Care Docs is a dynamic company specializing in cannabinoid therapies.

Canna Care Docs hired Towerwall to assess their effectiveness in protecting sensitive information such as patient health information and employee personal information from security breaches.

 

Click here to read the Case Study >

 

 

 

Free Whitepaper: Banking Cannabis: The Information You Need to Know to Build a Successful Banking Cannabis Program

Free Whitepaper: Banking Cannabis: The Information You Need to Know to Build a Successful Banking Cannabis Program

This eBook is a quick start guide for financial institutions who are interested in Banking Cannabis. It covers: the Cannabis Outlook on a national and state level, who is banking cannabis today, the problem with banking cannabis today and how Towerwall can help.

 

Download Whitepaper Now >

 

 

 

Information Security Summit 2017 Recap: Ransomware, Application Security, Unstructured Data and the Cloud

 

Thanks to all who attended and sponsored our 2017 Information Security Summit. It was a great turnout where we discussed a number of issues and threats facing InfoSec today. We were happy to see attendees share ideas and continue the discussion online with #summitbuzz17

Here are some of the topics discussed at this year’s summit:

 

Ransomware & Malware

Malware continues to be an ever-growing challenge for IT and Security.

 

 

The Importance Of Protecting Unstructured Data

 

Data in the Cloud

Gary Miliefsky, CEO of Snoopwall, Inc., said the issues posed by cloud data storage affect many people, even those who do not think they use the cloud themselves.

“There are devices in your house and in your pocket that use cloud storage, and you don’t even think about it,” he said, pointing to an incident in which Samsung TVs with internet connectivity stored words they overheard in the cloud. “People are giving up privacy rights for connectivity.”*

 

“We Can’t Be Afraid Of New Frontiers Like Cloud”

Keynote speaker and Former Massachusetts Attorney General Martha Coakley noted “We Can’t Be Afraid Of New Frontiers Like Cloud”.


 

Takeaway: So How Do We Keep Our Data Safe?

  • People, processes and technology need to work together to address today’s security threat. Security frameworks and proactive risk assessments are necessary
  • Robust vendor risk assessments are necessary to do business securely with third party providers
  • Breach response readiness, planning, and tabletop exercises should be part of a comprehensive security program

 


 

Thank You and See You Again Next Year!

Finally, a thank you to all who sponsored and attended. It is through your participation that the success of our summit is possible. We are happy to report we raised funds for MassBay scholarships that will, among other things, support students exploring a career in cyber security!

 


 

Also Check out Press Coverage:

 

10 things I know about… Securing mobile devices

10) Always lock your screen.

Unlocked phones are always going to dangerously accessible. The first line of defense is a PIN, password, pattern or a biometric measure like your fingerprint.

9) Only install trusted apps.

Apps should only ever be installed from official app stores, or your enterprise app store, to reduce the risk of installing malware.

8) Encrypt communications.

Whether it’s an instant message or an email, you should make sure that all your communications are encrypted to protect them from prying eyes.

7) Consider mobile device management.

MDM is essential for ensuring your mobile devices are kept up to date with the latest policy, app updates and security patches. It enables remote wipe and device location.

6) Passwords and privileges

Make sure employees only have access to the apps and data they need, and always password protect to avoid data breaches.

5) Use VPN services.

Virtual private networks will protect your online activities on mobile, covering data transmission and web browsing.

4) Install the latest updates.

To ensure you have the latest fixes for vulnerabilities in the mobile platform and the apps you use, make sure updates are installed immediately.

3) Create mobile gateways.

Directing mobile traffic through a specific gateway with a customized firewall can help you protect your sensitive data but still provide convenient access.

2) Educate employees.

Teach them to recognize a likely phishing attempt, and make them aware of your BYOD policy.

1) Install security software.

Install anti-malware and anti-theft software to help ensure against hacks and theft.

 

This article was originally posted in Worcester Business Journal

Join us for the ISSA New England August 2017 Sponsor Expo

Please join us for the The ISSA New England Chapter’s 2017 Sponsor Expo

Wednesday, August 2, 2017 from 8:00 AM to 4:30 PM EDT
Verizon Labs
60 Sylvan Rd Waltham, MA 02451

You are invited to ISSA, New England Chapter’s Annual Sponsor Expo and Chapter Meeting. Compete in the Security Bee (questions from the CISSP exam) and bring home a cash prize and award (win and place), fame and your place in history.

Register Today >


Agenda:

8:00 AM to 9:00 AM
Registration | Breakfast (Distribute CPE receipt)

9:00 AM to 9:30 AM
Welcome from Chapter

9.10AM to 9.30 AM
Sponsor introductions

9:30 AM to 10:00 AM
Kelley Misata – Uncharted but not Forgotten – Digital Security for Non-Profits

10:00 AM to 10:30 AM
Platinum Sponsor presentation – Protectwise

10:30 AM to 10:45 AM
Break | Booth Visitation

10:45 AM to 11:15 AM
Sandy Carielli – What’s Happening in Crypto Land?

11:15 AM to 11:45 AM
Platinum Sponsor presentation – Checkpoint

11:45 AM to 1:30 PM
Lunch | Sponsor ‘what’s my line’, Booth Visitation

1:30 PM to 2:15 PM
Ken van Wyk – How well do you know your incident response?

