Articles by tag "security"

Author: Danielle Johnsen (VP of Compliance)
Date: 21 May 2018
Version: 1.1

This document defines Digital Edge’s policy on General Data Protection Regulation of European Union and is based and principles.

Friends and Colleagues, 

It is critical that at this time, the Digital Edge Security Team sends an urgent warning about a wide-spread email phishing campaign aiming at Microsoft Office 365 users. The emails have subject similar to this: “View your Office 365 Business billing statement for…”. 

The email looks very real and our Security Team is urging what users should pay attention to when analyzing such email for authenticity.

Multiple clients have notified us about receiving said emails and some people were getting trapped by this campaign. 

Click here to read more about this incident of email phishing and possible remediation for this and further attack involving setting up spying rules in your Office 365 account.

Using cloud platforms does guarantee that customer deployments on those platforms will be automatically secured. Regardless of how advanced the security of the products is, if a customer leaves login as admin/admin - the entire deployment will be vulnerable. This admin/admin is only one very simple example, and is exactly why Equifax had its major security breach. 

Digital Edge not only suggests, but implores companies to implement security frameworks such as ISO 27001, NIST Core or SOC2.

Recently, the resumes of potential, current, and previous employees of the US Department of Defense and the US intelligence community were exposed. The documents were found on an insecure Amazon S3 bucket that was not password protected. Amazon needs a stronger third-party cybersecurity to prevent these issues, especially since it is such a large company. This can become very disastrous, for clients and Amazon if the problem isn’t fixed. To find out more information, click here!

A brief message from the Digital Edge Security Team: 

1. All Digital Edge’s clients are patched and safe. If you are not Digital Edge client and feel that you may need assistance please contact us. 
2. If you are affected by Ransom.Petya, do not pay the ransom and speak immediately to the Digital Edge Security Team. Further analysis of the cryptolocker, revealed that data retrieval is possible without paying ransom. Please contact our Security Team if you need an assistance with recovering and removing Ransom.Petya. 
    

Traffic analytical tools can cause unintentional sensitive information disclosure.  

Most of precisely targeted attacks on IT infrastructures are originated from outside of security perimeters of the victimized organizations. However, the security openings allowing cyber attackers to breach security mechanisms overwhelmingly originated either with unintentional help of insiders or disclosure of sensitive information. 

Read more on this subject and how the Digital Edge Security Team helps clients mitigate or prevent these risks.

As of May 1, 2017, Digital Edge is proud to announce its official certification of the International Standards Organization (ISO) 27001 framework for Information Security Management, a specification for an information security management system (ISMS). ISO is an independent, non-governmental international organization with a membership of 163 national standard bodies. ISO is credited for publishing more than 2100 international standards, covering almost every industry, from technology, to food safety, to aviation and healthcare. By adopting the ISO 27001 framework, Digital Edge will protect businesses from threats, including internet fraud, hacking, overseeing of transactions and other cyber security threats.

Undergoing the process of getting certified by ISO is vital to Digital Edge because these standards evaluate process effectiveness and better structures company management and growth. Digital Edge’s clients will always be insured with quality services with the core value of “Stability, Security, Efficiency, and Compliance”. Digital Edge received this certification with minor and no major non-conformities, proving once again that our security processes are constant. 

Receiving the ISO 27001 certification, proves that Digital Edge’s processes meet the best quality and security standards for our clients. Digital Edge guarantees our clients and partners are receiving outstanding services, demonstrating our serious commitment to these security controls.

Digital Edge was engaged by a US based hardware manufacturer to implement Cisco Identity Manager and BYOD Policies. The client infrastructure is deployed in US Based headquarters, 2 offshore development offices, 2 datacenters, and AWS web services.

The project was successfully delivered and accepted in April 2017. 

Author: Danielle Johnsen (VP of Compliance)
Date: 5 April 2017
Version: 2.0

This document defines Digital Edge’s policy on Information Security and is based on the following principles.

WikiLeaks has recently exposed that the CIA possessed the capability to hack into nearly every device you own. With all that we have learned from these leaks,  Digital Edge wants to take the time to focus on is the “zero days” concept – which can be simply put as a weakness/hole in a system that allows a hacker to breach it before anyone even knows about this vulnerability. The act of reporting the vulnerability is known as “zero days”.

Once a hole in the system is found, it should be reported immediately, so it can be patched up before it’s exploited.

Read more about this here.