Vendors (this is probably you) are often asked by clients to supply some sort of proof they will protect the client’s sensitive data. While this may seem like a reasonable request, knowing how much information to share and the best way to do that is important. As a vendor, you may receive multiple requests from clients for compliance reports or third party validated security reports, such as a SOC 2. If you don’t have a third-party validated report, the client may ask you to complete a security questionnaire. (Something we discussed in a recent blog, here.) That process can be very time consu ..read more

View The Cost of an Email Phishing Attack as PDF Security Consulting Services Be prepared for a mistake! Perform a business impact analysis to understand how various cyberattacks will affect your business. Bob manages inventory at a mid-size manufacturer. On a very busy day, Bob sees an email from the IT team asking him to confirm his login information. He clicks a link, confirms his login credentials and gets back to what he was doing. Without knowing it, Bob just gave his credentials to a hacker, who logs into the company environment and starts figuring out what they can access. A few secon ..read more

When most people talk about developing an information security program, they are referring to the administrative, physical or technical controls used to protect information. While no information security program can be effective without them, there is one key element that is often underestimated: the employee element. The reality is that employees are responsible for designing, implementing and following all controls put in place to protect sensitive information. One misstep by an employee can spell disaster in terms of information security. And it often does. The good news is that by providi ..read more

Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, which has helped citizens better understand the risks of online security threats and to become more educated about the daily, evolving environment of personal and public security. If inaction due to unawareness is a driver of threat events then it is important to empower businesses and the public with the ability to take actions based on awareness. With the help of Pratum and the Technology Association of Iowa, the State of Iowa made the important move from basic awareness ..read more

Hackers, like all humans, crave efficiency. And that makes your employees their favorite target. It’s easier, after all, to crack a person than a computer. Even though your cybersecurity fears may envision someone tapping out code in a darkened room, the bigger threat is an e-mail that fools an employee into granting access to the company’s system. That’s why social engineering attacks (such as bogus e-mails in phishing attacks) have become the most common method for penetrating an organization’s system. To fully protect your data, you have to educate and motivate every employee to make cyber ..read more

Leading information security executives gathered at the 10th Annual Pratum Secure Iowa Conference during one of the breakout sessions to discuss the corporate and technical role of the Chief Information Security Officer (CISO) and the challenges of balancing risk management with nimble strategic information security decision-making. CISO Panel Members: Meg Anderson, Principal Financial James Johnson, John Deere Ben Schmitt, Mary Greeley Medical Center A CISO’s Role: Fostering a Security Culture The panel was asked by moderator David Cotton what first steps a new CISO should take in approachin ..read more

As a business, you have access to a lot of customer and vendor information. While many companies take this responsibility very seriously, not everyone is doing all they can to ensure security. One way that some businesses fall short is by not encrypting emails on a regular basis, or at all. In this article we’ll explain the importance of encryption, and how you can start securing your emails now. What is Email Encryption Email encryption is sort of a disguise for your correspondence with clients and coworkers. Encryption software turns your text, documents, and other data into scrambled code ..read more

How do you prepare for a SOC 2® audit? Many businesses look to Pratum for help with SOC 2®, so we have put together this overview to help provide insight into our process. We also discuss what you need to do to prepare for a successful SOC 2® report. Common SOC 2® Questions: What is SOC 2®? SOC 2® is an externally validated report. Company are often asked by their clients to provide some form of cybersecurity compliance report to prove they have adequate security controls in place to protect data/information shared between the two organizations. SOC 2® reports must be completed by an AICPA fi ..read more

A new federal advisory warns users of four VMware products to take immediate action on vulnerabilities that allow hackers to execute remote code. The Cybersecurity and Infrastructure Agency (CISA) has issued an emergency directive ordering federal civilian executive branch agencies running specific types of VMware to update them immediately or remove them from networks. Private organizations should obviously assess their own risk with these products. CISA says the VMware products’ users should assume they’ve been compromised, disconnect the product from the network and start threat-hunting ac ..read more

Leading a business means deciding which risks are worth taking, and a business impact analysis (BIA) provides a critical resource for making informed risk management decisions. This blog explains how to conduct an effective BIA that will point you toward the right investments for your overall risk assessment strategy. Let’s start with a few fundamentals: At the basic level, your risk management goal is identifying the likelihood and impact of any given risk. You’re looking for answers to questions such as, “How likely is it that our ERP platform could go down? How long would it take us to res ..read more