If you accept credit cards you need PCI compliance If you have health data then you need HIPAA compliance. A financial company gets many pieces of compliance which depends on what types of financial instruments you sell. You may need other types of compliance. Unfortunately PCI compliance does not require a backup of your critical … Read more
Are you ready for new year surprises? Why is it that 60% of businesses fail after a major Cyber attack? Spam Email – most attacks come in through well crafted emails (spear phishing) Social Engineering – An attacker can use 1 and 4 to call you to craft a sneaky method to get on your … Read more
The obvious angle(in 2018) is to applaud Amazon and chide Sears for the massive technological progress and stagnation respectively. Sure Sears did well in it’s day by pioneering catalogs and selling many things one does not think about right out of the catalog(houses and cars). But somehow when the internet technology came into being they … Read more
NIST 800-171 Compliance actually means DFARS Cybersecurity requirements must be met. The NIST 800-171 requirements have always vexed small manufacturers due to the specific wordiness, so the NIST (National Institute of Standards and Technology) has been trying to make this easier to understand with the following pdf: https://nvlpubs.nist.gov/nistpubs/hb/2017/NIST.HB.162.pdf This is an important paragraph: from pdf Executive … Read more
This could make many “thought safe” Wi-Fi routers not so Here is where paying attention to new attacks is important. hashcat.net has the information: This attack does not even need a full EAPOL 4-way handshake, EAPOL stands for Extensible Authentication Protocol(EAP) over LAN. A simple 4-way handshake is shown pictorially below (from hitchhikersguidetolearning.com) This means that … Read more