Cybersecurity Awareness Month

Special Focus on Board Cyber Considerations, Email & Identity Protection and Ransomware

Cyber risks are scary and can cause significant damage to your operations and finances as well as your reputation. Don’t be spooked by these threats, learn how to fight them!

This month, Weaver’s IT Advisory Services team turns the spotlight on three areas that are top of mind with our clients: 1) Communicating with the Board on IT and cyber issues, 2) Protecting your email and identity, and 3) Handling ransomware risks and exposure. We welcome you to contact us directly.

Board Cyber Considerations
Email & Identity Protection
Ransomware

Board Cyber Considerations

The Change Management Game

There are ‘No Slam Dunks in IT.’ Many who have worked in technology operations agree, but this statement is often discounted in organizations. IT professionals often get caught up in the urgency of the moment, short cut change management procedures, or fail to think about the downstream impact of what they see as a minor, isolated change.
Read More

 

Cybersecurity Questions Board Members Should be Asking Management

Cybersecurity risk is regularly on the list of critical topics for Boards to consider. But all too often, Board members need more information to fully understand the actual risks or actions the organization is taking to mitigate them. Not only that, specific steps to resolve cybersecurity risks may not align with the organization’s cyber program.
Read More

 

30 Keys to Cybersecurity

News reports about data breaches can sound like they’re written in a foreign language, which makes cybersecurity seem impossible. Luckily, it’s not. Securing your company’s data requires planning and diligence, but understanding a few key terms will make it easier to understand both the risks and the solutions.
Read More


Email & Identity Protection

Will Colorado’s New Data Privacy Law Affect Your Business?

As federal lawmakers struggle to pass a nationwide data privacy law, states are beginning to enact their own legislation. Colorado recently passed a state privacy law that is scheduled to go into effect July 1, 2023. Anyone living in Colorado, conducting business with Colorado residents, or operating a business in Colorado, should have the Colorado Privacy Act (CPA) at the top of mind.
Read More

 

Your SAQ and You: Common Misunderstandings in PCI Self-Assessments

Growing businesses that accept credit cards are likely to be required to submit a Self-Assessment Questionnaire (SAQ) and Attestation of Compliance (AOC) for Payment Card Industry (PCI) compliance to acquirers (banks) or clients.
Read More

 

Does PCI Apply to Us? Regulated Financial Institutions Want to Know

There is some uncertainty in the banking world about Payment Card Industry (PCI) Data Security Standard (DSS) and whether it applies to regulated financial institutions. This may be largely due to the card brand’s (i.e. Visa, MasterCard, American Express, Discover, JCB) compliance programs, which primarily focus on merchants (entities that receive card payments from one of the five card brands).
Read More

 

SUNBURST Vulnerability in SolarWinds Orion

The week before the holidays is normally a slower week for most organizations. It was anything but for IT personnel the week of December 13, 2020, when organizations were scrambling to triage the cybersecurity attack that has had a series of hashtags and names associated including SUNBURST, SoloriGate, SUPERNOVA, etc.
Read More


Ransomware

Verizon 2021 Data Breach Investigations Report Highlights Top Data Breaches for 2020

As one of the most widely read annual cybersecurity reports, the Verizon Data Breach Investigation Report (DBIR) offers interesting insights into cybercrime. The 2021 report analyzed nearly 30,000 incidents across nearly 90 countries that resulted in more than 5,000 confirmed data breaches during 2020.
Read More

 

How to Prepare, Prevent and Recover From a Ransomware Attack

After a highly publicized cyberattack led to the shutdown of the Colonial Pipeline, many organizations are wondering how vulnerable they are to a ransomware attack. And the reality is, most of us are a target. Unfortunately, any organization that has critical data stored within its network is at risk of being a cybercrime victim.
Read More

 

FBI Alert Highlights Heightened Ransomware Threat to Education Institutions

On March 16, 2021, the FBI issued one of its rare flash alerts notifying of a quickly accelerating wave of Pysa ransomware targeting education institutions in 12 U.S. states and the United Kingdom. Unidentified actors are specifically targeting higher education, K-12 schools, and seminaries, exfiltrating data prior to encrypting the victim’s systems, to facilitate eliciting ransom payments.
Read More

 

IBM Announces $3 Million Grant Program to Strengthen Cybersecurity in Schools

As school districts have adopted distance learning during the pandemic, another threat has become more severe. According to a December alert from the FBI, nearly 60% of reported ransomware incidents between August and September 2020 involved K-12 schools, a 29% jump from the previous months.
Read More

 

Tips for Protecting Your Data Against Ransomware

On March 16, 2021, the FBI issued one of its rare flash alerts notifying of a quickly accelerating wave of Pysa ransomware targeting education institutions in 12 U.S. states and the United Kingdom. Unidentified actors are specifically targeting higher education, K-12 schools, and seminaries, exfiltrating data prior to encrypting the victim’s systems, to facilitate eliciting ransom payments.
Read More


Cybersecurity Services

No two projects are identical. We perform tailored procedures to improve the security posture across organizations through our understanding of diverse technology, security frameworks and industry requirements.

Cyber Risk Assessments
Prioritizing cyber risks that impact security and operations and identifying mitigations.

 

Compliance Assessments
Evaluating systems and processes, and providing results based on criteria and requirements.

 

Vulnerability Assessments
Identifying technical weaknesses across devices to improve the overall security posture.

 

Maturity Assessments and Roadmaps
Defining the current security profile to improve and target the intended goal state for security.

 

Gap & Readiness Assessments
Facilitating work sessions and reviews to determine next steps for compliance.

 

Penetration Tests
Testing systems as an attacker to highlight flaws and misconfigurations in a controlled manner.

 

Cyber Audits
Evaluating environments and systems based on defined controls, criteria, and requirements.

 

Cyber Due Diligence
Providing buy and sell-side analysis and support aligned to M&A strategy.

 

Social Engineering
Simulating fraudulent e-mails to assess human weaknesses in security programs.

 

Learn more about our cybersecurity services 

SUBSCRIBE TO OUR NEWSLETTER

Cyber Do's and Don'ts