1576 Sweet Home Rd, Buffalo, NY 14228

The SANS institute and NIST establish password expiration is no longer effective

The SysAdmin, Audit, Network and Security (SANS) institute and the National Institute of Standards and Technology (NIST) has made it clear that password expiration is a dying concept.  Password expiration had its time and place, but now its time for it to fade out of our security awareness practices. View the link below for more …

NIST has spoken! Death to overly complex and ever-expiring passwords!

The National Institute of Standards and Technology (NIST) has made it clear that highly complex passwords should no longer be the standard practice.  Organizations should begin instituting long passwords/passphrases without complicated complexity requirements. View the link below for more information regarding password complexity Death to Complexity, Long Live the Passphrase

FBI warns of COVID-19 Email Phishing Against US Healthcare Providers

Following a global increase in malicious cyber activity exploiting fear derived from the COVID-19 pandemic, the FBI was notified of targeted email phishing attempts against US-based medical providers.  These phishing emails leveraged content relating to COVID-19 to mask and distribute malicious attachments to US healthcare providers.  The FBI recommends companies targeted by a phishing campaign …

FBI Sees Rise in Fraud Schemes Related to the Coronavirus (COVID-19) Pandemic

An Internet Crime Complaint Center (IC3) PDF warns individuals that scammers are leveraging the COVID-19 pandemic to steal your money, your personal information, or both.  Protect yourself and do your research before clicking on links purporting to provide information on the virus; donating to a charity online or through social media; contributing to a crowdfunding …

The NYS Shield Act

In 2019, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act).  The SHIELD Act expands data security and breach notification requirements to cover all businesses that collect private data from New York residents. Breach Notification Changes Notifications now must be provided to any New York …

National Women’s History Month

Happy #NationalWomensHistoryMonth from our CEO Holly Hubert, CISSP, CISM, CGEIT, CRISC. Hubert spoke at Buffalo Business First Mentoring Monday event. The event highlighted over 40 different bizwomen mentors and mentees…truly an amazing day to engage with such exceptional women. Thank you Michelle Cioci, Donna Collins, and John Tebeau for hosting the event.

What Makes a Strong Password?

What makes a password strong? They need to be long and complex to create a uniqueness about it that will be hard to crack from the hacker’s standpoint. Password requirements are getting more in-depth, below is a list of best practice requirements that are needed for a secure password: 1. Do not input any login, …

Cybersecurity Tips

Did you know that cyberattacks are becoming the biggest threat to the US financial system? Cybersecurity is everyone’s job. Ensure all employees are aware of the significant role they play in keeping your organization secure with GlobalSecurityIQ’s custom educational programs for boards, management, and employees on a broad spectrum of security topics. Breaches can impact …

Starting Your Cybersecurity Program…

The cybersecurity space is so “wide“ that practitioners in the field also often confuse the conversation by conflating terms like Vulnerability Assessment, Vulnerability Scan, and Penetration Test. We have many clients call for a “Penetration Test” what they really need is a fundamental assessment of their cybersecurity posture relative to risk and vulnerabilities. Any new …

Is your business a good candidate for a Penetration Test or a Vulnerability Scan?

Vulnerability Scanning vs. Penetration Testing Vulnerability scanning and penetration testing are both technical assessments that provide useful and often very detailed information about the security of your computing environment. Although these two assessments have a lot of similarities and are often used interchangeably by those outside of the cybersecurity realm, they are actually quite different. …