onShore Security

Because Security Gives Us Freedom.

Learn How the Segregation of Duties Minimizes Cyber Security Risk

By

Segregation of Duties

Segregation of duties, and specifically segregation of cybersecurity management duties, is a practice that helps mitigate risks that integrated IT/security staffing can fail to reduce or even enable in the first place. The concept of segregating duties as risk management is already in place in some areas in financial institutions. For example, the chief lending officer would not be the person approving loans, nor would one person alone be in charge of outgoing wires. This practice can and should be extended into a financial institution’s cybersecurity operations, but it is common in IT to see one person responsible for both setting up and monitoring the email system or to be responsible for both the network and penetration testing. [Read more…]

What They Should’ve Done Before the Breach: Cyber Security Guest Blog

By

The following is a guest blog, published with the author’s permission. Click here to read the original post at Tressler LLP.

Here It Is: The Decision That Tells Data Collectors Exactly What They Should Have Known Before They Had A Breach

A class action entitled Wade v. ABM Indus. Inc., 2018 CH 3855 was initiated last week against ABM Industries (“ABM”) in Illinois based on allegations that ABM recently breached its employee’s Personal Information.  In summary, the class action plaintiff claims he was damaged by his employer, ABM, “when it ‘allowed hackers to obtain access to Plaintiff’s and other employees’ Personal Information.”  In particular, the class action plaintiff claims his Personal Information “should not have been susceptible to unauthorized access through the use of one of the oldest, and least sophisticated types of cyber-attacks – the ‘phishing email scheme.’” [Read more…]

Employee Data Breach Class Action Lawsuit: Cyber Security Guest Blog

By

The following is a guest blog, published with the author’s permission. Click here to read the original post at Tressler LLP.

Illinois Class Action Suit Highlights Issues When An Employer Allegedly Breaches Employee Data

A class action entitled Wade v. ABM Indus. Inc., 2018 CH 3855 was initiated last week against ABM Industries (“ABM”) in Illinois based on allegations that ABM recently breached its employee’s Personal Information.  In summary, the class action plaintiff claims he was damaged by his employer, ABM, “when it ‘allowed hackers to obtain access to Plaintiff’s and other employees’ Personal Information.”  In particular, the class action plaintiff claims his Personal Information “should not have been susceptible to unauthorized access through the use of one of the oldest, and least sophisticated types of cyber-attacks – the ‘phishing email scheme.’” [Read more…]

Ask an MSP Expert: How can we effectively manage project workflow?

By

onShore Security’s Security Compliance Strategist, Chris Johnson, cites a guideline for project management, in this interview with SmarterMSP.

 [I]f you have a specific request from a client and it requires more than one vendor, it is best to call it a project. Chances are, if you need to talk to more than one vendor, it is going to take more than a day to resolve.  [Read more…]

How to Assess Third-Party Vendor Risk: Cyber Security Guest Blog

By

The following is a guest blog, published with the author’s permission. Click here to read the original post at Third Party Trust.

Metrics drive the measure of progress and stand as benchmarks during any assessment, audit or review process. They are the life blood of reporting and when it comes to vendor risk management, it is not as straight forward as you might think. Let’s take a deeper look into what Guy Dulberger of Ritchie Bros. has to say about the key metrics to track when assessing vendor risk and how a risk-based approach is the new norm for vendor risk management. [Read more…]

312-850-5200

216 W. Jackson Blvd.
Chicago, IL 60606

info@onShore.com