Security Company Aims to Provide Practical and Actionable Information in an Easy-to-Understand Manner

Minneapolis, MN –April 6, 2020 – SecurityStudio, the provider of simplified solutions to secure organizations, employees and individuals, today announces the launch of its K12 Cybersecurity Podcast. The podcast, hosted and created by SecurityStudio’s Principal Security Consultant, Ryan Cloutier, aims to provide timely, practical and actionable cybersecurity tips and advice in an easy-to-understand manner for the K12 audience.

“The K12 Cybersecurity Podcast is a passion of SecurityStudio’s and mine. By hosting this podcast, we’ll be able provide extremely practical information that’s easy for school administrators, IT staff and educators to act on. We want to avoid the tech jargon because, let’s be honest, it’s too much to take in,” said Ryan Cloutier, Principal Security Consultant at SecurityStudio. “Our mission with the podcast is to further awareness and protection for everyone.”

With a focus on risk and doing what you can to protect students and schools, K12 Podcast listeners will be able to enhance their security aptitude quickly and easily. Through discussions with top experts and thought leaders from the K12, higher ed, state and local government and information security, listeners will receive practical and actionable advice that’s easy to put into practice. At 20 – 30 minutes each, the episodes are designed to provide the right dose of security to keep listeners on their toes and safe from cybercrime. Initial discussion topics include:

  • Current events impacting K12
  • Information security 101 – discussed in regular words
  • How to prepare for ransomware
  • School board policy, IT Security policy, guidelines and procedures why are they different
  • Cyber-liability insurance

Do you have a topic that you want to discuss? Or would you like to propose an expert to join the discussion? Send your questions and suggestions to: Q4K12SEC@securitystudio.com

The K12 Cybersecurity podcast is a part of SecurityStudio’s mission to fix the broken information cybersecurity industry while serving those most in need of protection. The podcst is available on Apple Podcasts, Spreaker, Spotify, iHeartRadio, Google Podcsts, Castbox, Deezer, Podcast Addict and Podchaser.

About SecurityStudio

SecurityStudio exists to fix information security industry problems through simplification. The company understands that information security is not about information or security as much as it is about people. SecurityStudio empowers people to understand, measure and manage information risk by developing and providing simple tools and scoring systems that are cost-effective.

Media Contact:
Sarah Hawley
Mockingbird Communications for SecuirtyStudio
480.292.4640
sarah@mockingbirdcomms.com

Cybersecurity company puts mission before money to help people work from home safely

Minneapolis, MN – March 18, 2020 – The Coronavirus (COVID-19) pandemic is forcing organizations of all sizes to close offices and shift operations. In order to limit the spread and impact of the disease, employees are working from home in unprecedented numbers. It’s clear that information security must become a high priority at home, and SecurityStudio is committed to meeting this challenge head-on.

SecurityStudio is making available two first-of-their-kind tools at no cost, S2Me and S2Team.

S2Me is SecurityStudio’s personal information risk assessment tool. This unique tool is designed to assess, educate, and motivate home users to adopt good information security habits. S2Me will be available at no cost indefinitely. S2Team is SecurityStudio’s risk assessment portal that gives organizations unprecedented insight into employee information security habits at home without violating their privacy. S2Team will be no cost to all organizations for (at least) 90 days.

We’re in the midst of a perfect information security storm. First, people are justifiably preoccupied by the pandemic which makes them less likely to be paying attention to information security. Second, attacks are always more frequent during large-scale events like Coronavirus. Third, protections at home are not as well understood or managed, generally, as they are in a corporate setting,

Making our tools freely available is one of many efforts we’re undertaking to help people where it matters most. Our mission always comes before money, and right now our mission is to take care of each other by making sure people can work at home as prudently as possible.

Evan Francen, CEO of SecurityStudio

S2Me and S2Team were first introduced in mid-2019, and both tools have received strong customer support. The company is expecting to issue its latest gamified and mobile-friendly version of S2Me in Q2 2020. To learn more about S2Me, please visit https://s2me.io/. To learn more about S2Team, please visit https://s2team.io.

