Keller Schroeder’s Post

Authentication serves as the gateway to technology tools. Implementing robust authentication measures like multi-factor authentication (MFA) ensures that only authorized individuals access critical systems, adding a vital security layer beyond standard usernames and passwords.

High-profile breaches show how quickly a hack of one widely used software tool or service provider can spread. Vendor management is critical for security & compliance. “From a vendor consideration perspective, know that it’s still your responsibility, even if you’ve outsourced the processing, consumption, analysis, storage, or deletion of any data, it is still ultimately your customer & your liability/exposure."

Prospective customer: Here's our security questionnaire. Vendor: OK, done. Customer: You don't meet requirements A, B and C. Vendor: We don't do A, B and C because of (entirely reasonable reasons). Customer: OK, we accept that. We're good to go. Vendor: Excellent. Customer: Here's the security annex that we require to be included within our contract. It requires you to do A, B and C. Vendor: ...

Its about time that enterprises start re-taking control of how and when software updates, in light of the CrowdStrike issues seen today. Managing software updates is a pain, but giving that control to an outside vendor who is essentially unaccountable for issues is no longer a real way forward. My thoughts in this Verdict. https://lnkd.in/ggqCSj5G

🔍 Did you know that Tricent helps you remove document access for vendors you no longer collaborate with? Discover how our solution streamlines the revocation of outdated access permissions, safeguarding your sensitive data effortlessly. This use case highlights the simplicity and effectiveness of managing document security with Tricent, offering insights and strategies for enhancing your data protection measures. Dive into the details and see the difference for yourself. 🔗Read the use case here: https://hubs.la/Q02k8qDK0 #DataSecurity #DocumentManagement #VendorManagement #Tricent

* Security vendors and basically anyone who's product sends "alerts" to teams that are supposed to respond to them in a timely fashion. * For the love of Pete - Put the actionable details of the alert IN the alert. Don't send me an alert that says - "There is an alert, go here and log in and do 3 more steps and then you'll see the info we are alerting about." OMG so maddening. My security team gets alerts from M$ products saying _"There is an alert you should look at." DUH give me the damn details in your alert! Then I can immediately take action! End of rant.

This mornings CrowdStrike update bug is a reminder to check your third party vendor management policy. If you don't have one or would like help reviewing yours let me know.

In-House SOC vs Outsourced: Which is Best for Your Business? In this video, we dive deep into the pros and cons of both options, comparing factors such as cost, control, expertise, and scalability. Watch here- https://lnkd.in/gtMrVu8Q #InHouseSOC #OutsourcedSOC #BusinessSecurity #SOCDecisions #Cybersecurity

Struggling with software in BFSI? How can you balance security, compliance, and efficiency? Click the link in the comment to know more! #BFSI #productivity #efficiency #facillima #facillimasoftware

The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company. A hacker going by the name of Menelik says he could access the portal by registering multiple accounts under fake company names and had access within two days without verification. "It is very easy to register as a Partner. You just fill an application form," Menelik told BleepingComputer. Easy-to-access APIs have become a massive weakness for companies in recent years, with threat actors abusing them to scrape sensitive data and sell them to other threat actors. https://lnkd.in/gT-S7h2p #auguryit #cysec