by Sean Murray | Jun 24, 2017 | Uncategorized
AT&T Consulting
AT&T SureSealSM Security Certified Program
With increasing pressure from the government and industry to meet constantly evolving security requirements, enterprises must
assure partners, suppliers and customers that they are in compliance. Failure to meet such requirements may result in increased audits, penalties, and transaction costs, as well as the loss of business and potentially lower revenues. As a result, enterprises are forced to
dedicate significant time, money and personnel to security audit and reporting processes.
When addressing individual regulatory requirements, enterprises are discovering a new challenge: the need for an over-arching program of security improvement and compliance. The need for a programmatic and holistic approach to security, which aligns the business and security needs of the
organization, forms a foundation for addressing compliance requirements.
The AT&T SureSealSM Security Certified Program helps customers address this growing need.
SureSeal is based on our experiences and observations that, while there are many standards and laws to which companies must comply, there has been no program to address compliance requirements and IT components holistically. SureSeal customers have found that such an approach can help to reduce compliance costs and streamline regulatory efforts.
AT&T has long been a pioneer in the development of security services and capabilities, with AT&T Labs and AT&T’s security organization working closely together to provide industry leading enterprise services and technology.
Overview
The AT&T SureSeal Security Certified Program is designed to assess an enterprise’s information security program (or critical business components or applications) and certify that it meets industry standards. The certification is earned by implementing and operating a proactive program of security improvement. In turn, it provides trust and assurance for companies that are required
to communicate their security practices to third parties and government regulators. The program reduces the complexity and expense of multiple audits.
Program Description
Completion of the AT&T SureSeal Security Certified Program requires compliance with open and published standards taken directly from regulatory requirements and industry standards. These standards are generally accepted in the industry, and AT&T openly shares the standards and assessment techniques with customers.
Dynamic, Flexible Approach
Certifying the entire enterprise, especially in the case of larger customers, may not be cost effective. For this reason, the flexibility of the SureSeal Program means that AT&T Consulting can certify application infrastructures, hosting environments, and business units. In each case, AT&T Consulting performs an extensive review of people, processes and technology, evaluating the interdependencies between an application or business unit and the overall enterprise security program.
Product Brief – AT&T Consulting 2
Requirements for satisfying these standards can be assessed using a common set
of assessment procedures, at business- appropriate levels of detail. A single set of procedures translates into less time,
effort and costs for compliance audits and assessments. In addition, this approach readily allows for the incorporation of new standards into the assessments. AT&T
Consulting believes this is critical given the rapidly changing state of regulatory and industry expectations.
By achieving certification, you will benefit from association with the AT&T Consulting SureSeal Security Certified brand. Once certified, you can generate reports for auditors, regulators and other parties requesting information about your company’s security compliance status. You will have access to the full Certification Assessment Report, which details all regulations and standards that are evaluated, along with all findings.
The SureSeal Program provides many other benefits; such as detailed recommendations that help you improve even the most robust information security program. Your practices and processes will be evaluated by top security professionals with state-of- the-art knowledge of the security industry and technologies. If we recognize areas for
improvement during the security assessment, we will provide detailed, documented feedback as well as guidelines to help you pursue the remediation strategy that best suits your organization.
Features
The AT&T Sure Seal Security Certification process includes two key phases:
• Assessment
• Certification
Assessment
The assessment phase consists of a detailed analysis of your business, networks and data flow. Typically, this phase lasts three
to six months and is performed through documentation reviews, interviews and technical analysis.
Certification
Once you have successfully achieved compliance with the selected standards, you are certified for a period of one year, renewable annually.
The advantages of certification include:
• A one-page certification letter that can be shared with regulators, business partners, industry associates and other third parties.
• Access to certification documentation to generate reports in the required
format for auditors, regulators and others in response to requests for security compliance information.
• An AT&T SureSeal Security Certified plaque for display and recognizing your achievement in information security as well as use of the SureSeal logo.