About SecurityStudio

SecurityStudio exists to fix information security industry problems through simplification. The company understands that information security is not about information or security as much as it is about people. SecurityStudio empowers people to understand, measure and manage information risk by developing and providing simple tools and scoring systems that are cost-effective.

Learn more at www.securitystudio.com

Media Contact:
Sarah Hawley
Mockingbird Communications for SecuirtyStudio
480.292.4640
sarah@mockingbirdcomms.com

At SecurityStudio, mission always comes first. Most significant to our mission is the well-being of the people we serve. That’s what information security is all about—it’s all about people. We often preach that information security isn’t about information or security as much as it is about people. If people didn’t suffer when things go wrong, then nobody would care.

Over the past few months, the rise of the coronavirus pandemic is something that’s gone terribly wrong. People are suffering, and we at SecurityStudio care. The reality in today’s world is that information security, privacy, and safety cannot be treated as separate issues; they are blended together and inseparable.

SecurityStudio must and will remain vigilant in doing all we can to serve each other and our customers as well as we are able.

Our organization has always been more than an information security consulting company; we are a partner with our customers. Partners are there for each other in times of need, and SecurityStudio is here for you now. Sadly, attackers will take advantage of the coronavirus pandemic for their own selfish gain. Attackers know that many of us are preoccupied, and they will strike at their most opportune time. I’m writing to assure you that SecurityStudio stands ready and to share how we intend to serve you during the pandemic.

In accordance with the most recent World Health Organization (WHO) and government advice, SecurityStudio will be taking the following precautionary measures to reduce risk to our personnel and our customers:

  • SecurityStudio offices will remain open; however, we have instructed all personnel to work from home whenever possible. SecurityStudio personnel have always enjoyed the advantages of being part of a mobile workforce, so this is no disruption to normal business operations.
  • If any SecurityStudio employee or employee’s family member recognizes even the slightest coronavirus symptom(s), that person has been instructed to seek medical attention as soon as possible and NOT come into physical contact with anyone until receiving clearance from qualified medical personnel.
  • SecurityStudio will conduct customer work remotely as much as is possible. If there are occasions when work cannot be done remotely (rare), SecurityStudio may postpone or delay the work for a time period necessary to ensure everyone’s safety. SecurityStudio will never encourage anyone (employee or customer) to do anything that they are not comfortable doing or something that may cause harm.

The most common services we get asked about during and after significantly disruptive events (including the coronavirus pandemic) are securing remote access, business continuity planning, disaster recovery planning, incident response, and risk management. We will be providing as much free stuff and writing as much content as we can for you in the coming days/weeks. If there is something specific that you would like to see from us, let us know!

Additionally, here are two resources that you might find helpful now:

  • The Centers for Disease Control and Prevention (CDC) Interim Guidance for Businesses and Employers
  • The free S2Me tool. S2Me is our personal information security risk assessment. With the increase in people working from home, personal information security is more important than ever. The S2Me tool helps people learn to protect themselves and their families better.

In closing, I want to thank you for the trust you’ve put in us as your information security partner. SecurityStudio does not expect any significant disruption in services during and/or after the coronavirus pandemic. The only significant change will probably be our inability to see you in person (for now).

Please contact us if there is anything we can do for you, including if you have any questions about the contents of this message.

Thank you and God bless,

Evan Francen
SecurityStudio CEO, on behalf of the SecurityStudio Team

Article by Evan Francen, CISM, CISSP, CEO of SecurityStudio originally appeared on Help Net Security

Spreadsheets are dumb. Okay, it’s not that spreadsheets are dumb, or that the people who use them are dumb. That’s not at all what I’m saying. What’s dumb is using spreadsheets to manage third-party information security risk. If I’m going to call something dumb, I’d better have some logic to back it up. Good thing. I do.

