Cyber Security

Security convergence is the consolidation of traditionally disparate risk management spheres of influence, Physical Security, Information Security and Compliance into a unified view of risk. Find Out More.

Compliance

We maintain extensive partnerships with regional accounting and audit firms. Find Out More.

NESP_Color

New England Safety Partners helps small and medium sized business with comprehensive Risk Management services in cyber securityphysical security and compliance management.

Please contact us for details. 

****

Proud Sponsor of the Boston Chapter of InfraGard

ig_logo

NESP consultants had a very thorough understanding of the PCI-DSS requirement. (The word ‘encyclopedic’ comes to mind.) This was very helpful in areas where the written standard leaves room for interpretation. In those situations, they helped us to assess our risk and to develop practical solutions.

They brought strong operating systems and networking expertise. They quickly earned the respect of, and collaborated effectively with, our technical staff. Consistently their recommendations were technically sound.

Information Security Staff Member, Large University

Working with technology and people can be messy and a sometimes befuddling proposition. NESP exercised effective people skills in balance with deep understanding of project technical issues to yield positive results for ITG.

CEO, Interactice Tactical Group

NESP was a strong business partner on information security issues particularly as they related to our employees, data security, data access and data controls. They were instrumental in putting a robust information security program in place for the organization, and for educating senior management on the criticality of security awareness. They demonstrated strong technical expertise, but also had the ability to align with business demands/appetite.

VP HR, Property and Casualty Insurance Company

Scanning for Flaws, Scoring for Security

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? Fair or not, a number of nascent efforts are using just such an approach to derive security scores for companies and entire industries. What’s remarkable is how many organizations don’t make an effort to view their public online assets as the rest of the world sees them — until it’s too late.

read more

Patch Tuesday, December 2018 Edition

Adobe and Microsoft each released updates today to tackle critical security weaknesses in their software. Microsoft’s December patch batch is relatively light, addressing more than three dozen vulnerabilities in Windows and related applications. Adobe has issued security fixes for its Acrobat and PDF Reader products, and has a patch for yet another zero-day flaw in Flash Player that is already being exploited in the wild.

read more

How Internet Savvy are Your Leaders?

Back in April 2015, I tweeted about receiving a letter via snail mail suggesting the search engine rankings for a domain registered in my name would suffer if I didn’t pay a bill for some kind of dubious-looking service I’d never heard of. But it wasn’t until the past week that it become clear how many organizations — including towns, cities and political campaigns — actually have fallen for this brazen scam.

read more

Bomb Threat Hoaxer, DDos Boss Gets 3 Years

The alleged ringleader of a gang of cyber hooligans that made bomb threats against hundreds of schools and launched debilitating denial-of-service attacks against Web sites (including KrebsOnSecurity on multiple occasions) has been sentenced to three years in a U.K. prison, and faces the possibility of additional charges from U.S.-based law enforcement officials. 

read more

A Breach, or Just a Forced Password Reset?

Software giant Citrix Systems recently forced a password reset for many users of its Sharefile content collaboration service, warning it would be doing this on a regular basis in response to password-guessing attacks that target people who re-use passwords across multiple Web sites. Many Sharefile users interpreted this as a breach at Citrix and/or Sharefile, but the company maintains that’s not the case. Here’s a closer look at what happened, and some ideas about how to avoid a repeat of this scenario going forward.

read more

What the Marriott Breach Says About Security

We don’t yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised.

read more

Half of all Phishing Sites Now Have the Padlock

Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “https://”.

read more