Benefits
Streamlined Certification
An open and standards-based certification process encompasses security requirements from a variety of sources.
Reduced Cost and Complexity
The AT&T Consulting SureSeal Security Certification Program satisfies multiple audit and regulatory requirements through a single service.
Documentation
AT&T Consulting provides access to supporting documentation for auditors, regulators and other third-party requestors. In addition, AT&T Consulting provides a certification letter so you can communicate security certification status to customers, partners and suppliers.
One-Stop Vendor
Since the late 1800s, AT&T has been held to the high standards for security and risk management. Bringing over a century of this expertise to our customers is the AT&T Consulting mission. AT&T manages its own risk portfolio with care and integrity, and is
proud to bring our expertise to help address our customers’ security challenges.
Security Solutions: Expertise from a Trusted Provider
AT&T provides a unique and world-class portfolio of assessment, compliance and related security services.
Our experience, expertise and commitment to open standards have established us as a strategic and trusted advisor. By leveraging AT&T, you can expect best-in-breed solutions, a global network of proven technology and a cost-effective, program-based approach to meet your security and compliance needs.
06/01/10 AB-1906
© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.
by Sean Murray | Jun 24, 2017 | Uncategorized
According to a Touché Ross study, the survival rate for companies without a disaster recovery plan is less than 10%!
A security analyst firm in DC, about 70% of all successful attacks on computer networks were carried out by employees and insiders.
Can your business survive the unexpected?
Applied Utility Auditors LLC can Meet with you to:
1. Analyze your vulnerability
2. Help find solutions from select vendors
3. Develop a DRaaS plan for you
877 208 0021
by Sean Murray | Jun 24, 2017 | Uncategorized
OVERVIEW
In 2012, a New Jersey man hacked in several accounting firms, stealing the tax forms and personal information of over a thousand clients. He used this information to file more than $6 million in fake tax returns. He also sold the pilfered data to other hackers on the dark web. He was eventually caught by the FBI, but the damage to these clients was done The accounting firms involved had to notify their customers that they had been breached and that they were the root cause of their tax fraud nightmares. These victims were also left to wonder what other attacks were waiting for them now that their data was in the hands of other malicious sources who had purchased their confidential information.
This incident is not unique. Incidents of hacking and cyber-breaches are on the rise across all industries and for companies of all sizes. Accounting firms face the standard cyber-risks that all industries with internet-facing systems are exposed to, but they also face unique risks based on the nature of their work and the data that they possess, as outlined herein.
Grid32, a cyber-security provider, has seen these issues first-hand. We have performed proactive security assessments and penetration tests for many forward-thinking accounting firms, and have been involved in cyber-breach incident responses for companies who have already fallen victim to malicious cyberattacks. This case study seeks to outline the issues we have found and bring further attention to both the gravity of this situation and the need for action by those organizations who are not fully cognizant of this risk or who falsely assume they are safe.
In performing our security assessments and tests, Grid32 has found that, almost uniformly, our clients in the Accounting Industry have had vulnerabilities in their systems that would allow malicious attackers to gain access to a dangerous set of data and access, including:
• Access to company records, including financials, partner compensation, payroll records, and employee social security numbers and confidential information.
• Access to client data, including financials, tax records, data files, and access credentials.
• Ability to access banking and financial accounts, transfer money out, and re-route inbound funds.
• Access to IT administrator accounts, allowing full control of networks and all resources.
• Access to user accounts, including emails, network access, and all assigned capabilities.
• Full control over networks, devices, phone systems, and security systems.
Having access to all of these items at once is obviously troubling and it could be severely damaging in the wrong hands. Damages could include financial losses, law suites, government-imposed fines, embarrassment, and job loss. All of this access and information was gained remotely, without our attack team ever setting foot in the facilities. Thankfully, we are trusted professionals and we were able to provide remediation steps to our clients to close the security gaps and limit the likelihood that these attacks would occur in the real world. Unfortunately, we are concerned that far too many organizations are not taking the proper steps to prevent similar attacks. The issue looks to only be getting worse as attackers recognize the pervasiveness of vulnerabilities and caches of valuable data in this industry.
