By The Cyber Savvy Cafe
The podcast currently has 39 episodes available.
Ssn 2 Ep 15 Zero Trust Pt 3
Beyond the basic, foundational things you should already have in place, what’s the next thing you need to do to implement a Zero Trust approach to network security?
1:04: It starts with the regulatory requirements a company must meet, then layer in policies and procedures.
3:07: Every time a user wants to access resources, they are going to need to prove their credentials.
3:16: NIST has developed a standard for Zero Trust, 800-207, which lays out what an enterprise needs to do to meet the zero trust model.
4:58: Access to individual enterprise resources is granted on a per session basis and determined by policies.
5:42: This can be geographically related and can also be determined by the user’s normal behaviors.
7:25: Is AI involved in determining a user’s normal behavioral patterns?
8:07: What specific changes need to be made to the architecture of your network?
10:01: HR Management system, segmented on its own server.
11:38: Is zero trust accessible to most companies?
14:12: What is the first step in getting started with zero trust?
14:48: A managed services provider is a good first step in starting the documentation process, defining policies, pushing it through to the user community.
15:38: Getting the employees’ buy-in is important.
16:57: Begin to expand segmentation out to the workstations.
18:10: What level of importance would you rate this for companies to make this happen?
18:38: If you depend on technology and you have data that you don’t want sold on the dark web, you must take a look at zero trust.
18:48: A good service provider will help you with a logical roll-out plan
20:04: Make sure you think this through first, implement your policies, and then start rolling it out in a logical manner.
Zero Trust Architecture: https://www.nist.gov/publications/zero-trust-architecture
Your hosts: Rex Nance and Penny O'Halloran of East Atlantic Security, LLC @ https://EastAtlanticSecurity.com/
Voiceover Artist: Paul Kadach at www.voices.com
Ssn 2 Ep 14: Zero Trust, Pt 2
Cybercrime is projected to cost the world 10.5 trillion annually by 2025. Hackers are looking for the easiest targets, make sure you’re not one of them. Zero Trust is a layered approach to cybersecurity that structures your network so you can do just that.
Today's episode looks at foundational elements you better already have in place.
Show Notes:
:37: The big business of hacking
1:13: Why and how cybercrime has accelerated since the pandemic
1:42: Some of the reasons home workstations are vulnerable to cyber attacks
2:00: DNS filtering
4:07: The business cost of a cyber breach and some of the recent stats
4:20: Threat actors live on your network for 280 days before they’re identified
4:55: What happens when you’ve been hacked and held for ransom
5:55: EDR—Endpoint Detection Response
7:15: Some indicators of threat actors can have other causes
8:23: Cloud configuration—and how it can pose a risk
Business Cost of Cybercrime
https://cobalt.io/blog/business-cost-of-cybercrime
9:47: Cyber awareness training
11:05: What happens to the stolen data from random individuals on home networks
12:09: What happens to a company’s data
12:30: Encryption
14:25: Backups—a two-fold process for backing up to the cloud
16:07: Zero Trust is a much deeper dive than the foundational things we’ve talked about today.
Your hosts: Rex Nance and Penny O'Halloran of East Atlantic Security, LLC @ https://EastAtlanticSecurity.com/
Voiceover Artist: Paul Kadach at www.voices.com
Ssn 2 Ep 12: Zero Trust
Cybercrime is projected to cost the world 10.5 trillion annually by 2025. Hackers are looking for the easiest targets, make sure you’re not one of them. Zero Trust is a way of structuring your network so you can do just that.
Show Notes:
:42: An overview of Zero Trust
1:25: What is Zero Trust Network Architecture?
2:15: Make sure you know who is accessing your data and how and when
2:42: What is the normal way companies have their network structured? A look at flat networks
3:13: Bare minimum—segment your network
3:37: On premise servers vs. the cloud
4:13: Flat network example using email in a cloud environment—how is your data accessed and how easy is it to break in?
5:03: How a malicious actor can move easily around your flat network
6:07: Phishing attacks and other ways threat actors can invade your network, and how an individual might be targeted and attacked
7:15: Entry points: smart devices and other devices that are on your network—that may be infected with malware—and other entry points
8:37: What would a Zero Trust environment look like?
12:55: What happens if you don’t implement this? You’re going to get hacked and held for ransom. It’s not about if but when.
14:00: Is it enough to just segment your network?
14:39: But all this time I’ve never been compromised so what I’ve been doing must be good enough.
