Cybersecurity Knowledge Bank

    Three Mistakes that can Derail your Cybersecurity Program Before it Begins

     Cybersecurity continues to be a top-of-mind concern for companies in the wake of severe data breaches and evolving regulatory standards. To arm their workforce and deter potential cyber-attacks, many companies are implementing internal cybersecurity programs, often supported by external cybersecurity experts, to reinforce high security standards and empower their employees to thwart potential attacks from common vectors. Effective security is more than just the decision to implement a program, however; it takes a concerted effort and a cultural shift to completely change how your company understands cybersecurity and how seriously your employees internalize new security standards. Without the proper level of buy-in, your company’s program can be derailed before it even begins. Here are a few common pitfalls to avoid for companies looking to commit to outstanding cybersecurity for the long haul.

    Just Got Hacked? What to do Now and How to Strengthen Cybersecurity

    You arrive at work on Monday morning and immediately find that the network server’s Event Viewer lists hundreds of failed login attempts over the weekend. They occurred consistently in two minute intervals, and then Sunday afternoon the attempts seem to abruptly stop. Is this the work of hackers? Does the abrupt stop mean that hackers have abandoned their attack, or have they successfully logged in and infiltrated your network? It’s imperative that you do not panic, but most importantly, do not take your investigation forward on your own.

    Do You Want to Design a Cybersecurity Program That Will Satisfy Regulators, Empower Employees and Encourage Investors?

    The Securities and Exchange Commission (the “SEC” or “Commission”) characterized cybersecurity risk as the most significant threat facing the global financial system. As a result, Fund Managers are under relatively sudden and intense pressure to implement meaningful and effective cybersecurity controls within their organizations.

    How to Protect Your Firm in a BYOD World

    The following article is part of our National Cyber Security Awareness Month (NCSAM) Article Series and focuses on how firms can keep data secure in a BYOD environment. If you missed our first article, click here to read about “The Top Three Cybersecurity Misconceptions”.

    Common Phishing Attack Vectors

    Phishing is the most popular and potent attack vector and is categorized as a social engineering attack often used to steal user data, including login credentials and credit card numbers. The goal of phishing via social engineering is to trick the victim into believing that the message they receive from the phishing perpetrator contains something they want or need — a request from their bank, for instance, or a note from someone within their company — and to click a link or download an attachment. The attacker's primary goal is to compromise systems to obtain usernames, passwords and other account and/or financial data. 

    The Top Three Common Cybersecurity Misconceptions

    The cybercrime ecosystem continues to burgeon and evolve, given the new innovations, the rise of sophisticated onslaughts and the internet of things. To assist firms in staying abreast of cybersecurity best practices and hot topics, this month we’re launching a new article series entitled National Cyber Security Awareness Month (NCSAM) Series. Throughout the month of October, we’ll cover an array of topics related to cybersecurity risk management. Our mission is to empower you with expert insight, so you can enhance your security measures and make the most of today’s technology and resources.

    To kick off our NCSAM Article Series, the following article focuses on debunking common cybersecurity myths.