The US Postal Service announced that a breach discovered in mid-September may have compromised the SSN and other personal information of more than 800,000 employees.  It also states that information on callers to the USPS call center may have been compromised as well. 

The government of China is currently the prime suspect in the hack.  At some point these hacks are going to escalate into a full blown cyberwar.  It’s only a matter of time before the cyberwar division of a foreign government hits pay dirt.  The president is in China this week. How will we respond?  Will it be addressed?  Guess we’ll have to wait and see.

One of the most overlooked information security practices is the shredding of handwritten notes.  Part of our ethical hacking engagements, also known as penetration testing, is trying to discover information about the organization or system through its users.  This practice of social engineering is a core component to an ethical hacking exercise.

Many organizations have trained their employees to shred PHI, PII, PCI and other P – whatever-I that gets printed out.  What we find though is that many organizations have tons of valuable information that is handwritten but never destroyed.  During social engineering tests, these handwritten notes can often be found in various trash or recycling bins.

Read more: Social Engineering Tip #43 - Shred All Handwritten Notes

October is National Cyber Security Awareness Month.  We at Integrity partner with the National Cyber Security Alliance to help promote information security awareness both at work and at home.  Take a minute to check out the Stop. Think. Connect campaign and the Stay Safe Online campaigns put together by NSCA.

http://www.stopthinkconnect.org/

http://www.staysafeonline.org/

Do your part in keeping our children safe online.  Teach them how to protect their identity and data by using smart tips that kids as young as 5 can learn.  Cyber security education works best when parents help their children learn about cyber security.  There are multitudes of resources available.  If you need help, just contact us and we’ll provide free resources you can use to help teach your child about safe online habits. 

The Des Moines Chapter of the Information Systems Security Association (ISSA) hosted the 3rd Annual Secure Iowa Conference on Tuesday, October 7th.  There were more than a hundred information security, risk management, audit and compliance professionals on hand for the event.  It continues to grow each year.  As the chapter president, I’m proud to say our chapter is helping to build a strong and vibrant information security community in Iowa with this conference.  Integrity is a proud sponsor of this event each year and we believe it is an important step to helping Iowa become a leader in providing a quality information security workforce.

The ISSA chapter started this conference in order to provide much needed networking and educational opportunities to information security professionals across the state of Iowa.  While Integrity has sponsored this event each year, there are many others such as Varonis, Rapid7, OneNeck, Lightedge, Palo Alto Networks, Torus Technologies, Shazam, Fishnet Security and Alliance Technologies whose sponsorships made this year’s event a success.  Many thanks to all involved and we’re already looking to reaching great heights in 2015!

 

I started my career in the network engineering and network administration field.  I held lots of those technical certifications from the likes of Microsoft, Novell and Cisco.  I thought I was pretty smart.  And in truth, I was.  I knew how to build a stable and reliable network that could support thousands of users across large geographic regions.  I could implement access control lists on firewalls, routers and switches.  I could provide access to resources with Active Directory or Novell Directory Services and restrict access like nobody’s business.

Problem was, I was too close to it.  I missed some of the security details because I had the same view every day.  Once I started to focus on security, I quickly realized that I was missing some design principles that could enhance the security of the system.  That’s when I decided to focus on just security.

Read more: Application Developers and Network Admins Need to Stop Pretending to Be Security Experts

Over the past several weeks, the team at Integrity has been called upon to investigate multiple data breaches.  During our investigation in the hacked organizations, these data breaches had the following item in common.  Each had firewall rules that were far too liberal and allowed attackers to easily access systems.  Each organization was hacked because a basic information security best practice was not followed.

Read more: Firewall Rules Are Key to Data Breach Protection

By this time you all know that Home Depot was hacked.  Many of you may be asking why I didn’t cover this in an earlier post.  The primary reason is that I didn’t want to add a bunch of fuel to a fire that was already burning hot.  I’ve read some posts from people hitting Home Depot for not giving any real details and not confirming there was a breach right away.  How could they leave us hanging?

Read more: Home Depot Approached Their Data Breach Correctly

Contact Information

Birmingham Office

205.568.5506


Des Moines Office

515.965.3756


Kansas City Office

913.991.8724