Connecticut Information Security
is a full-service cyber security firm

We specialize in mitigating security risks, protecting networks, aligning organizations with security standards, and educating workforce members on security-related topics and tools.

Learn more about us
image01

Top Issues from Top Experts

Get in touch with today's top security topics from
the experts in the field.

Visit our blog now
image01

Are You Exposed?

Need help evaluating your security risks?
We are here to help.

Contact us now
image01

CTInfoSec has extensive experience
performing security assessments

We work in a variety of industries, including insurance, financial services, mobile applications, healthcare, online services, manufacturing, utilities, real estate, business services and more.

Find out more
image01

THE BLOG

  • Nov 10, 2021
    Backups, Security's Best Friend

    Do you have backups in place? Simple yes or no answer, or is it? In the past, backups were not necessarily seen as a security issue, but ransomware changed that. Backups, and the security of those backups, is now more important than ever. Backups have become Information Security's best friend.

    But is simply having a backup really the only concern? As security professionals we are asked about backups regularly. Here is our take on the subject:
     
    Having backups in place is critical.
    Having working backups in place is critical.
    Having frequent backups in place is critical.
    Having tested backups in place is critical.
    Having isolated or offline backups in place is critical.
    Having backups only accessible to the necessary staff is critical.
    Ensuring there are backups of everything necessary to run your business is critical.
     
    Cloud assets, AD, applications... all of these are in scope and should have backups at some level. Multiple copies and retention should also be considered.
     
    If we are testing your environment and we can get into your backups, so can a malicious actor, so give them the appropriate level of attention. Make sure resources are put into ensuring that you know what is backed up, the frequency of backups, and how they are secured. Make this part of your Business Continuity planning and testing. Recover and test your backups, regularly. Do not wait for a loss of data to investigate this crucial component of your IT environment.
  • Oct 14, 2021
    Consistency is Key

    It used to be that employees stayed at a company for a long time. People did the same job for years, and you could go to someone in-house and ask where something was or how it was done. Good, bad or indifferent, there was a 'way' things got done. In today's day and age, with the complexity of technology and the movement of jobs, this is no longer something you can count on. This is one of the reasons that documentation becomes so important for institutions. The need to have consistent implementation and education is paramount to being an efficient, and properly protected, organization. Often when our team conducts a security assessment, the inconsistencies show through... when documentation is requested, there is none to fall back on. Lack of consistent implementation creates the cracks that attackers squeeze through. 

    For some organizations, this is a shift in mindset. Stopping the practice of just doing, and instead stopping to ask: Is what I am doing the right thing? Is it consistent and secure? Getting started requires your team to ask: What technologies are in place? How are they managed today? Is how they are managed today appropriate? What are configurations necessary to secure the systems in place while meeting the business needs? Are there regulatory requirements that need to be considered? What are the minimum acceptable security controls to be put into place? Then, the next step is putting pen to paper - or fingers to keyboard - and recording it all.  

    The upfront 'pain' of documenting configurations and getting consensus on the right controls to have in place can be an investment in time, but efficiencies in communication, and consistencies in the management and implementation of technologies can save you time in the long run. It can also save you money on extra staffing costs, provide more effectiveness in the education and onboarding of new IT hires, and help your organization meet regulatory requirements. 

    The tough part, of course, is really putting it all into action and recording the gaps and risks present in the process. Progress over time is the goal. With appropriate tracking of the gaps, there will be less crevasses for malicious actors to slide through. That is a topic for another post.

Popular Offerings

IT Security Healthcheck

    We provide a multi-leveled, custom IT Security Healthcheck of your technology environment leveraging a proprietary stack of tactical and operational checkpoints to deliver an analysis of the environment – within your needs and budget - to identify gaps and risks and provide actionable remediation steps with tiered goals.

NARC® Deception Technology

    Our patented NARC® technology identifies internal compromise or malicious insiders. By creating virtual targets and enticing malicious users to them through open services and potentially valuable data, organizations can root out illegitimate traffic and users quickly and without false positives.

PROTECT YOUR BUSINESS.
MITIGATE YOUR RISKS.

Dealing with security attacks has become a fact of doing business online. With the introduction of regulations to protect data,
this has become a critical area for businesses today.

Know your risks. Protect your data. Become compliant.