Read the full article

In the July issue of SECURITYSTUDIO News Brief, we bring you the top news and information about cybersecurity breaches across the globe. These not only have lasting effects for individuals and businesses, but also highlights the need for third-party risk management and tighter security protocols.

Employees Struggle

Third-Party Risk Management

  • New research shows more than one in 10 companies worldwide will lose more than $10 million after falling victim to a cyber attack. As a result, companies are boosting cybersecurity investments in the next fiscal year. Experts advise business leaders to pay close attention to the risks associated with their supply chain and partners, as they further increase the attack surface substantially.
  • A global survey recently revealed that IT managers are inundated with cyber attacks coming from all directions and are struggling to keep up due to a lack of security expertise, budget and up-to-date technology. As part of the report, only 16 percent of respondents consider supply chain a top security risk, exposing an additional weak spot.
World Computer Patch

World News

  • The cyber warfare threat is rising as Iran and China agree to a “united front” against the U.S. Experts claim this is the beginning of a cyber war between countries and the Cybersecurity and Infrastructure Security Agency (CISA) within the DHS issued a blanket warning about a recent rise in malicious cyber activity directed at U.S. industries and government agencies by Iranian regime actors and proxies.

Business Impact

Computer Patch Update
  • Many organizations around the world haven’t patched older Windows systems against the BlueKeep vulnerability that could let attackers take over devices. This is despite warnings from Microsoft, government agencies and cybersecurity companies. Many organizations may not know they have a system with the vulnerability.
  • With the 2020 election upon us, the Federal Election Commission ruled that a cybersecurity company could legally offer discounted services to presidential campaigns hoping to protect themselves from cyberattacks. Cybersecurity is on the forefront of this campaign, given the U.S. intelligence community’s warnings of Russia’s intentions to escalate its interference.
  • Apple has taken an extraordinary move and released a silent update to protect its users from a yet-to-be-disclosed vulnerability that could compromise Macs that have the Zoom video conferencing software installed. The silent update removes a clandestine web server Zoom installed in older versions of its software that can’t be removed through a standard uninstall process.
  • Security researchers have uncovered a new vulnerability in a Siemens software platform for industrial control systems in large critical infrastructure facilities, such as nuclear power plants. An attacker could gain access to these systems for espionage or cause widespread physical damage.

Personal Impact

Credit Card Phishing
  • A new type of phishing campaign is specifically targeting American Express card holders after attackers send a hyperlink as part of a phony account update. This phishing attack is different because instead of using a hyperlink to send victims to a malicious landing page, the scheme deploys an embedded “base href” URL to help hide from anti-virus and other security tools.
  • The largest health insurer in the Pacific Northwest, Premera Blue Cross Blue Shield, agreed to pay $10 million to 30 states after an investigation into a data breach that exposed the personal information of more than 10 million people. The breach was due to inadequate security measures that left its computer network exposed to a hacker.

SecurityStudio® is the easiest, most comprehensive information security toolkit to measure, mitigate and manage risk. Our goal is to help all organizations build and maintain a strong information security program. We do this by helping organizations understand the need for strong information security, identifying and prioritizing their risks and implement secure methods to address those risks. https://securitystudio.com

free information security risk assessment tool

Article by Evan Francen, CISM, CISSP, CEO of SecurityStudio originally appeared on Security Today

Some third-parties (or vendors) will think of every excuse in the book for not completing your information security risk assessment. The fact is, there are very few valid excuses.

In this article, I’ll cover a recent real-world example where a vendor used came up with no less than 10 excuses. It takes some creativity to come up with so many excuses for not completing one questionnaire!

We’ll take each excuse and address it with a rebuttal, one by one. Use this article as a reference for your own third-party due diligence.

The foundation of every third-party relationship is just that, the relationship. Relationships with third-parties are just like relationships between people. A good relationship is based upon mutual trust and transparency.

When someone in a relationship fails to provide clear answers to legitimate questions you have about the nature of the relationship, it should erode trust and force you to act.