2:15 PM to 2:30 PM
Break | Booth Visitation

2:30 PM to 3:00 PM
Ming Chow The Really Hard Problems in Security (or How Big of a Hole Have We Dug Ourselves Into)

3:00 PM to 3:30 PM
Break (Ice Cream Bar)| Booth Visitation; Raffle Announcement

3:30 PM to 4:30 PM
Security Bee ($250 Winner Prize)


 

About ISSA

The Information Systems Security Association (ISSA) is an international organization providing educational forums, publications and networking opportunities to enhance the knowledge, skills and professional growth of its member information security professionals. The primary goal of ISSA Is to promote management practices that will ensure availability, integrity and confidentiality of organizational resources.

 

About ISSA New England

ISSA New England is one of the oldest and largest ISSA Chapters with about 300 members from a broad variety of New England organizations.

If you would like to contact any member of our Board of Directors, please refer to the following link: ISSA NE Board of Directors

 

 

 

When It Comes to Cyber Security, The Weakest Link is Still Employees

We need to make sure the highly regulated world of cannabis business knows how to protect its data, customer and otherwise, yet also control access to it without too much hassle.

As an insurgent breed, hackers are savvy and will seek out the path of least resistance. When your defenses are good, the weak link is often your employees.

Data breaches are most likely to be the result of employee error or an inside job, says the ACC Foundation: State of Cybersecurity Report.

Of course you want to maintain normal operations around your firewalls, malware defenses and data protection. But all too often employees are an afterthought.

 

Don’t Let Sleeping Dogs Sleep

Some unscrupulous former employees may see an opportunity to profit.

Inactive user accounts are ripe for exploitation by attackers. By using legitimate, but inactive, accounts, a former employee can easily impersonate legitimate users and mask their nefarious activity.

There’s also serious potential risk involved when accounts associated with former employees or temporary contractors are not deleted when employment ends. They may be left with unauthorized access to sensitive data, which is especially dangerous if the split wasn’t amicable.

 

Simple Rules for Sleeping Dogs

There are a few simple rules you can put in place to ensure inactive accounts aren’t a potential route in for attackers or a potential route out for sensitive data.

  • Account access should be revoked immediately when an employee or contractor is terminated or leaves for any reason. You may prefer to disable access rather than delete accounts.
  • Accounts should be monitored and flagged if they don’t have an associated business process and owner.
  • Automatically log off users after a period of inactivity and use screen locks to guard against access via unattended computers.
  • Be vigilant for failed log-ins and attempts to access deactivated accounts.
  • Profile user behavior so that log-ins at odd times of the day or night, or log-ins from new devices, are flagged.

You’ll also want to enforce multi-factor authentication wherever possible, ensure that passwords and user names are fully encrypted, and configure and authenticate centrally.

Careful account monitoring is especially important at large organizations where breaches are more than twice as likely, according to that same ACC Foundation report.

 

Gap Analysis and Training to Fill Gaps

It’s easy to focus in on the technology that you need to employ to bolster your cyber security defenses and forget that people can neatly sidestep all your efforts by taking the wrong action.

Perhaps your IT staff isn’t quick enough to patch or review logs. Maybe your security policies are not enforced in any meaningful way, or your employees don’t know any better than to click on a malicious link in a phishing email.

Attackers will go to great lengths to exploit any weaknesses or gaps here, and in many cases, they can persuade people to effectively lower the defenses and let them in.

The first thing to do here is to perform gap analysis and find where employees lack the skills required to implement your cyber security plans and policies. You have to know where they are going wrong before you can steer things rights.

Provide relevant training via outside experts, or even conferences and online courses. Make learning modules bite-sized and easy to understand. They must be updated to reflect the latest threats, and employees should complete them every few months. No one should be immune from this.

Senior management may be resistant, but they actually pose the greatest risk if a phishing attack is successful. They should complete the same training.

 

Putting the Fox in the Hen House

As a way to test how porous employees could be, the largest bank in the country tested staff with a fake phishing email after it suffered a data theft just a few weeks prior. Despite increasing their cyber security spend, 20 percent of these employees clicked on the bogus email. Had it been real, that action would have downloaded a malicious payload onto the bank’s network.

If you don’t take some time out to spend resources on awareness for employees and specific training where necessary, then you can unroll all your good efforts to improve your security and keep your business intact.

As you can imagine, the disruption to business from an attack is no picnic.

 

This article was originally posted in Cannabis Business Executive >

Join Towerwall & Sophos for “The End of Ransomware” Webinar

“Those within cyber security circles know ransomware has become a lucrative billion dollar business for an army of cybercriminals…It’s time you learn about the tricks and trade of cybercriminals and how their threats are constantly evolving.”– John Shaw, Vice President, Enduser Security Group, Sophos

Please join Towerwall and Sophos for an exclusive lunch and learn.

You’ll find out about:

  • Polymorphic Malware
  • What is Next Generation Malware
  • How does a ransomware attack happen?
  • 9 best security practices to apply NOW!

 

Register Now >