UNIQUE FACTORS AFFECTING ACCOUNTING FIRMS
Besides the standard risks inherent to all industries with internet-facing systems, accounting firms faces additional threats due to the volume and types of data that they typically house. As seen in the previously mentioned example, hackers are heavily targeting tax information so that they can file fraudulent tax returns. In 2013, the IRS paid $5.8 billion out in fraudulent tax returns. In addition, they prevented a further $24.2 billion, making a total of $30 billion in fraudulent federal tax returns filed. There is a significant volume of fraudulent returns being filed at the state level as well, to such a degree that Turbo Tax had to temporarily stop processing state returns in 2015. The IRS and individual States are getting better at detecting and preventing tax fraud, but this is only increasing the volume of attempts. Whereas hackers used to try to file, for example, three returns for $10,000 each, for a payoff of $30,000, now they need to file thirty returns, for $5,000 each, to get a similar return. This need to file a larger number of returns means that the attackers need to gain access to large caches of tax-payer data. Accounting firms are a perfect source for this, putting them squarely in the crosshairs of a malicious underworld that is becoming increasingly more organized and sophisticated.
In addition to the threat brought on by tax fraud, hackers have learned that breaching an accounting firm can have a similar payoff to breaching scores of companies and individuals, since you not only get the firm’s data, but usually troves of data on their clients. Besides tax fraud, there is also typically data attackers can access to perpetuate other cyber-crimes. This includes banking credentials, which can be used to perpetuate another trending attack, wire transfer fraud. Other sensitive data that hackers may be after includes personally identifiable information, employee records, business plans, intellectual property, or access credentials for client networks and resources.
These factors make accounting firms a certain target for malicious attackers, and there is an absolute need for all accounting firms to take proactive steps to protect their data, and the data of their clients, from prying eyes. Breaches can expose accounting firms to the direct costs of damage, claims for damages from clients or third-parties, costs of compliance or fines from statues or regulations, and damage to their image and reputation.
Besides the obvious need for accounting firms to protect their own information and that of their clients, being savvy with cybersecurity is just good business. Clients depend on accounting firms for advisement on many topics, including cybersecurity. Letting clients know that a firm takes cybersecurity seriously, proactively addressing threats, can be part of the marketing pitch to help attract and retain clients. It can even create billable services, as many accounting firms offer cybersecurity services, including many that upsell Grid32’s services to their client-base.
WHAT CAN BE DONE?
There are a few basic steps accounting firms should be taking to help mitigate this risk:
1. Have an Information Security Committee that meets regularly and includes key personnel and staff from relevant departments.
2. Have a written Information Security Program, with documented policies and procedures, as well as risk analyses and contingency plans.
3. Have a Penetration Test performed annually by an independent security firm, and ensure the remediation steps that come from the test are actuated.
4. Train all staff on Cyber-Security Awareness.
5. Use strong and unique passwords and enable two-factor authentication whenever possible.
6. Encrypt data when transmitted and when stored, especially data that resides on mobile devices such as laptops.
7. Allocate the proper funds for cyber-security.
1 WHAT IS A PENETRATION TEST?
A Penetration Test is a security exercise where a team of highly-trained security experts attempt to hack into the client’s network in order to find security weaknesses. The intent is to discover ways that a real-world attacker might be able to compromise the systems. The highly-trained security team is careful not to cause any actual harm and a report is provided detailing all of the vulnerabilities and weaknesses found and recommending what needs to be done to fix them.