This is especially true in a customer/vendor relationship where the customer is supposed to be the one in power. As a customer, you deserve answers, NOT excuses.

What better way to demonstrate a point than to use a real-world scenario? In this scenario, the vendor came up with at least 10 excuses over the course of nearly four months for not complying with their customer’s request. Ready? Here we go.

Read the full article

free information security risk assessment tool

In the June issue of SECURITYSTUDIO News Brief, we bring you the top news and information about cybersecurity breaches across the globe. These not only have lasting effects for individuals and businesses, but also highlights the need for third-party vendor risk management and tighter security protocols.

Third-Party Risk Management

Third Party Vendor Risk Management
  • Most organizations work with hundreds, if not thousands, of third parties, which creates new risks that must be actively managed. Although businesses know that managing third-party cyber risk is critical, a lack of continuous monitoring, consistent reporting and other blind spots are creating challenges that could leave organizations vulnerable to data breaches and other consequences.
  • According to the National Cyber Security Alliance, healthcare companies have increasingly become a target for hackers given the vast amounts of information collected and stored. Robust vendor management strategies are necessary as part of a comprehensive approach to cybersecurity.

World News

World News
  • Amid escalating tensions with Iran, the U.S. military cyber forces launched a strike against Iranian military computer systems. These cyberattacks targeted Iran’s Islamic Revolutionary Guard Corps computer system and disabled the computer systems that controlled its rocket and missile launchers.
  • The Kremlin warned that reported American hacking into Russia’s electric power grid could escalate into a cyberwar with the United States, but insisted that it was confident in the system’s ability to repel electronic attacks. The program, as described by current and former unidentified American officials, would enable an attack on the Russian power grid in the event of a major conflict between Moscow and Washington

Business Impact

Florida Data Hack
  • Attacks against municipalities continue as the city of Riviera Beach, FL, has agreed to pay hackers roughly $600,000 in bitcoin to end a ransomware attack that crippled the city’s IT infrastructure for nearly a month. Reports indicate it may have started when someone in the city’s police department opened a phishing email.
  • The Cybersecurity and Infrastructure Security Agency (CISA), the cybersecurity wing of the Department of Homeland Security, issued an alert regarding BlueKeep, which had used BlueKeep to remotely run code on a Windows 2000 computer. This means that the code can be used for more than just a denial-of-service condition, but can be used to remotely run code or malware on an unpatched computer.
  • A urology practice in Ohio and an eye care provider in Indiana are among the latest victims of ransomware attacks in the healthcare sector. The urology practice reported a revenue loss between $30,000 and $50,000 per day as a result of the attack. The ransomware attack in Indiana is listed among the 10 top largest breaches added thus far in 2019 to the Department of Health and Human Services HIPAA Breach Reporting Tool.

Personal Impact

Venmo Transactions
  • A computer science student, Dan Salmon, has been scraping Venmo transactions for the past six months to prove that Venmo’s public activity is not hard to obtain, even after last year, when a privacy researcher showed that Venmo needed to curb its privacy issue. The result is that seven million Venmo transactions were obtained by Salmon in this six-month period.
  • The personal data of more than 650,000 clients of Oregon’s Department of Human Services was compromised during a January data breach. The department announced in March that more than 350,000 clients had been impacted, but they were doing an investigation and had not finished yet. When the department completed the investigation this week, they concluded that the number of clients affected was much higher than the original figure released.
  • Cyber security experts have warned that strange invitations are showing up in people’s Google calendars as part of a dangerous scam to trick them into being attacked. Users could see their data or money stolen after clicking on a link to a URL included in the calendar event.

SecurityStudio® is the easiest, most comprehensive information security toolkit to measure, mitigate and manage risk. Our goal is to help all organizations build and maintain a strong information security program. We do this by helping organizations understand the need for strong information security, identifying and prioritizing their risks and implement secure methods to address those risks.

free information security risk assessment tool