Information technology blog, cybersecurity blog

Picture this scenario that I’m guessing you’ve experienced before: you’re typing away at your computer when your manager asks you to swing by their desk to check out something related to the project you’ve been working on. You get up to head over – this project has been your main focus lately so keeping it moving forward is crucial - and then you pause as you are about to leave your desk. You’ve left your computer unlocked. IT always tells you how important it is to lock your computer whenever you leave it but there’s no one visiting the office today and you’ll just be gone for a few minutes. There are plenty of other employees around, so it’s probably not a huge deal, right? That pause and line of thinking is why I wanted to write this post.

See a condensed version of this article as it ran in The Hartford Courant. I also was interviewed on WFSB Channel 3’s Face the State about this topic in September 2020. When a city or company is hacked, its leaders usually don’t face the press. They hide behind a statement and news of the attack gradually emerges over days or weeks. They don’t want to field questions about what they would have, could have, should have done. Earlier in September 2020 when Hartford Public Schools canceled the first day of classes while the city recovered from a cyber attack, the mayor, school superintendent, police chief and head of IT for the city held a joint press conference. They confidently explained the situation and the city’s response. To those of us in the cybersecurity field, it was clear that the city had invested time and financial resources and was ready for this attack and that its leaders were following a response plan. It was very different from the scrambling we’re used to seeing, especially on the municipal level.

This isn’t news but cyber threats are a persistent issue for businesses and individuals alike in this day and age. If anything, the COVID-19 pandemic has worsened the threat landscape as cyber criminals are taking advantage of the related uncertainty and rapid transition to remote workforces and learning environments. In Connecticut, we saw that firsthand as a ransomware attack locked down the first day for Hartford Public Schools last month. The City of Hartford’s response was exemplary as they did many things right before, during, and after the attack, but it served as a stark reminder of the ever-present threat of cyber criminals. With October being Cybersecurity Awareness Month, I reached out to some cybersecurity and technology professionals for tips and insights to help you secure your businesses and home (as for many of us this year our home has become our office) in hopes of a more cybersecure tomorrow for everyone.

If you’re a supplier or manufacturer that relies on business with the Department of Defense (DoD) and the contracts they offer, you will need to ensure that your IT infrastructure can pass a third party certification for cybersecurity readiness over the coming months. This certification is referred to as CMMC or the Cybersecurity Maturity Model Certification. It is an initiative designed to help protect the data being shared within the Defense Industrial Base of the United States and the contract information necessary to produce the parts, systems, and components needed for our national defense.

Cybersecurity gets a lot of attention today. With remote work more prevalent than ever, there’s a renewed focus on securing our digital and virtual workspaces, data, and more from seemingly far-away threats like the cyber mafia. However, the physical access to your data center, data closet, or wherever you lock away the beating heart of your organization is just as important. But many businesses, especially those that have compliance requirements related to their physical security, are often not in line with best practices in their defenses.

Last fall, I had the amazing experience of being interviewed by Chion Wolf—a familiar voice and personality to anyone who listens to WNPR—for the Connecticut Voice Podcast. The podcast highlights LGBT individuals from different areas of expertise across Connecticut and I was honored to be included. Our conversation touched on everything from coming out to helicopters, to cybersecurity—including my favorite interview question I’ve ever been asked comparing working in IT to being a pilot. Pride Month seemed like a good time to share some highlights from this interview, so below are two moments that stood out to me as well as the full audio recording.

Cyberattacks are on the rise. It’s just a plain fact. Numerous studies, reports, and surveys have pointed to the findings that not only are cyberattacks on the rise but specifically ones designed around social engineering such as phishing attacks. Worse still – these attacks have seen an even bigger jump in frequency since remote work requirements have also increased. Cybercriminals see the amount of company devices outside the typical protections of their traditional offices being an opportunity to harvest data, lock up those devices, and make a quick buck (by the thousands). That’s why I wanted to talk to you about Umbrella (formally OpenDNS).

You might remember a time when some folks believed that having one thing alone meant that their business devices or networks were secure. “We have a firewall, we’re fine!” “All of our PCs have antivirus, so we’re good!” In modern times any single, standalone security product (antivirus, firewall, etc.) isn’t enough to protect your business, your users, and your data. However, these things do make for effective layers when securing your business with a defense in depth security strategy. Defense in depth is a security approach that we at Kelser subscribe to wholeheartedly for ourselves and our clients. A strategy that should be applied whether you’re protecting your office or your home environment when working remotely. In this article, we’ll walk through what defense in depth is, how it can protect your business, and the most essential layers that you should consider for any environment.