In-house I.T. staff are usually pressured to make things functional and easy-to-use, which diametrically oppose security. Also, it is difficult for an organization’s own IT staff to objectively look at their own systems from an outsider’s perspective. Just like a CFO needs a CPA firm to review their financials, senior IT leadership benefits from having a team of certified security experts independently test their system to give them valuable insight.
by Sean Murray | Jun 7, 2017 | Uncategorized
This is a Cisco Call Manager Solution that moved a premise based Call manger to the cloud. It is one of many Call Manger Solutions offered by Applied Consulting Group’s partners. We help you select which Cisco, or other Cloud based solution is best for you. acginfo.biz 877 208 0021 [email protected]
ABT ASSOCIATES
Mission-driven, global leader in research and program implementation in the fields of health, social and environmental policy, and international development.
EMPLOYEES: 1045 domestic, 2000 in Africa
LOCATIONS: 4 US locations
NUMBER OF SEATS: 1045
Abt Associates continues to be a mission-driven, global leader in research and program implementation in the fields of health, social and environmental policy, and international development. Known for its rigorous approach to solving complex challenges, Abt Associates is regularly ranked as one of the top 20 global research firms and one of the top 40 international development innovators.
THE CHALLENGE
Abt Assoc. had been using NWN for premise-based Cisco Call Manager services. With very limited IT resources the company lacked the expertise to pull together its disparate communications tools. It was also using different collaboration tools – Cisco Jabber, Microsoft Lync and Google apps – that did not integrate with each other.
SOLUTION
West moved the voice services to VoiceMaxx CE and into the cloud. We also supplied ControlMaxx for their 20 contact center workers. Since the company was using Cisco already, the interfaces for VoiceMaxx CE were nearly identical to those of the Call Manager. InterCall also provided Abt with 3000 WebEx licenses. In order to federate their disparate messaging and presence platforms, West implemented NextPlane, which allowed their US locations using Cisco Jabber to integrate with their Australian location, which was locked into Microsoft Lync.
by Sean Murray | May 22, 2017 | Uncategorized
Last week at Kiwanis we had a speaker that discussed this topic. As it happens it is part of my ad for a sales person. This EQ has become more important as a gauge as to how we interact with each other.
www.ihhp.com/free-eq-quiz/ highlight and right click to quickly access the test
by Sean Murray | May 22, 2017 | Uncategorized
Did you know that the origin of the phrase having a “skeleton in the closet” originated in Medieval England during King Henry VIII reign when being Catholic could end up with your losing your head on the chopping block? People would hide Catholic priests in their “closets”, or, bathroom or lavatory, since the English call their bathrooms “closets”. Then, in the 19th Century, doctors in England hid corpses in their “closets” (body snatching was a popular crime)to use in teaching their students about anatomy.
TOO funny to pass up –
this comes courtesy of The Saturday Evening Post by way of a reader in Wisconsin:
Two boys are in the hospital lying on gurneys next to each other. ” What are you in for?”, asks one. “To have my tonsils removed”, the second replied. “Oh, that’s an easy operation. I had it done when I was four, and when you wake up, the nurses give you all the Jello and ice cream you want.”
The other boy is relieved, and says to the first, “Why are you here?” “A circumcision”, he replies. “Whoa”, says the other boy. ” I had that done when I was born, and I couldn’t walk for a year!”
AND, courtesy of The Saturday Evening Post, from a reader in Union, NJ:
A doctor, lawyer, a priest, and a little boy are on a small, private plane when suddenly the engine stopped. The pilot grabbed a parachute, told the others they had better jump, then bailed out. But, there were only three parachutes remaining. The physician grabbed one and said, ” I save lives. I must live.”
The lawyer took the second parachute, and on exiting the plane said, ” Lawyers are the smartest people in the world. I deserve to live.”
The priest looked at the little boy and said, ” My son, I have lived a long life, and yours is still ahead of you. Take the last parachute, and go in peace.”
“Don’t worry Father”, , said the little boy replied. ” The smartest man in the world just took off with my backpack.”
DID YOU KNOW, that the reason we use the word “mammoth” as a synonym for “huge”, is that Thomas Jefferson first compared something very large to a mammoth’s bones that had just been discovered.
