Knowledge

2/12/2018 Newsletters

DFS - Certification of Compliance - Due 2/15/2018!

New York State Department of Financial Services recently updated its web page to indicate that any covered entities (i.e., agencies, insurance agents or insurance brokers) that already submitted their Certification of Compliance, needs to do so again after Monday, Jan. 1, 2018. 

According to the department, "The Certification of Compliance certifies that a Covered Entity complied with 23 NYCRR 500 for the entire calendar year. As such, the department only expects to receive a Certification of Compliance between January 1 and the February 15 deadline for the previous calendar year. Unless a Covered Entity is ceasing department-authorized operations before that year end, a Certification of Compliance before year end will not satisfy the requirement that a Covered Entity certify its compliance as of year-end."

The NYDFS Cyber Security Regulation (23NYCRR500) requires all New York-licensed insurance agencies, agents and brokers to file a certification of compliance, prior to Thursday, Feb. 15, 2018, and annually thereafter. The certification confirms that the licensed entity has complied with the regulation to the extent required, which includes conducting a risk assessment and developing cybersecurity programs and policies based upon that risk assessment. 

Digital Edge is an expert in ISO standards, is certified by International Standard Organization on Information Security and Quality (ISO 27001). There is a clear crosswalk between DFS law and ISO standards. Digital Edge will help to implement policies, standards and practices to cover all DFS requirements based on International Standards Organization framework.

Contact us today to further explore how our team can provide your business with an unparalleled cybersecurity solution, with our continued focus on Stability, Security, Efficiency and Compliance

For more information on this regulation and to ensure that your organization is following the critical compliance requirements, please read our most recent articles:

  1. DFS Compliance – Mandatory Cybersecurity Requirements
  2. To Do: Check List to Comply with DFS Cybersecurity Law
  3. Discover the NEW online DFS Cybersecurity Reporting Portal
  4. Exempt from DFS Cybersecurity Regulations – Now What?
1/26/2018 Newsletters

Is Your Cybersecurity Infrastructure in Compliance?

In March of 2017, the New York State Department of Financial Services’ (DFS) issued its “Part 500” - Mandatory Cybersecurity Requirements for financial services entities. Thus, requiring banks, insurers, and other financial institutions to establish and maintain a “risk-based, holistic, and robust security program” that is ultimately designed to protect consumers’ private data. Partial exemptions are provided for covered entities based on their staffing level, annual revenue, or total assets

The initial deadline for submitting an annual Certification of Compliance on February 15, 2018 is rapidly approaching, and all organizations are required to comply with DFS Part 500 Section 9, Risk Assessment by March 1, 2018

Digital Edge is an expert in ISO standards, is certified by International Standard Organization on Information Security and Quality (ISO 27001). There is a clear crosswalk between DFS law and ISO standards. Digital Edge will help to implement policies, standards and practices to cover all DFS requirements based on International Standards Organization framework.
 
Contact us today to further explore how our team can provide your business with an unparalleled cybersecurity solution, with our continued focus on Stability, Security, Efficiency and Compliance

For more information on this regulation and to ensure that your organization is following the critical compliance requirements, please read our most recent articles:

  1. DFS Compliance – Mandatory Cybersecurity Requirements
  2. To Do: Check List to Comply with DFS Cybersecurity Law
  3. Discover the NEW online DFS Cybersecurity Reporting Portal
  4. Exempt from DFS Cybersecurity Regulations – Now What?
1/4/2018 Newsletters

New Vulnerabilities - Meltdown and Spectre. What You Need to Know

The Digital Edge Security Team is aware of a set of security vulnerabilities—known as Meltdown and Spectre—that affect modern CPUs and virtual memory access. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.

We analyzed our clients configurations and our own DE Cloud Infrastructure, and as of now, do not see any active exploitation of this vulnerability. 

There has been much contradictory information. The Digital Edge Security Team explains the vulnerability in simple terms and provides suggestions on how to handle the situation here.

11/30/2017 Newsletters

Digital Edge’s Managed Security – response to HIDDEN COBRA- North Korean Remote Administration Tool: FALLCHILL

The Digital Edge Security Team warns that HIDDEN COBRA actors have been using FALLCHILL malware to target IT infrastructures. DHS and FBI specified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a remote administration tool (RAT) used by the North Korean government—commonly known as FALLCHILL. The U.S. Government refers to malicious cyber activity by North Korea as HIDDEN COBRA. 

