American Cyber Security Management is proud to announce its new service around Security Monitoring. As customers continue to enjoy our packaged offerings, like CISO and CPO/DPO as a Service, we have been able to design and implement our first true technical offering around the security monitoring needs of our clients.

The need for business environments to establish and maintain a currency around their security posture has never been greater. As criminal activities increase and the advances in technology increase by the threat actors, today’s businesses need to stay in front of these threats through proactive security monitoring methods and mature response capabilities.

So, how do businesses keep up with the threats? What technologies should the business invest in to reduce these risks? Who in the organization has the time and experience to ensure appropriate security monitoring is enabled and monitored? Where can the business find acceptable solutions at a reasonable price?

To help companies defend against the modern threats of today, American Cyber Security Management offers its Security Monitoring offering. The Security Monitoring offering is designed to provide security event monitoring at a fraction of the cost. The technology solution is coupled with a top-down asset assessment, monitoring policy updates, and board-level metrics.

ACSM’s Security Monitoring offering helps businesses understand their threats, defend against attacks, and create a visible set of metrics and alerts allowing the business to attend to more important efforts. As security programs require maintenance, like other business practices, ACSM’s Security Monitoring allows the appropriate level of executive visibility and management for the business to perform at a more risk-free rate. Learn more about ACSM’s security and privacy offerings at the link below.

American Cyber Security Management is a leader in data privacy, cybersecurity, and secure DevOps. Our mission is to help enterprises protect their data from internal and external threats. We offer on-demand assessment, implementation, and sustainability services that focus on GDPR readiness and compliance, risk reduction and mitigation, and application reliability, integrity, and security.    https://www.americancsm.com

As most businesses implement Work From Home capabilities, American Cyber Security Management (ACSM) wants to remind the workforce that security best practices still need to be followed. We recommend some basic efforts to help keep your systems secure while at home or working remotely.

During this pandemic, threat actors have ramped up their efforts to compromise emails, gain inappropriate access, and provide misleading information. Our own clients have seen a noted increase in phishing emails recently. We are also seeing U.S. national systems experience an increase of attacks.

Even the US Health and Human Services website was compromised:  (https://www.infosecurity-magazine.com/news/us-health-department-hacked/). 

Here are some basic precautions you can take while working at home:

1. Change the Default Password on your home router.
   1. Be sure to use a complex password of 10+ characters
   2. Also, specifically, if you are an Xfinity/Comcast user, be sure to disable the “Xfinity” default SSID. This default configuration broadcasts an Xfinity SSID and allows any Xfinity user to login to the access point through their Xfinity account and utilize your wifi system.
2. Continue to be diligent in not clicking on URL links in your emails. More phishing emails will be experienced during this time and employees need to be wary of the increase in this activity.
3. Once again, always discuss requests that come for “movement of funds”. Threat actors will continue to try to persuade employees to move and re-allocate company funds to a false account, especially for currently sensitive services like company travel or healthcare-related costs (e.g., facilities sanitation)
   1. Ensure the request is legitimate
   2. Check with the requestor directly – Video Conf, phone call
   3. Utilize fax numbers if you believe the email has been compromised.
4. When responding to emails, ensure correct emails are used. Just do a quick double-check that you are sending emails to the correct person. Check for malicious/false emails that may have been added to the email list.

Additional precautions recommended by the Center for Internet Security are (https://www.cisecurity.org/blog/5-network-security-remedies-for-telework/):

1. Practice smart password management and enable two-factor authentication (2FA) wherever possible.
   1. This includes accessing the administrative router/modem, Internet Service Provider (ISP) web portal, or a mobile app used for home network management. Anyone with the ability to access these platforms may be able to access sensitive information traversing the home network and modify critical security settings within the network.
2. Enable automatic updates for all routers and modems.
   1. Software updates are extremely important as new security flaws are constantly discovered. Simply installing updates from the device manufacturer mitigates many of these problems. This is best accomplished by enabling “auto-update” with the device’s administration page.
3. Turn off WPS and UPnP.
   1. Wireless Protected Setup (WPS) was initially designed as a user-friendly method for new devices to connect to a WiFi network. Unfortunately, it’s been found to allow attackers to connect to WiFi networks without permission. Universal Plug and Play (UPnP) is a network protocol suite that allows devices on a network to easily communicate but has been found to contain numerous and severe security flaws. Getting these two settings correct can have a large positive impact on home network security.
4. Turn on WPA2 or WPA3.
   1. Old and ineffective types of cryptography plague older network devices. Ensuring strong forms of cryptography are in use within home networks can thwart others from viewing sensitive information without authorization. At a minimum, configure WPA2 for home use.
5. Configure the router, or modem, firewall.
   1. Firewalls help prevent malicious network traffic attempting to enter a network from reaching specific devices. Firewalls generally come built-in to most home routers but they must be properly enabled.

