Incident Response Training in 50 Minutes

NYSTEC presented on Incident Response at the 2019 NYS Cyber Security Conference.  Below is the session description and the slides.  The presentation was done in Prezi so the PDF has some repeated slides due to the way Prezi works.  Enjoy and reach out with any questions.

Cyber Defense

Cyber Incident Response Planning – In 50 Minutes

Paul Romeo, NYSTEC

Robert Zeglen, NYSTEC

In today’s threat landscape, it is not a matter of if, but when, your organization will need to respond to a cyber incident. Hold off on buying that shiny new expensive security tool until you learn just how effective your incident response capability can become, simply by implementing the appropriate processes, procedures, and configurations into your existing environment. When it comes to incident response, communication and preparation are everything, because there may not be time to react properly, as things are moving too fast when an incident happens. In this session, we will cover the full incident response life cycle and share with you simple steps to immediately prepare your organization to respond to an incident effectively. We will share best practices and freely available resources that you can use to prepare. It is our goal that after this presentation, you will return to your organization with an approach to plan to prepare your organization in how to respond when a cyber incident happens.

Incident Response Training – NYSTEC NYS Cyber Security Conference 2019

How to Protect Your Organization from Ransomware

Stack of Golden Bitcoins

By Randy Wheeler, NYSTEC Information Security Consultant

One thing is certain in 2017: the threat landscape continues to increase at an exponential rate, and so do the business risks. In my opinion, one of the biggest threats—with the greatest level of impact—is ransomware.

Continue reading

Are You a Target for Hackers?

Protection concept: arrows in Shield With Keyhole target on wallBy Bruce Barnett, NYSTEC Information Security Consultant

Let’s be honest:  everyone who has a computer is a potential target for cybercriminals, but not all targets are equal.  How much effort a hacker may be willing to expend to compromise your account or your computer depends on what your information is worth.  Continue reading

Is it Phishing?

Have you ever received an email from a company that you would have sworn was a phishing scam (a method of online identity theft and virus spreading) — and yet wound up being completely legitimate? In an age of increasing cybersecurity, customers are becoming more wary of potentially fraudulent email messages. And yet, when companies take pains to  make their email notifications more secure, the end result can be a suspicious-looking (but safe) email.

How can companies send their customers email securely without sacrificing user-friendliness? This article from Lenny Zeltser looks at the challenges in “How to Send Customer Emails That Don’t Look Like Phishing.”

The link to this content is provided because it has information that may be useful. NYSTEC does not warrant the accuracy of any information contained in the link and neither endorses nor intends to promote the advertising of the resources listed therein. The opinions and statements contained in such resources are those of the author and do not necessarily represent the opinions of NYSTEC.

Hashed and Salted and Peppered, Oh My!

Security breaches are becoming a fact of life. We may be tempted to just discard a company’s official notification about a breach, especially when it’s couched in legalese and technical terms. But it’s worth reading such notifications so that you can determine what the company did to protect your information—and what actually happened to cause the breach. Continue reading

Biggest-Ever Hack of User Data

catena d'oroRemember that cybersecurity breach Yahoo announced back in September 2016, reporting that 500 million user accounts had been hacked two years earlier? Earlier this week, the company outdid itself by reporting it also had been breached (in what seems to be a separate attack) in August 2013—and 1 billion accounts were compromised.

Continue reading