15:25: Hacking is big business-- probably reaching the trillions. Hackers are looking for the easiest targets.
https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/
Your hosts: Rex Nance and Penny O'Halloran of East Atlantic Security, LLC @ https://EastAtlanticSecurity.com/
Voiceover Artist: Paul Kadach at www.voices.com
Ssn 2 Ep 12
What's Up With the Chip Shortage?
You’ve undoubtedly encountered the shortage of microchip availability, as this has affected nearly every industry. In today’s episode we’re going to discuss how it happened, how long it’s going to last—and what you can do in the meantime.
Show Notes:
1:30: What caused the shortage?
1:57: Some of the issues that factored into the shortage.
3:06: How employee shortages compounded the shortage and how this snowballed through the supply chain.
3:30: How long is the shortage going to last and when can we expect it to start getting better?
4:35: How to make your phone last for another year.
5:15: Black Friday sales—did not extend to phones this year!
7:10: How to be first in line to purchase the few available devices and products
7:53: Purchased refurbished tech.
9:50: Take care of the items you have and repair rather than replace.
11:30: Best practices for taking care of your computers.
Your hosts: Rex Nance and Penny O'Halloran of East Atlantic Security, LLC @ https://EastAtlanticSecurity.com/
Voiceover Artist: Paul Kadach at www.voices.com
Ssn 2 Ep 11: Popular Techy Gadgets for Gift-Giving 2021
A look at some of the most popular tech-related gadgets, perfect for gift-giving.
23 Hottest Cool Gadgets That Are Going to Sell out This December
Your hosts: Rex Nance and Penny O'Halloran of East Atlantic Security, LLC @ https://EastAtlanticSecurity.com/
Voiceover Artist: Paul Kadach at www.voices.com
Ssn 2 Ep 10: Navigating the Holidays, Cyber-Safely
Cyberattacks increase during the holiday season--not just online scams and cyber theft but phishing attacks, as well (watch your inbox!). Awareness is the key to avoid becoming a victim.
Ssn 2 Ep 9: Guess Who’s Accountable
New regulations coming for cybersecurity providers: accountability, liability—and what that means for you.
Show Notes:
1:15: Discussion of new regulations that are coming for the managed services industry
1:40: What is the difference between MSPs and MSSPs?
3:10: How much trouble can you get into if you’re overselling your services?
4:30: Up until now, this industry has been without regulations
4:58: Service providers currently may not realize they don’t have the skill set required to work in this space
5:45: Other service providers and contractors have to go through continuing education and certification, but this has not been required for the managed services industry
6:48: Self-assessment forms from your cybersecurity insurance broker can help you determine what kind of cyber security measures you need to have in place
9:07: What kind of disclaimer should an MSP/MSSP have in place for clients who are refusing certain services: Signed Denial of Service letter
10:45: The importance for service providers to be aware of changing laws and regulations for their industry—keep breast of services that are no longer optional
12:12: Dept of Justice’s new regulations for MSP/MSSPs
13:46: Businesses may no longer be able to pick and choose what services they need
14:18: When filling out the questionnaires, don’t check “yes” if you’re not doing something
17:35: Special requirements and regulations for public or quasi-public companies
21:31: What’s the easiest way to keep your ear to the ground on changing regulations that will affect your business?
22:42: Current administration is pushing zero trust and Amazon’s offer of free security training
Links:
DOJ Vows to Prosecute Cybersecurity Fraud by MSPs, MSSPs and Government Contractors
https://www.msspalert.com/cybersecurity-markets/americas/doj-vows-to-prosecute-cybersecurity-fraud-by-msps-mssps-and-government-contractors/
Acting Assistant Attorney General Brian M. Boynton Delivers Remarks at the Cybersecurity and Infrastructure Security Agency (CISA) Fourth Annual National Cybersecurity Summit
Washington, DC
Wednesday, October 13, 2021
https://www.justice.gov/opa/speech/acting-assistant-attorney-general-brian-m-boynton-delivers-remarks-cybersecurity-and
Deputy Attorney General Lisa O. Monaco Announces New Civil Cyber-Fraud Initiativehttps://www.justice.gov/opa/pr/deputy-attorney-general-lisa-o-monaco-announces-new-civil-cyber-fraud-initiative
Amazon Security Training:
https://aws.amazon.com/security/amazon-security-initiatives/
Your hosts: Rex Nance and Penny O'Halloran of East Atlantic Security, LLC @ https://EastAtlanticSecurity.com/
Voiceover Artist: Paul Kadach at www.voices.com
Ssn 2 Ep 8: Bring Your Own Environment: Working From Anywhere And The Accompanying Security Risks
Show Notes
:30: Top Trends in Technology
1:18: Exciting opportunities for businesses that embrace a work-from-anywhere business model.