HIDDEN COBRA uses dual proxy technique allowing to change vector of the attack and keep the source of the attack hidden.
 
These types of activities can have severe impacts such as data loss and disruption of operation. The Digital Edge Security Team has updated its own core infrastructure to protect our clients from possible impacts of HIDDEN COBRA and advise other IT organization to use the same practice. 

Click here for more details.

11/29/2017 Newsletters

DFS Suggested IPs to Block HIDDEN COBRA

DFS Suggested IPs to Block HIDDEN COBRA

11/29/2017 Newsletters

DFS Suggested MD5 To Block HIDDEN COBRA

DFS Suggested MD5 To Block HIDDEN COBRA

11/12/2017 Newsletters

Imperative Concern: Your Wi-Fi Connection is Vulnerable

Wi-Fi vulnerability has been of recent speculation; indicating that a hacker can exploit Wi-Fi networks. Digital Edge wants to raise awareness by sharing an article written by our friend Henry Jiang (CISO, CISSP) that covers this topic extensively. In addition, you will find the results of our conversation with a security expert who witnessed a “Proof of a Concept” of the Wi-Fi exploitation using modern white hacking approach - THE RESULT IS SHOCKING. 

Please get the full article here

11/3/2017 Newsletters

Digital Edge’s Contribution to the Verizon Security Breach Report 2017

Have you ever been or almost been hacked? The answer is most likely yes. Everyone knows of those sketchy emails that try to get you to do something but in reality just cause viruses on your computer. Exploiting someone’s computer has become such a big 21st century issue and it continues to grow.

Digital Edge served as a contributor to Verizon’s Security Breach Reports this year. Hacking is becoming an ever-growing issue so Verizon comes up with statistics of breaches that occurred throughout the year to keep people informed. Digital Edge aided Verizon in providing our own reports of client’s attacks. We analyzed the type of attack, the success rate and ultimately the amount of attacks our clients experienced. (Note: Client Confidentiality Was Not Compromised). There were interesting trends found when analyzing the reports, such as the main targets and the way industries are being exploited. To see these trends, read the full article!

10/30/2017 Newsletters

Urgent Warning about an Email Phishing Campaign - Alerting for Fraudulent Rules Setup in Office 365

Friends and Colleagues, 

It is critical that at this time, the Digital Edge Security Team sends an urgent warning about a wide-spread email phishing campaign aiming at Microsoft Office 365 users. The emails have subject similar to this: “View your Office 365 Business billing statement for…”

The email looks very real and our Security Team is urging what users should pay attention to when analyzing such email for authenticity.

Multiple clients have notified us about receiving said emails and some people were getting trapped by this campaign. 

Click here to read more about this incident of email phishing and possible remediation for this and further attack involving setting up spying rules in your Office 365 account.

10/26/2017 Newsletters

Digital Edge Security Team Advises Not To Use Kaspersky

It was recently reported that the home computer of an NSA (National Security Agency) contractor was hacked using Kaspersky antivirus software. The incident happened back in 2015 but it had been brought to light about a month ago. It revealed that this vulnerability in the Kaspersky software could have been in massive scale. It was also suggested that not only was the Kaspersky Lab team aware of the hacks, but they assisted in them as well. Kaspersky Lab sent out an emailed statement refuting this and offering help to the U.S. in investigating the breach. However, with rising tensions between Russia and the U.S., there could be a connection between the Kaspersky Lab and Russian Intelligence Agencies; which can pose as threat to American consumers that have Kaspersky software.

The Digital Edge Security Team advises against using Kaspersky security products, which have deep access to system resources, may work as spying software as well as have possible ties to the Russian intelligence agencies.

To continue reading please click here!

Digital Edge’s security team provides top security to their servers. Working 24/7, we detect any type of faults in our systems instantly, before they even cause a potential threat to breaches. Digital Edge provides security checks, does penetration testing and supervises our client’s systems to ensure full security. We work hard to maintain our 100% Uptime. 

If you are in need of immediate Security assistance, please contact the Digital Edge Security Team today!

LET'S TALK: 800-714-5143