Connecticut Information Security
is a full-service cyber security firm

We specialize in mitigating security risks, protecting networks, aligning organizations with security standards, and educating workforce members on security-related topics and tools.

Learn more about us
image01

Top Issues from Top Experts

Get in touch with today's top security topics from
the experts in the field.

Visit our blog now
image01

Are You Exposed?

Need help evaluating your security risks?
We are here to help.

Contact us now
image01

CTInfoSec has extensive experience
performing security assessments

We work in a variety of industries, including insurance, financial services, mobile applications, healthcare, online services, manufacturing, utilities, real estate, business services and more.

Find out more
image01

THE BLOG

  • Mar 31, 2022
    Human Firewalls Need Updates Too

    Many organizations have rolled out multi-factor authentication (a must) and other controls to protect their networks. Email threat detection is deployed and URL rewriting in place. Investments are made in antivirus, EDR, and threat detection solutions; vulnerability scanners are used to scan for known risks. Even with all the layers, technologies cannot protect your organization fully. Your Human Firewall is critically important.

    Your Human Firewall = your users. Education of users is usually considered, even implemented to a point. Once is not enough though! Even annually does not cut it anymore.  Ongoing security education within emails, newsletters, team presentations, training, phishing simulations, and individual follow-ups are all part of a comprehensive program. Reinforcing the tools available for data protection, detailing social engineering scenarios and things to look for, and reiterating acceptable use policies should all be included. 

    Let's be honest, your users are busy. They are looking at emails quickly on cell phones and are not paying as close attention to security threats as you would like. Security it not always top-of-mind and needs to be reinforced as a regular part of everyone's role - NOT just annually when completing compliance training.

    There are certainly lots of tools available for security awareness and phishing if you have the budget. If you don't, maybe consider allocating budget next year. But keep in mind that education can happen via tools you already own - emails, newsletters, PowerPoint slides, hand-outs, team meetings, etc. However you do it, just make sure you do it. You will be glad you did.

  • Feb 28, 2022
    The Vulnerabilities Will Keep Coming

    Recently there have been vulnerabilities out in the wild that have had security teams racing to patch systems and gather an inventory of their assets. We believe in being proactive. As with working out – It is easier to stay in shape and form good habits to keep you there then to get in shape. The same can be said for the health and hygiene of your network. Keeping the inventory up-to-date, and running ongoing vulnerability scans proactively, will save you time and stress when a new time-sensitive vulnerability pops up.

    What are the steps you need to follow to make running after vulnerabilities less stress-inducing? Here are a few things to consider: 

    1) Catalogue your inventory, including what applications are exposed externally and what services your assets are running. 

    2) Understand what vulnerabilities exist in your network by running ongoing vulnerability scans or hiring a company to do it. 

    3) Know what domains and assets are managed by your company or by a third party and how to get in touch with the owners if needed.

    4) Investigate what security controls are in place or can easily be put in place to protect your network while updating configurations or patching systems.

    When a new vulnerability that promises to bypass your controls and infiltrate your network comes again (and they will come again!) you'll have a plan and can take steps forward in a logical and orderly way.

Popular Offerings

IT Security Healthcheck

    We provide a multi-leveled, custom IT Security Healthcheck of your technology environment leveraging a proprietary stack of tactical and operational checkpoints to deliver an analysis of the environment – within your needs and budget - to identify gaps and risks and provide actionable remediation steps with tiered goals.

NARC® Deception Technology

    Our patented NARC® technology identifies internal compromise or malicious insiders. By creating virtual targets and enticing malicious users to them through open services and potentially valuable data, organizations can root out illegitimate traffic and users quickly and without false positives.

PROTECT YOUR BUSINESS.
MITIGATE YOUR RISKS.

Dealing with security attacks has become a fact of doing business online. With the introduction of regulations to protect data,
this has become a critical area for businesses today.

Know your risks. Protect your data. Become compliant.