1:30: People can leave a larger city and live anywhere they want to
4:55: Bring Your Own Environment: Using a secure client that allows services to be accessed safely by all users
5:30: Blocks phishing attempts
6:05: Zero Trust Environment eliminates your physical space and enables working from anywhere safely
6:35: How can people go about setting up a client or VPN?
8:45: Hackers at the coffee shop can’t get in because you’re on your own separate server
9:04: Can all employees access shared equipment and/or each other’s devices?
11:20: A growing problem with VPN providers—not all are secure.
13:00: Statistics why mobile work environments support business growth
14:08: One challenge with mobile work environments—the loss of “accidental knowledge”
15:50: Coffee pot chatter and building relationships—how to make that happen in a remote work environment
18:42: Other reasons why remote working increases a business’ growth opportunities
19:25: Discussion of companies cutting employees’ salaries if they choose to work from home, and paying based on where you’re working (geographically)
Link: Technology Visions 2021
https://www.accenture.com/us-en/insights/technology/technology-trends-2021?c=acn_us_technologyvisiogoogle_11975584&n=psgs_0221&gclid=CjwKCAjwiY6MBhBqEiwARFSCPgfWPD84sS1hjxcS7HhUU1U8mc9mcaHIjgKlZRfcEHTah7DrxsCbRxoCyC0QAvD_BwE&gclsrc=aw.ds
Your hosts: Rex Nance and Penny O'Halloran of East Atlantic Security, LLC @ https://EastAtlanticSecurity.com/
Voiceover Artist: Paul Kadach at www.voices.com
Ssn 2 Ep 7: Will AI Replace Us?
With the exponential advances in AI technology, we can’t help wondering if one day our jobs will become obsolete. In today’s episode we talk about some of the issues surrounding AI and how to keep relevant in a rapidly changing work environment.
Show Notes
:45: Lighthearted discussion about self-driving cars.
5:25: Will AI replace us?
5:34: Predictions and discussions about AI tech from college professors.
6:50: Throughout time, technology has replaced people and will continue to do so: automation is the trend of the future.
7:24: Benefits of AI to business owners and forecasting for the future.
9:30: The biggest use of AI today is mined from social media, where large amounts of data are required.
10:19: Potential use of AI in the field of medicine and health care.
11:40: Looking at your industry and foreseeing what skills you might need to be developing now so you can remain employable.
12:24: The use of AI in screening job applications and resumes.
13:03: Technology has changed the face of business and we’re competing in a world-wide marketplace.
14:15: SWOT analysis: analyzing internal strengths and weaknesses and external opportunities and threats.
14:29: Paying attention to where your job is headed. Story about a company offering a voluntary severance package prior to layoffs.
16:30: Analyze your skill set; if jobs dried up in your industry, what industry could you transfer into—and diversify your skill set accordingly.
17:57: Brief discussion of the importance of soft skills vs. hard skills
Your hosts: Rex Nance and Penny O'Halloran of East Atlantic Security, LLC @ https://EastAtlanticSecurity.com/
Voiceover Artist: Paul Kadach at www.voices.com
Ssn 2 Ep 6: Don’t Die on Me Now!
You know the signs. The signs that your computer or mobile device is not going to last much longer--but you’re not ready to invest in a replacement. You may be able to get a little more life out of your aging devices and buy yourself some time!
Show Notes
:30: How can we get a little more life out of our devices?
:53: Hard reset: Resetting your phone to factory settings.
1:21: Make sure you run backups of all your important data first.
2:26: Clearing your storage and freeing up space. Make sure you delete the cache for your photo gallery—those files can remain for a week before being permanently deleted.
4:28: Operating systems and software updates are larger and larger and requires more memory and speed from aging hardware.
4:57: SSDs, and rebuilding your hard drive
5:40: Upgrade memory/RAM to 16GB
6:26: Defragmentation
7:17: Upgrading to an SSD and 16GB of RAM could possibly buy you another year.
7:47: Budgeting for new hardware needs to be an ongoing part of your long-term plan.
9:06: CCleaner for keeping the registry clean, clearing the cache, and keeping performance up
10:32: Be aware that if you frequently install and uninstall apps on your mobile device, that can degrade performance over time.
11:40: A rebuild will help clear out excess junk on your devices, quick overview of how to do that.
12:42: Windows Virtual Desktop, and how that can increase performance.
Your hosts: Rex Nance and Penny O'Halloran of East Atlantic Security, LLC @ https://EastAtlanticSecurity.com/
Voiceover Artist: Paul Kadach at www.voices.com
The podcast currently has 39 episodes available.