Privileged Account Onboarding: Are You Asking the Right Questions?

In 2020, there are a host of privileged access management (PAM) tools available, each with their own set of cool features. But the success of your PAM solution implementation isn’t solely reliant on the PAM provider you choose, but also on how your organization defines and views PAM. Regardless of which PAM platform(s) your organization chooses to deploy, there are many factors to consider when establishing deployment deadlines. Those factors include: What does the term “privileged account” mean in my organization? Is that definition consistent across all business units with privileged accounts? How many privileged accounts exist in the enterprise environment? Do you know? How confident are you in that number? How will this tool impact day-to-day activities? Do I have leadership buy-in for the implementation of this tool? What if I lose access to this tool? Are there tested/effective break-glass procedures? In this post, we will look at how to define PAM within your business, how to identify and categorize privileged accounts, how to prioritize privileged accounts, and how to build your roadmap to PAM success.

4 Free Cybersecurity Awareness Email Templates To Use at Your Company

Check out our Covid-19 cyber awareness email template here.  The 2019 Verizon Data Breach Report identified phishing as the number one cause of data breaches and the most disruptive type of cyberattack. These schemes are common because:   They're easy. Even novice criminals can execute a phishing scheme. They're flexible. Email schemes can be used to deliver malicious payloads (like ransomware), steal user credentials, steal crown jewels data, and instigate phony wire transfers. They're valuable. Phishing schemes cost companies well over half a billion dollars each year in fraudulent transactions, lost data, revenue, and productivity. We're really bad at stopping them.  They prey on our "click first" mentality and the onslaught of emails we skim through a daily basis.   The First Step of Cyber Awareness... communication. Regular, consistent, and informative communication. Everyone (yes, every. single. person.) in your organization needs to know what hackers are trying to do, and what role they can play in stopping them. We often get asked for tips on communicating with employees about these topics - from ransomware (a top concern after WannaCry) to basic phishing to password best practices. So, in that spirit, we've decided to bust our cyber awareness email templates out of the vault, and post them here for you to use in your organization.

Recent Data Breaches and Increasing Standards of Care Requirements

Last year, there were over 2,000 confirmed data breaches. While most breaches highlighted in the media occur at large, well-known companies, those that happen at smaller companies can still have a devastating impact on consumers and result in severe consequences. Two unrelated web-based companies, i-Dressup and ClixSense,  each failed to provide reasonable data security at their respective organizations, enabling hackers to steal personal information, including social security numbers and IP addresses, of over 12 million consumers combined. These companies recently reached separate settlements with the Federal Trade Commission (FTC), both of which included fines and new standards of care requirements around cybersecurity.      In Part 2 of our series tracking popular settlement actions and court cases, we’ll take a closer look at the data breaches at i-Dressup and ClixSense, the settlement orders issued by the FTC, and what lessons others can learn and apply from these incidents.

Gary McIntyre

Gary McIntyre is a Director with Focal Point’s Cyber Defense practice and brings over 19 years of experience focused on information security with a specialization in the end-to-end design, deployment, and operation of Security Operations Centers.

Cyber Maturity Assessment

Benchmark your cybersecurity policies, processes, and technology against leading standards and gain actionable insights for maturing your program.

Veterans and Reservists at Focal Point

Focal Point actively seeks to hire veterans, reservists, National Guard members, and military spouses and to provide them with opportunities to advance their careers in cutting-edge technical fields like cybersecurity, identity and access management, IT strategy, data privacy, and audit and compliance.

Privacy Maturity Assessment

Benchmark your privacy policies, processes, and technology against leading standards and gain actionable insights for maturing your program.

What You Should Know about NIST’s New Privacy Framework

A recent Cisco study found that 80% of consumers are willing to act to protect their privacy, saying they would spend more time and money to do so and that they consider it a buying factor. Nearly half of these respondents also indicated that they had switched companies over data privacy policies or data sharing practices. Privacy is no longer just about regulatory compliance – it has become a critical part of doing business and a competitive differentiator for many organizations. More organizations are seeking to implement privacy policies and programs that protect consumer data and give consumers control over their data, while still meeting business needs. But this is not any easy goal to accomplish. New technology, shifting business needs, and multiple, sometimes disparate, privacy regulations like the GDPR and the CCPA all add layers of complexity to this challenge. To help organizations address this, NIST announced its plan to develop a privacy framework based on the structure of its Cybersecurity Framework (CSF) in 2018. After a year of collaborating with businesses, government agencies, academics, industry experts, and non-profits, the preliminary draft was released for feedback in 2019. Finally, in January 2020, Version 1.0 of the NIST Privacy Framework: A Tool for Improving Privacy though Enterprise Risk Management was published.
News Article

Focal Point Grows IRM Practice, Adding Top Big 4 Expert

Focal Point adds former Big 4 expert David Graff to lead Integrated Risk Management services. Graff will consult on leading IRM technologies.
New Search