Cyber Security

Security convergence is the consolidation of traditionally disparate risk management spheres of influence, Physical Security, Information Security and Compliance into a unified view of risk. Find Out More.

Compliance

We maintain extensive partnerships with regional accounting and audit firms. Find Out More.

NESP_Color

New England Safety Partners helps small and medium sized business with comprehensive Risk Management services in cyber securityphysical security and compliance management.

Please contact us for details. 

****

Proud Sponsor of the Boston Chapter of InfraGard

ig_logo

NESP consultants had a very thorough understanding of the PCI-DSS requirement. (The word ‘encyclopedic’ comes to mind.) This was very helpful in areas where the written standard leaves room for interpretation. In those situations, they helped us to assess our risk and to develop practical solutions.

They brought strong operating systems and networking expertise. They quickly earned the respect of, and collaborated effectively with, our technical staff. Consistently their recommendations were technically sound.

Information Security Staff Member, Large University

Working with technology and people can be messy and a sometimes befuddling proposition. NESP exercised effective people skills in balance with deep understanding of project technical issues to yield positive results for ITG.

CEO, Interactice Tactical Group

NESP was a strong business partner on information security issues particularly as they related to our employees, data security, data access and data controls. They were instrumental in putting a robust information security program in place for the organization, and for educating senior management on the criticality of security awareness. They demonstrated strong technical expertise, but also had the ability to align with business demands/appetite.

VP HR, Property and Casualty Insurance Company

Credit Card Issuer TCM Bank Leaked Applicant Data for 16 Months

TCM Bank, a company that helps more than 750 small and community U.S. banks issue credit cards to their account holders, said a Web site misconfiguration exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for cards between early March 2017 and mid-July 2018.

TCM is a subsidiary of Washington, D.C.-based ICBA Bancard Inc., which helps community banks provide a credit card option to their customers using bank-branded cards.

read more

The Year Targeted Phishing Went Mainstream

A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason — sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack).

But beneath the lurid allure of both stories lies a more unsettling reality: It has never been easier for scam artists to launch convincing, targeted phishing and extortion scams that are automated on a global scale. And given the sheer volume of hacked and stolen personal data now available online, it seems almost certain we will soon witness many variations on these phishing campaigns that leverage customized data elements to enhance their effectiveness.

read more

Reddit Breach Highlights Limits of SMS-Based Authentication

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe. What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security.

read more

Your Hump Day Reading List for August 2, 2018

 
I found more interesting articles for this week’s List, some of them guaranteed to make you think twice! 
 
Whatever happened to positively identifying your target?
I’m not sure where to start with this article, but I’ll boil it down to this: Just because an alarm goes off doesn’t mean there’s a threat, and blindly firing through a closed door without first ascertaining an actual threat is irresponsible in the extreme. 
 
Speaking of stupid self defense tricks…

The post Your Hump Day Reading List for August 2, 2018 appeared first on www.GrantCunningham.com.

read more

“Justifiable” isn’t the same thing as “desirable”.

It’s been my observation that only a very small percentage of gun owners think deeply about this business of shooting another person. By that, I mean beyond the aspects of sight picture and trigger press.
What brought this to mind were the reactions of people to a recent story out of Oklahoma.
A landowner’s tale
It seems the owner of a vacant home had tired of people breaking into his empty house and developed the habit of frequently checking …

The post “Justifiable” isn’t the same thing as “desirable”. appeared first on www.GrantCunningham.com.

read more

State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China

Here’s a timely reminder that email isn’t the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned.

This particular ruse, while crude and simplistic, preys on the curiosity of recipients who may be enticed into popping the CD into a computer. According to a non-public alert sent by the Multi-State Information Sharing and Analysis Center (MS-ISAC), the scam arrives in a Chinese postmarked envelope and includes a “confusingly worded typed letter with occasional Chinese characters.”

read more

LifeLock Bug Exposed Millions of Customer Email Addresses

Identity theft protection firm LifeLock — a company that’s built a name for itself based on the promise of helping consumers protect their identities online — may have actually exposed customers to additional attacks from ID thieves and phishers. The company just fixed a vulnerability on its Web site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company.

The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock’s brand. Of course, phishers could spam the entire world looking for LifeLock customers without the aid of this flaw, but nevertheless the design of the company’s site suggests that whoever put it together lacked a basic understanding of Web site authentication and security.

The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock’s brand. Of course, phishers could spam the entire world looking for LifeLock customers without the aid of this flaw, but nevertheless the design of the company’s site suggests that whoever put it together it lacked a basic understanding of authentication and security.

read more

Your Hump Day Reading List for July 25, 2018

I haven’t let this heat wave stop me from gathering more great self defense and preparedness articles for you! (Now, where did that iced tea go…)
 
The gun shouldn’t be the first thing you grab
“I don’t need to identify my target, because I can tell my girlfriend’s steps from an intruder in the dark”.  Someone actually told me that, in explanation for not having a flashlight with his home defense gun. I offer this article as counterpoint, …

The post Your Hump Day Reading List for July 25, 2018 appeared first on www.GrantCunningham.com.

read more

Self defense, quantum physics, and negative outcomes

The great physicist Werner Heisenberg is responsible for describing a very interesting phenomenon in quantum physics: our observations effect the behavior of quanta (quantum particles). In other words, by simply observing an experiment, it’s possible that we inadvertently change the outcome.
Quantum physics gets really weird after that, but this is as far we need to go. For now.
Doing it means you won’t need to do it
Heisenberg described something similar to what I’ve observed over the years …

The post Self defense, quantum physics, and negative outcomes appeared first on www.GrantCunningham.com.

read more