Últimas notícias

Fique informado

Top 5 cybersecurity recommendations amid the COVID-19 pandemic

01/04/2020

Spotlight

Como confirmar a validade das assinaturas digitais ICP-Brasil?

Com o isolamento social a tecnologia da certificação digital vem possibilitando com que pessoas e empresas resolvam alguns procedimentos por meio de documentos eletrônicos, mas como ter segurança?

21/05/2020

Multi-cloud é o novo normal, mas é um desafio maior à segurança de dados

A preocupação com o controle de identidades digitais nos ambientes corporativos se intensifica entre os CIOs do mundo todo na mesma proporção em que surgem as aplicações em Nuvem.

18/05/2020

Serviços eletrônicos proporcionam mobilidade, mas estão seguros?

COVI-19 alterou muitos hábitos de indivíduos e empresas em todo o mundo e nunca a tecnologia da informação foi tão importante quanto agora para disponibilizar serviços eletrônicos seguros.

30/03/2020

Industries have seen a sharp rise in cyberattacks even as the COVID-19 pandemic continues, including cyberattacks focused on health care using spear-phishing and ransomware, impersonation attacks combined with business email compromise (BEC) targeting financial systems, supply-chain cyberattacks, and distributed denial of service (DDoS) cyberattacks on the energy, hospitality, and travel industries.

By Doug Davidson

Doug Davidson

With the spread of COVID-19, increased demands for information technology support services are occurring across nearly all industries as worldwide employees, students, and others are working remotely.

As a result, nation-state and criminal cyberattack groups are taking advantage to target cyber vulnerabilities.

Even as firms across all industries are learning to operate in this dynamic environment, a focus on cybersecurity is important to help prevent a successful cyberattack from further impacting company operations.

Cybersecurity recommendations

To reduce the probability of a cyberattack or significant data breach and mitigate the negative financial and reputational impacts, the following cybersecurity recommendations are applicable to all industries.

Create an organizational culture of cybersecurity

Ensure the C-suite consistently promotes and supports employees’ practice of safe cybersecurity behavior via a comprehensive cybersecurity awareness, education, and training program, with an emphasis on guarding against spear-phishing campaigns. Raising awareness during this time period is critical because remote employees are often working with less security protection than when they are in the office. They are weaker and they are the prime target.

Harden new network components

As firms have moved to network architectures that support social distancing with remote working literally overnight, key vulnerabilities have likely been introduced. The following steps will help protect the network:

– Ensure remote workers are accessing company resources using VPN technologies.
– Ensure that no remote desktop connections are in place; instead use a remote viewing program like Anydesk or TeamViewer.
– Ensure visibility and monitoring for remote connections, including those of employees, contractors and others with access to company network resources.
– Routinely monitor and audit email accounts and automated email rules, especially in cloud email platforms such as G-Suite and Office 365.

Conduct cyber diagnostic assessments

On a regular basis, this action results in finding weakness before an attacker does, including email assessments, spear-phishing campaigns, vulnerability scanning and penetration testing.

Conduct 24/7/365 monitoring, detection, and response (MDR)

It is essential to continually monitor, detect, and respond to all cyber incidents, including any incidents relating to your company’s: email system, network, software applications, and all information system endpoints using advanced security information event management (SIEM) software, data visualization tools, automation, and artificial intelligence (AI) capabilities.

Plan for more bad news, both from cyberattacks and other events

Establish a cyberattack incident response plan: Develop and periodically test an enterprise-wide, well-coordinated information system incident response plan to quickly identify, contain, eradicate and recover from cyberattacks. Inform employees of their role in reporting incidents and consider grace to those who make mistakes but quickly report them.

It’s also important to ensure information system resilience. Review and test existing enterprise-wide business continuity plan (BCP) and disaster recovery plans (DRP). If no plan is in place, implement and test an enterprise-wide BCP and DRP.

GBQ’s information technology services team helps clients develop plans about how to be resilient in the face of a cyberattack or other business risks. Learn more.

GBQ has been a top tax, accounting and consulting firm for more than 65 years. GBQ IT Services is one team of builders, breakers, operators and auditors with access to a consortium of 50 experienced IT, cyber and assurance professionals delivering IT risk, cybersecurity and productivity solutions.

Doug Davidson, CISA, is the director of information technology services for GBQ. Davidson joined GBQ in 2016, bringing 30 years of experience working with technology and technology leadership in companies ranging in size from innovative, emerging businesses to Fortune 500s.

Fonte: bizjournals

 

Serviços eletrônicos proporcionam mobilidade, mas estão seguros?

COVI-19 alterou muitos hábitos de indivíduos e empresas em todo o mundo e nunca a tecnologia da informação foi tão importante quanto agora para disponibilizar serviços eletrônicos seguros.

 

29set01outEvento CanceladoBrazil Cyber Summit 2020 - NOVA DATAExplore a tecnologia, percepções e tendências que dão forma ao futuro da cyber e dos negócios 29 de setembro a 01 de outubro de 2020 | Brasília (setembro 29) 08:00 - (outubro 1) 18:00 Brasilia Hotel Royal Tulip Brasilia Alvorada, SHTN Trecho 1 Conjunto 1B - Bloco C - Asa Norte, Brasília