Quick Answers to Frequently Asked Questions about Cybersecurity
In today’s digital landscape, cybersecurity isn't just a buzzword - it's a critical pillar for business success. We're tackling the big questions that keep your online presence secure. From the pivotal role of a Chief Information Security Officer (CISO) to the intricacies of network segmentation and encryption, we’re here to guide you through the complex world of cyber safety with clarity and expertise.
What is a CISO?
A Chief Information Security Officer, typically the senior most executive focused solely on cyber security
What could be considered Protected Information?
Any information that is not public or is considered confidential / sensitive. This information remains private for the sake of the company and the protection of those connected to it (Ex: PII, PHI, PCI, Intellectual Property).
Why is Network Segmentation important?
Network segmentation divides a computer network into smaller parts with the goal of improving performance and security. You can decide who gets access to what segments, and even how much they can do within those segments. If an attacker releases malware on your network, but you have your network segmented, it’s much harder for that malware to spread.
What’s the difference between encryption in transit and at rest?
Encryption is about converting information into a secret code to obscure the original content, preventing unauthorized access. But is your information encrypted at all times? Bad actors are no longer just going for what’s on your hard drive, they can grab what you send over the web. When we ask if your information is encrypted “In transit,” we are asking if you keep files encrypted while they are moving (Ex: sending emails or copying files across a network). “At rest” means keeping your files encrypted while they are stored on your devices and systems.
What is Data Loss Prevention?
Data Loss Prevention (DLP) is software that helps identify and prevent non-public or sensitive information from being shared, transferred, or used insecurely.
What is Privileged access or a Privileged account?
Privileged Accounts have “privileges” beyond what a regular business user needs to perform their day-to-day activities. (Ex: direct database access, RDP access to a server, ability to create domain accounts, or local workstation administrative rights).
What are Physical Controls?
These are protections that prevent unauthorized physical access to systems (Ex: security cameras, gates, locks, fire protections).
Why do I need to train my employees on Phishing so often?
Phishing scams often show up as an email with a malicious intent to gain sensitive information or monetary gain. They have a malicious link leading an employee to a fraudulent login page to harvest their credentials or an altered invoice to have money sent to the wrong account.
Human error is always going to be a weak point attackers exploit. But you can keep your employees sharp with regular Security Awareness Training. A program that educates your employees on good cyber hygiene and company policies. This includes conducting phishing campaigns and providing educational material to your employees.
What is an Endpoint?
An endpoint can be any physical device that connects to your computer network (Ex: phones, computers, servers, cameras).
What is a Next Generation Antivirus (NGAV)?
NGAV is an advanced threat protection software that looks for the symptoms of malicious behavior instead of just known malware.
EDR vs. MDR? Endpoint Detection and Response compared to Managed Detection and Response
EDR is a program that runs on all your endpoints (laptops, desktops, etc.). It detects, responds, and prevents advanced malware and ransomware, this is more advanced than your typical basic anti-virus (Ex: Crowdstrike, Carbon Black, Endgame, CyberReason, Symantec Endpoint, etc.). MDR is a cybersecurity service where a team of 3rd party experts manage your EDR platform on your behalf, 24/7.
What is Security Information and Event Management (SIEM)?
SIEM is a software that collects user and system data for real time analysis to improve security posture and support security teams.
What makes a Zero-day vulnerability so dangerous?
A zero-day vulnerability is a vulnerability that developers have had “zero days” to prepare for. No one was capable of mitigating or fixing it as it was unknown beforehand.
How do I know if my devices and software are what you call “End-of-life?”
Your devices and software reach the end of their life when they have lost the support of their developers. The technology is outdated and no longer receives updates or patches, making it vulnerable to new attacks and exploits (Ex: Windows 7 no longer receives updates from Microsoft).
What is a Sender Policy Framework (SPF)?
SPF is an email authentication methodology that helps to identify the servers that are allowed to send emails for a domain. What is Domain-based Message Authentication Reporting and Compliance (DMARC)? This tells the receiving server what to do with messages from your organization that aren’t authenticated using SPF and/or DKIM.
What is DomainKeys Identified Mail (DKIM)?
DKIM is an authentication protocol that detects forged sender addresses with the help of digital signatures.
What is Multi Factor Authentication (MFA)?
MFA requires you to have multiple ways or “factors” to prove it’s you who’s logging in. MFA requires at least 2 factors, there are 4 factor types: something you know (password), something you have (access card), something you are (fingerprint), somewhere you are (physical location). The use of MFA is applied to all Internet facing systems and internal privileged user access. (Ex: “you know” Password, “you have” MFA mobile app, “you are” thumbprint).
What is Least Privilege?
The principle that a person or device only has access to what is NEEDED to do their job. For people, this means minimizing user rights and clearance levels, especially on devices and your network.
What are Vulnerability Scans?
Vulnerability scanning is the process of discovering, analyzing, and reporting on security flaws and vulnerabilities. Scanners are used to identify potential risk exposures and attack vectors across an organization’s networks, hardware, software, and systems.
What is Penetration Testing?
Pen testing is an authorized simulated cyber-attack performed by ethical hackers usually outside the company. This can help you find cybersecurity weaknesses from an outside point of view.
What does Immutable mean?
Unable to be changed.
What is a Recovery Time Objective (RTO)?
In the event of a technical disaster, how long does your organization have to get back up and running before you start taking significant financial losses? A Recovery Time Objective is the maximum time allowed for restoring an application, system, or network after an interruption. The answer can be different for each organization, but having a goal you can work towards is better than working and having no goal at all.
What does Vendor Management entail?
Vendor management entails evaluating the security posture of your business partners and suppliers. This can help your organization understand the risks (especially cybersecurity risks) in working with a certain company.
What does Cyber Insurance cover?
Cyber insurance provides financial protection against the expenses and liabilities resulting from incidents such as data breaches, network security failures, system outages, or cybercrimes. Examples of covered expenses include costs for forensic investigations, notifications, identity theft monitoring, data restoration, loss of business income, extortion demands, system damage repairs, legal defense, compensatory damages, pre- and post-judgment interest, court-ordered settlements, Payment Card Industry (PCI) fines, and regulatory penalties.