Network Security

SECURING THE PHARMA MANUFACTURING SUPPLY CHAIN

SECURING THE PHARMA MANUFACTURING SUPPLY CHAIN

As a Pharma Manufacturer, did you know your supply chain could significantly increase your organization’s risk for cyber-attack? Read the 3 minute Blog post by JSCM Group to find out how to protect your organization.

New Patch Blocks Windows RPC Vulnerability

Thursday, April 21, 2022—In their “April 2022 Patch Tuesday”, Microsoft released a fix for the new Windows CVE-2022-26809 vulnerability. Rated as “Critical”, the 26809 vulnerability could validate unauthorized remote code execution through Microsoft Remote Procedure Call (RPC) communication protocol.

The Passion for Cyber Security – Part 3

The Passion for Cyber Security – Part 3

I’ve spent the last month thinking hard about my time so far in cyber security, and it has brought up a lot of good memories. The biggest thing that has stuck with me, and the thing I will leave you all with, is the top reason I love this career: my coworkers.

Evaluating Cyber Security in Your Supply Chain

Evaluating Cyber Security in Your Supply Chain

Many organizations fail to evaluate the security of their supply chain and properly identify the risks they face that could cause mass interruption to their operations. We consider this a major oversight as recent news articles support.

Brand (blind) Loyalty

Brand (blind) Loyalty

There is not a single network that I can think of in the last several years that we designed and deployed that is 100% from one hardware manufacturer. And there is not one network that I can think of that has the same brand on the hardware side as the software side.

6 Tips for Increasing Your Online Privacy

6 Tips for Increasing Your Online Privacy

For individuals inside of an organization, maintaining your privacy is one key to becoming more secure. Organizations need to be very cautious with what data they inadvertently leak into the public.

DNS-over-HTTPS

DNS-over-HTTPS

While DoH is designed to add security to Internet traffic, there are also significant concerns with this feature being automatically implemented. Its implementation may be beneficial for personal use, but will cause significant issues for organizations and their networks.

Security Testing Your MSP

Security Testing Your MSP

Most people never ask the MSP what their security practice is, let alone ask for a third-party assessment of the organization. I hope this post convinces anyone looking at hiring, or who already uses, an MSP to get verification of their practices.

Look for Reduced Risk, Not Perfection

Look for Reduced Risk, Not Perfection

Security is a role now in most every mid-sized company and larger. Smaller companies may need to outsource it, but having someone dedicated to securing the infrastructure and data is as key a role as operations.

Doing More Than Just Phishing Training

Doing More Than Just Phishing Training

Phishing continues to be the major threat to end users and organizations as we enter 2020. As networks become more restrictive at the firewall level, attackers continue to create innovated ways around phishing and what they are after.

Why Executives Resist Security Initiatives

Why Executives Resist Security Initiatives

You will be hard pressed to find people asking the IT department for tighter security controls that affect them and how they do their work. So, it is likely that if a request comes from the executive office to implement tighter security controls, what they are really wanting is to implement tighter security controls on everyone else and in the background.

10 Questions to Ask Your Cyber Security Provider

If you have a cyber or a managed security provider, a general IT firm, or your brother in-law handling your cyber security you need to ask them some questions. Or maybe you don’t have one yet but are considering hiring someone. Regardless of where you are at today, as 2020 approaches you need to take a hard look at your positioning and who you are working with.


Believe it or not, just because a firm does IT work, cyber security work, or says that they provide security services does not officially verify them as secure. We have tested a lot of organizations and I can assure you that not everyone passes our tests!  For one example, it is a known statistic that 82% of IT people will fail a phishing test.


Regardless of who you work with, us or anyone else, I wanted to arm you with some necessary questions you need to ask anyone touching your network. Here are 10 great questions you should ask and some comments to think about.


1. When was your last security assessment from an outside firm? Can I get a copy of the executive summary?

Every organization needs an assessment from an outside firm. It is impossible to self-analyze accurately.

2. What type of multi-factor authentication do you use on your devices and line of business applications?

If they don’t use MFA your information is not secure.

3. How many people inside the organization have or will have access to my system? How do you encrypt my passwords? How do you control access to my information internally?

Unfortunately, not everyone is honest. Your security provider should limit access to your system, encrypt it, and revoke it if an employee leaves the company.

4. How often do you conduct Phishing Testing?

Spear-phishing tests are necessary at any organization and you want to make sure that your security provider is conducting proper and frequent tests. It could be your information they are after.

5. How often are your employees required to attend training?

Training by an outside company is especially important for technicians and testers to make sure they are up-to-date with the current trends. They also should also be attending regular conferences. We require all employees who are actively testing to do this.

6. Are all technicians and sales reps certified on the equipment they support or sell?

Regular training and testing is required by most partnerships. But, in most cases, not every employee is required to do this. You need to make sure that those on your system are qualified and not fumbling around.

7. Are all of your employees background checked?

Seems straight forward but not common in IT.

8. What are 5 trends that will affect technology in my specific industry in the next 2 years?

If they cannot answer this, then they should not be selling to you.

9. What is DPI?

Throw them with a specific question. Just so you know, Deep Packet Inspection, commonly referred to as DPI, is how you inspect SSL/HTTPS traffic. DPI is basically how you access anything secure on the internet. 80% of all traffic on the internet is sent securely, and by default your network is incapable of scanning this traffic. There are ways to scan for this threat and people who know security can easily accomplish this. If you are not scanning this traffic you are missing any array of risks. Furthermore, if your provider does not know how to do this or what it is, don’t work with them.

10. Can I meet or have a call with someone from your executive team?

If you get a no, walk away. If you get a yes, ask them all of these questions again to make sure you get the same answers. Many top employees are exempted from security requirements putting you at great risk. You also want to make sure you have a relationship with someone who is responsible for the business success.

The Power of Training

The Power of Training

Get your IT and cyber security team(s) trained on whatever platforms you employ.  This isn’t a luxury item anymore, it is required.

South Carolina Insurance Data Security Act (h4655) Simply Explained

South Carolina Insurance Data Security Act (h4655) Simply Explained

One of the main components of the Data Security Act is to perform a Risk Assessment. This component is recommended to be performed by a 3rd party security consultant. This requirement is to be in place by July 1, 2019 and is to be performed annually by July 1st.