Sage Advice - Cybersecurity Blog

Information Security Risk Policies

Once you’ve chosen a format and have started planning your Information Security Policy (ISP) documents, you must understand and document risk – a factor that will influence how you make decisions within the organization and develop your policy to its fullest potential.

Read More

Topics: Cybersecurity, Risk Management, Cybersecurity Awareness

Cyber-Risk, Meet Cyber-Resilience

Some five years back, Don Anderson, CIO at the Federal Reserve Bank of Boston, sat down for the first time with the organization’s chief risk officer. As the IT head of one of the Fed’s 12 regional banks, he was there to provide input on risk, as part of an initiative to create an enterprise risk management framework.

Read More

Topics: CyberCrime Symposium, Risk Management, Cloud Security

Why Your Personal Data is Valuable – and How to Protect It

Looking back at recent data breaches, it’s interesting to note that the largest breaches didn’t involve stolen credit card or social security numbers. Instead a myriad of personal information is being stolen in massive quantities. Why this shift? It’s just more valuable!

Read More

Topics: Threat Intelligence, Risk Management, Privacy

Formjacking is on the Rise – A Look at the Top Cyber Threats

Cybercriminals are driven by opportunity and go where the money is. As soon as the good guys figure out how to stop them, they’ve already figured out their next move. So, it’s no wonder that the cyber threat environment is constantly changing, and exploits continue to evolve and shift.

Read More

Topics: Malware, Risk Management

Why is Data Classification Important for Information Security?

Data classification is as fundamental a part of securing your organization's information as knowing what data you have and who can access it. It's the process of identifying and assigning pre-determined levels of sensitivity to different types of information. If your organization doesn’t properly classify your data, then you cannot properly protect your data.

Read More

Topics: Security Policy, Risk Management

Email Security – What Does the Future Hold?

Email completely changed the way we communicate and the way we do business. While it makes us more efficient, it comes with a cost. And that is the risk of a data breach. There are a myriad of studies that reach the same conclusion year after year. The majority of cyberattacks begin when someone clicks on a link in a phishing email.

Read More

Topics: Social Engineering, Risk Management

Why Email is a Cybersecurity Risk and How to Protect Yourself

Many successful cyberattacks start with someone clicking a link in an email. According to Verizon’s latest Data Breach Investigations Report, phishing and pretexting represented 93% of all social breaches they studied. And email was the most common attack vector (96%). But it’s impossible to imagine doing your job without email, so what can you do to mitigate some of the risk?   

Read More

Topics: Malware, Risk Management

Easy Tools to Help You Create Cybersecurity Checklists that Work

Documenting step-by-step processes that are easy to follow, repeatable, and transferable, is a great way to create institutional knowledge. It makes your organization more cyber mature, and therefore, more resilient. Checklists are one of the methodologies that you can use to make that happen.

Read More

Topics: Cybersecurity Culture, Risk Management

Checklists to Keep Your Cybersecurity Program on Track

It’s not unusual to encounter an organization that is using practical knowledge, a.k.a. tribal knowledge, to operate. Practical knowledge is what each individual professional knows in-practice and is able to perform, but isn't really documented anywhere. It may be about how hardware is configured, how applications are designed, or in some cases, it involves information about historical decisions. The issue with tribal knowledge is that it disappears from an organization when people move on.

Read More

Topics: Cybersecurity Culture, Risk Management

How Checklists Can Improve Your Cybersecurity Program

Checklists are a great tool for keeping us on track. Surgeon Atul Gawande argues in The Checklist Manifesto: How to Get Things Right, that the simple checklist – perhaps one of the most basic organizational tools — can improve the effectiveness of teams and individuals performing complex tasks. When his team introduced a two-minute checklist to eight hospitals as part of a research study in 2008, deaths were reduced by almost half.

Read More

Topics: Cybersecurity Culture, Risk Management