This is a post with post format of type Link

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim.

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus.

This is a standard post format with preview Picture

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus.

Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim. Donec pede justo, fringilla vel, aliquet nec, vulputate eget, arcu. In enim justo, rhoncus ut, imperdiet a, venenatis vitae, justo. Nullam dictum felis eu pede mollis pretium. Integer tincidunt. Cras dapibus. Vivamus elementum semper nisi.

Read more

Postformat Gallery: Multiple images with different sizes

Nullam dictum felis eu pede mollis pretium. Integer tincidunt. Cras dapibus. Vivamus elementum semper nisi. Aenean vulputate eleifend tellus. Aenean leo ligula, porttitor eu, consequat vitae, eleifend ac, enim. Aliquam lor

Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem.

Read more

Another title for our pretty cool blog

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus.

Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem.

Read more

Small Biz Cybersecurity 101

When I began my work in the cybersecurity space many moons ago my friends and family always asked, “do I need to worry?” My response at the time was, “unless you’re a millionaire, politician, or celebrity, don’t worry about it.” Well, unfortunately, times have changed and we all need to worry about it.

Now some of my friends who own small businesses are asking two different questions. “Do I need to worry about security for my business?” Or, “my clients are asking what security policies and procedures do I have in place. What do I need to do?” That second question tends to come with some panic.

Small to medium sized businesses, in any industry or vertical, absolutely need to be concerned with cybersecurity. It’s a fact of life these days. It’s unfortunate because there are so many other things we need to worry about to keep our businesses afloat and successful, but cybersecurity is also an important consideration. And now more than ever clients and customers are demanding their vendors and partners have adequate security. There’s good news, though: doing the fundamentals of cybersecurity is not that hard or expensive. It’s really not! And satisfying those vendor questionnaires is possible without spending millions of dollars.

Chances are you already have a firewall and anti-virus software in place, which is great — but you also need to go one step further. There are a few fundamentals that are just as important as well. By implementing these fundamentals sooner rather than later, you are more prepared for your company’s growth, which of course comes with even more risk. And, as you grow, you evolve from a “nuts and bolts” security strategy with an emphasis on the fundamentals to a more robust and “enterprise grade” program.

There are a bunch of stats that support this. Here’s one that gets a lot of traction: more than 55%of small businesses got hacked in 2016! This is according to the 2016 State of SMB Cybersecurity Report by the Ponemon Institute. This number is likely much, much higher though – for example, many companies don’t report that this occurred while others might not even know they’ve been a victim.

So, what do you need to do?

First, you need a security policy. You most likely have a company policy or handbook of some sort. Start by implementing security into that. The policy needs to address a few things at a minimum: password procedures, how to handle sensitive data, backing up and updating systems, who has access to what, even physical security can be included. Small companies need to address these issues just as much as the big guys do. And once you have the policy, you need to follow it. That sentence is important! A security policy is the foundation of your cybersecurity efforts.

Second, you need to test your network for holes. They exist – and they can create easy access for hackers. Once the holes are found, they need to be plugged. If you have computers connected to the internet, they are on a network – this means that they are potentially accessible to anyone on the internet. It’s not difficult to ensure your network is safe at smaller organizations – you just need to look for the issues and close them. Vulnerability assessments can be conducted to do this. It’s likewise not expensive to do this, so it’s a really useful starting point.

Third, you need to make every single one of your employees aware of cybersecurity. This means they need to know how they can be safe when at work and at home, when sitting at a computer or on their phones. This may be the most important aspect of security. “Don’t click on any links!” We have all heard this a million times. Suspicious links are important of course, but they are not the only things we need to worry about. Continually train your employees (and yourself!) on the dangers that exist. New dangers and scams pop up every day. Be prepared. This can also be done very simply and inexpensively!

This stuff isn’t hard! It does however take some discipline to make sure that you do it and are keeping on top of it. Much like you change the batteries in the smoke detectors in your house, safety sometimes requires some upkeep. Also, don’t just assume your IT person or IT service provider is doing this stuff. They may be… but unless you specifically ask you won’t know for sure (trust but verify). Annnnnd just because you’re in the cloud, that doesn’t mean you’re fully protected either.

If you made it this far and would like a free assessment to determine if your current IT security program is doing what it needs to, contact us at info@saltcyber.com or click here. We will be honest and not sell you on stuff you don’t need. And if the case may be that you really don’t have much risk we will give you milestones on when you should start thinking about it.

Penetration Tests – 8 Questions With Security Expert Kevin Johnson

Kevin Johnson is the CEO of Secure Ideas, a Jacksonville security-consulting and penetration testing firm. Along with being a security expert with many years in the industry, he’s a great guy and a HUGE Star Wars fan, and a member of the Imperial Guard at The 501st Legion. We asked Kevin about Penetration Testing, an important exercise in the cybersecurity world and a term often recognized but not understood.

What is a penetration test?

A penetration test is basically a look at your environment, systems and applications from the perspective of a bad guy. When we run these assessments we are putting on our black hats and trying to figure out where your defenses and controls are weakest. The test also allows us to evaluate how well your organization responds to an attack and what risks are most important to fix.

What is a pentest not?

It is not a way to find EVERY problem or vulnerability within your network and applications. That requires a combination of vulnerability assessments and security reviews.

Why are pentests important to businesses?

If we don’t know what the issues within our systems are, how is it possible to fix them? We need to be able to judge our risk and act accordingly.

Do small businesses need to conduct pentests?

Absolutely. Especially if they accept credit cards or deal with sensitive information such as medical records.

At what size (revenue/employee/or other benchmark) do companies need to start thinking about conducting pentests? Or what business type?

There is no specific size or revenue. All companies doing business need to evaluate risk and perform some form of testing. This is required by many things including PCI-DSS, HIPAA and contracts with partners and customers.

If a business isn’t ready for a pentest, what should they be doing?

Often the first step is to implement regular and in-depth vulnerability assessments. This allows for an understanding of where the problem areas exist. I would also seriously consider a gap analysis or security review to kick off a project.

What’s your favorite part about working in the exciting world of cybersecurity?

Every day I learn something new. The entire IT world changes over night, the attackers find new ways in and our systems keep improving. It’s a challenge, but a great one.

What’s your favorite movie, other than anything related to the Star Wars franchise?

I think I would have to say Boondock Saints.