icon

Articles by tag "security"

12/19/2018 Compliance

Ask Our VP of Compliance: December 2018

IT Compliance vs. IT Security : “What’s the difference?”

It is without a doubt that 2018 has become the year of IT Compliance. With so many new laws becoming effective, including EU’S GDPR, California’s Data Privacy Law, and Canada’s PIPEDA, the line between security and compliance may seem easily blurred for IT professionals. So, the question becomes: How do we produce a comprehensive security program, while ensuring that we meet compliance obligations? However, there is one problem that surfaces repeatedly, regardless of which regulatory standard (e.g., PCI, HIPAA, etc.) your company must meet, and that is failing to understand the difference between compliance and security. Sometimes organizations think that these are one and the same to the point that they become so consumed by complicated regulations that they stop focusing on security altogether. This month's edition of Ask Our VP of Compliance will address the differences between IT Compliance and IT Security:

  • IT Security: Explained
  • IT Compliance: Explained
  • What Are the Differences? And Why are Both Necessary?
  • How do IT Compliance Management and IT Security Management Integrate?
  • Becoming COMPLIANT and SECURE
10/24/2018 Newsletters

Content From Your Email is Being Cached

You have your corporate email defenses lined up. While you may be using an out of the box product such as Microsoft O365 or something more sophisticated like ProofPoint – here is what you need to know.

Although you might be as safe and secure as possible you should still be aware of the vulnerablities that exist and can affect you.  

Unless users are restricted from using mobile email apps, there is nothing that can protect you. This risk extends even to disclosure of your corporate authentication. 

Click here to read about this potential threat.

6/20/2018 Newsletters

CISSP Certification

5/21/2018 Compliance

Digital Edge GDPR Compliance Statement

Author: Danielle Johnsen (VP of Compliance)
Date: 21 May 2018
Version: 1.1

This document defines Digital Edge’s policy on General Data Protection Regulation of European Union and is based and principles.

10/30/2017 Newsletters

Alerting for Fraudulent Rules Setup in Office 365

Friends and Colleagues, 

It is critical that at this time, the Digital Edge Security Team sends an urgent warning about a wide-spread email phishing campaign aiming at Microsoft Office 365 users. The emails have subject similar to this: “View your Office 365 Business billing statement for…”

The email looks very real and our Security Team is urging what users should pay attention to when analyzing such email for authenticity.

Multiple clients have notified us about receiving said emails and some people were getting trapped by this campaign. 

Click here to read more about this incident of email phishing and possible remediation for this and further attack involving setting up spying rules in your Office 365 account.

9/19/2017 Newsletters

Amazon Security Is Not Enough

Using cloud platforms does guarantee that customer deployments on those platforms will be automatically secured. Regardless of how advanced the security of the products is, if a customer leaves login as admin/admin - the entire deployment will be vulnerable. This admin/admin is only one very simple example, and is exactly why Equifax had its major security breach. 

Digital Edge not only suggests, but implores companies to implement security frameworks such as ISO 27001, NIST Core or SOC2.

Recently, the resumes of potential, current, and previous employees of the US Department of Defense and the US intelligence community were exposed. The documents were found on an insecure Amazon S3 bucket that was not password protected. Amazon needs a stronger third-party cybersecurity to prevent these issues, especially since it is such a large company. This can become very disastrous, for clients and Amazon if the problem isn’t fixed. To find out more information, click here!

8/13/2017 Newsletters

Penetration testing. Helping clients to secure their infrastructures

Recently Digital Edge security team receives lots of requirements for an external penetration testing. We help our clients to achieve their goals. Our team would not just scan networks. We would work with our clients to resolve security concerns. We do not limit clients on number of runs to make sure that all the issues are resolved and scan comes clean. Below is a testimonail from one of our happy client.
 
“Digital Edge was a referral from a colleague in the ASCII Group professional IT consultants network.  I had a client that needed to comply with downstream vendor security requirements.  Having an independent security consultant audit my client was just what we needed.  They provided a detailed report of issues and more importantly how to fix them.  I highly recommend the Digital Edge security team to decision makers that need professional security analysis for their organizations.”
 
Brian Wheeler, Owner
Resolve Technology
 
Digital Edge security team will continue to work with IT groups to assist in ensuring safty for IT infrastructures.
 
6/28/2017 Newsletters

2 Facts about the New Cryptolocker Ransom.Petya

A brief message from the Digital Edge Security Team

  1. All Digital Edge’s clients are patched and safe. If you are not Digital Edge client and feel that you may need assistance please contact us
  2. If you are affected by Ransom.Petya, do not pay the ransom and speak immediately to the Digital Edge Security Team. Further analysis of the cryptolocker, revealed that data retrieval is possible without paying ransom. Please contact our Security Team if you need an assistance with recovering and removing Ransom.Petya. 
     
5/28/2017 Newsletters

Unintentional Damage - Warning About Possible Information Disclosure

Traffic analytical tools can cause unintentional sensitive information disclosure.  

Most of precisely targeted attacks on IT infrastructures are originated from outside of security perimeters of the victimized organizations. However, the security openings allowing cyber attackers to breach security mechanisms overwhelmingly originated either with unintentional help of insiders or disclosure of sensitive information. 

Read more on this subject and how the Digital Edge Security Team helps clients mitigate or prevent these risks.

5/5/2017 Newsletters

Digital Edge ISO/IEC 27001:2013 Certification Success

As of May 1, 2017, Digital Edge is proud to announce its official certification of the International Standards Organization (ISO) 27001 framework for Information Security Management, a specification for an information security management system (ISMS). ISO is an independent, non-governmental international organization with a membership of 163 national standard bodies. ISO is credited for publishing more than 2100 international standards, covering almost every industry, from technology, to food safety, to aviation and healthcare. By adopting the ISO 27001 framework, Digital Edge will protect businesses from threats, including internet fraud, hacking, overseeing of transactions and other cyber security threats.

Undergoing the process of getting certified by ISO is vital to Digital Edge because these standards evaluate process effectiveness and better structures company management and growth. Digital Edge’s clients will always be insured with quality services with the core value of “Stability, Security, Efficiency, and Compliance”. Digital Edge received this certification with minor and no major non-conformities, proving once again that our security processes are constant. 

Receiving the ISO 27001 certification, proves that Digital Edge’s processes meet the best quality and security standards for our clients. Digital Edge guarantees our clients and partners are receiving outstanding services, demonstrating our serious commitment to these security controls.

Let's talk: 800-714-5143

Speak to a specialist