“I knew that if I failed I wouldn’t regret that, but I knew the one thing I might regret is not trying.”
Rare SMS worm targets Android devices
- Perform an asset inventory of all company owned Android devices using company provided cell phone service. Your company should have a configuration management database to show which devices have which operating systems versions.
- Ensure anti-malware service is deployed on all company owned Android devices. If you have a mobile device management solution, enable the company webfiltering option where applicable and force the cellular devices to pass through the company webfilter/proxy before accessing the internet.
- Provide mobile device security awareness informing your employees not to visit pornographic sites. Also, instruct employees not to apps from unofficial stores
**If you do not have a mobile device management solution in a BYOD model, Stronly recommend users to install the security updates. Failure to do so may result in your employees devices compromising your company information and/or costing the employees or your organization a ton of money**
Adaptive Mobile Detail Analysis on
US CERT Defending Cell Phones and PDAs Against Attack
Most health care vendors earn ‘D’ in data protection, study finds
- Ensure your organization has a structure framework to address security. Frameworks provide a foundation to build effective security practices within an organization. Examples of frameworks include the National Institute of Standards and Technology Framework, International Organization for Standardization 27001, and Information System Audit and Control Association’s Control Objectives for IT.
- Ensures your organization has a plan for Information Security
- Provides direction for developing information security policies, procedures, standards and guidelines
- Ensures organizations have administrative, physical and technical controls to deter, detect and/or prevent malicious behavior
- Corporate leaders must establish a security debrief cadence with the information security teams. CSOs/CISO’s should meet with operational teams weekly to understand internal security risks. CSO/CISO’s should then meet with CFOs, CEOs, CIOs monthly or bi-weekly to communicate priority risks to the business. Executives should be prepared to provide feedback and decisions to the information security organizations.
- Material to be covered
- Current Risks (including potential severity and probability)
- Emerging Risks (including potential severity and probability)
- Plan to address Risks (Avoidance, Mitigation, Transfer, Acceptance)
- Monitoring Progress of Risk Handling
The Unlocked Back Door to Healthcare Data Report
NIST Cyber Security Framework
ISO\IEC 27001 Framework
PlugX RAT Armed With ‘Time Bomb’ Leverages Dropbox In Attack
- Evaluate the organizational risks for allowing users in your organization to use online document sharing sites such as dropbox, Google drive, Microsoft One Drive. Understand once the information leaves your organization you no longer have controls. This evaluation should include input from your core business leaders, the legal department and the information technology and security leadership.
- Make an organizational decision to whether or not you will allow users to store files on online document sharing sites.
- Ratify a data storage policy that explicitly addresses your directives for storing files on online document sharing sites.
- If you decide to disallow users to use online document sharing sites, you may want to consider blocking those sites on your web content filter appliance.
- Evaluate the total cost of ownership and return on investment for deploying tools that manage ShadowIT
Shadow IT Definition
CIO Magazine “How to Bring Shadow IT Under Control” Article
Trend Micro Blog Detailing PlugX RAT