American Cyber Security Management is a leader in data privacy, cybersecurity, and secure DevOps. Our mission is to help enterprises protect their data from internal and external threats. We offer on-demand assessment, implementation, and sustainability services that focus on GDPR readiness and compliance, risk reduction and mitigation, and application reliability, integrity, and security.    https://www.americancsm.com

American Cyber Security Management (ACSM) is offering its non-profit clients free critical services during the month of March and into April 2020. ACSM is aware that many non-profits, who are already struggling with IT, Security, and Privacy efforts, are depleted of internal resources during the current pandemic. As businesses try to enable their remote workforces and threat actors to increase their efforts in a time of crisis, it is more important than ever that security-first approaches be taken in order to safeguard business and customer data. ACSM is offering services for infrastructure security, network reviews, Business Continuity Planning and Disaster Recovery, control review and configuration, and other needed services to help safely enable the mobile workforce. ACSM is also offering its incident response services to help identify and control malicious behavior.

American Cyber Security Management is a leader in data privacy, cybersecurity, and secure DevOps. Our mission is to help enterprises protect their data from internal and external threats. We offer on-demand assessment, implementation, and sustainability services that focus on GDPR, CCPA, readiness and compliance, risk reduction and mitigation, and application reliability, integrity, and security. https://www.americancsm.com

As companies climb higher up the digital transformation ladder, they accumulate large amounts of data that may contain personally identifiable information (PII), a valuable asset to marketers… and cybercriminals. As data collection, storage, and processing continues to rise, threats to PII also increase.

To help mitigate these threats, California enacted a ground-breaking new privacy act last year – equivalent to EU’s GDPR. Not sure if your company is affected by the California Consumer Privacy Act and/or need tips on how to get compliant fast?

Register for this month’s webinar, with featured guests Nancy Free, Chief Compliance & Data Privacy Officer at Armor, and Carlin Dornbusch, President & CISSP at American Cyber Security Management!

Key takeaways include:

• Who’s affected by the new legislation and what CCPA entails from a legal and compliance perspective
• The impact CCPA has on all business, not just those directly affected
• Challenges of CCPA compliance and recommendations

Webinar: Privacy & Security: Preparing for CCPA Compliance

When: Wednesday, February 19 at 1 p.m. ET
*Armor is an (ISC)2 submitter. Attend to earn CPE credits!

Register Now!

Nancy Free, Chief Compliance & Data Privacy Officer, Armor

Nancy Free serves as the Chief Compliance and Data Privacy Officer at Armor. She is responsible for Armor’s data privacy mission and for the governance, risk, and compliance side of Armor’s security mission. With more than 20 years of experience in information technology and assurance, Nancy is a trusted advisor to Armor prospects and customers on GDPR, PCI, HIPAA (HITRUST), ISO-27001, and other privacy regulations and compliance frameworks, helping them understand the impact of these standards on their businesses. Nancy has implemented GRC and ERM programs for Fortune 500 companies within the transportation, energy, and retail industries, assuring compliance with many regulations and industry frameworks. Nancy is an active participant in local chapters of the North Texas Crime Commission (NTCC), Network of Executive Women (NEW), and Information Systems Security Association (ISSA), currently serving as Deputy Director of the North Texas ISSA Women in Security special interest group (WIS-SIG).

Carlin Dornbusch, CISSP, American Cyber Security Management

Carlin Dornbusch is an innovative leader in Cybersecurity and Data Privacy. His company, American Cyber Security Management, brings proven methods, best-in-class tools, and deep knowledge of data privacy and security standards to every client engagement. ACSM excels at creating custom privacy and security programs to meet the demands of modern threats and emerging compliance. Carlin serves as an IAPP Denver KnowledgeNet CoChair, ISSA Denver Special Interest Group leader, and an active member of the Cloud Security Alliance (CSA). Carlin also holds an active Certified Information Systems Security Professional (CISSP) certificate from ISC2.

Host:

Michael Mayes, Sr. Writer & Researcher, Armor

Michael Mayes is a senior writer and researcher at Armor in Richardson, Texas. His career in technology communications includes work with the Human Genome Project, handheld software during the Palm and Pocket PC era, blockchain development, and cybersecurity. He began his research in black markets in 2013 during a PhD year in professional and technical writing at the University of Memphis where he wrote on the early days of Bitcoin and its defining proof of concept, the Silk Road.