Cyber Security

Security convergence is the consolidation of traditionally disparate risk management spheres of influence, Physical Security, Information Security and Compliance into a unified view of risk. Find Out More.

Cyber Security

Compliance

We maintain extensive partnerships with regional accounting and audit firms. Find Out More.

Compliance

NESP_Color

New England Safety Partners helps small and medium sized business with comprehensive Risk Management services in cyber securityphysical security and compliance management.

Please contact us for details.

New England Safety Partners  61 Chapel St  Newton, MA 02458 ph: (617)219-9760 fax:(617)663-6153

 

****

Proud Sponsor of the Boston Chapter of InfraGard

ig_logo

NESP consultants had a very thorough understanding of the PCI-DSS requirement. (The word ‘encyclopedic’ comes to mind.) This was very helpful in areas where the written standard leaves room for interpretation. In those situations, they helped us to assess our risk and to develop practical solutions.

They brought strong operating systems and networking expertise. They quickly earned the respect of, and collaborated effectively with, our technical staff. Consistently their recommendations were technically sound.

Information Security Staff Member, Large University

Working with technology and people can be messy and a sometimes befuddling proposition. NESP exercised effective people skills in balance with deep understanding of project technical issues to yield positive results for ITG.

CEO, Interactice Tactical Group

NESP was a strong business partner on information security issues particularly as they related to our employees, data security, data access and data controls. They were instrumental in putting a robust information security program in place for the organization, and for educating senior management on the criticality of security awareness. They demonstrated strong technical expertise, but also had the ability to align with business demands/appetite.

VP HR, Property and Casualty Insurance Company

What I carry: the Steyr S9-A1

The other day I shared this video on Facebook. The video is by a friend of mine, Richard Johnson, who runs a website called Guns, Holsters and Gear. He reviewed the Steyr S9-A1, which is my concealed carry semi-auto of choice.
In the Facebook comments, a fellow named Andy wanted to know about my gun. He asked if I’d ever blogged about my choice of the Steyr pistol; I checked my archives, and though I’ve mentioned it from time …

The post What I carry: the Steyr S9-A1 appeared first on www.GrantCunningham.com.

read more

Trump’s Dumps: ‘Making Dumps Great Again’

It’s not uncommon for crooks who peddle stolen credit cards to seize on iconic American figures of wealth and power in the digital advertisements for these shops that run continuously on various cybercrime forums. Exhibit A: McDumpals, a hugely popular carding site that borrows the Ronald McDonald character from McDonald’s and caters to bulk buyers. Exhibit B: Uncle Sam’s dumps shop, which wants YOU! to buy American. Today, we’ll look at an up and coming credit card shop called Trump’s-Dumps, which invokes 45’s likeness and promises to “make credit card fraud great again.”

read more

MolinaHealthcare.com Exposed Patient Records

Earlier this month, KrebsOnSecurity featured a story about a basic security flaw in the Web site of medical diagnostics firm True Health Group that let anyone who was logged in to the site view all other patient records. In that story I mentioned True Health was one of three major healthcare providers with similar website problems, and that the other two providers didn’t even require a login to view all patient records. Today we’ll examine such a flaw that was just fixed by Molina Healthcare, a Fortune 500 company that until recently was exposing countless patient medical claims to the entire Internet without requiring any authentication.

read more

Your Hump Day Reading List for May 24, 2017

Another week and more quality articles for you to peruse! In this edition: a defensive encounter where the good guy did a lot of bad things; how to make your training more realistic; smart TV warning; what apartment burglars do; testing you and your gear over a weekend; dealing with disruptive airline passengers; a Sikh yoga instructor uses a revolver and wins; and why we harp about safety in force-on-force training.
 
Not something to emulate
Lots of people …

The post Your Hump Day Reading List for May 24, 2017 appeared first on www.GrantCunningham.com.

read more

Should SaaS Companies Publish Customers Lists?

A few weeks back, HR and financial management firm Workday.com sent a security advisory to customers warning that crooks were sending targeted malware phishing attacks at customers. At the same time, Workday is publishing on its site a list of more than 800 companies that use its services, making it relatively simple for attackers to chose their […]

read more

Private Eye Allegedly Used Leaky Goverment Tool in Bid to Find Tax Data on Trump

In March 2017, KrebsOnSecurity warned that thieves who perpetrate tax refund fraud with the U.S. Internal Revenue Service were leveraging a widely-used online student loan tool to find critical data on consumers that allows them to claim huge refunds with the IRS in someone else’s name. This week, it emerged that a Louisiana-based private investigator is being charged with using the same online tool to glean tax data on then-presidential candidate Donald J. Trump.

A story today at Diverseeducation.com points to court filings in the U.S. District Court for the Middle District of Louisiana, in which local private eye Jordan Hamlett is accused by federal prosecutors of abusing an automated tool at the U.S. Department of Education website that is designed to make it easier for families to complete the Education Department’s Free Application for Federal Student Aid (FAFSA) — a lengthy form that serves as the starting point for students seeking federal financial assistance to pay for college or career school.

read more

Announcing Threat Centered Revolver in Phoenix!

Good news for revolver owners! I’ll be back in Phoenix, AZ this November 11th & 12th, teaching my Threat-Centered Revolver course!
In the last couple of years this has become my most popular course, and for good reason — very few people in the training world take the revolver seriously as a defensive tool. Many don’t understand them or, worse, don’t like them.
That’s certainly not me! Not only do I understand the revolver at a level most people …

The post Announcing Threat Centered Revolver in Phoenix! appeared first on www.GrantCunningham.com.

read more

On Training Talk: Competition vs Self Defense

If you didn’t see Training Talk last night, you missed a great show!
My special guest was Aaron Israel of Fundamental Defense, and we talked about something we both have some experience with: the similarities and differences in competition and defensive shooting. It was a wide-ranging discussion, and you might be surprised at some of the answers he gave!
Be sure to watch the replay.
– Grant
 
 

The post On Training Talk: Competition vs Self Defense appeared first on www.GrantCunningham.com.

read more

Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division

Identity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation’s largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering personal questions about those employees.

In a boilerplate text sent to several affected customers, Equifax said the unauthorized access to customers’ employee tax records happened between April 17, 2016 and March 29, 2017.

Beyond that, the extent of the fraud perpetrated with the help of hacked TALX accounts is unclear, and Equifax refused requests to say how many consumers or payroll service customers may have been impacted by the authentication weaknesses.

read more

PDN Training Talk is tonight!

Be sure to join me tonight at 6:pm PDT/9:pm EDT for PDN Training Talk, the live webcast about self defense: training, equipping, and preparing!
My special guest expert tonight is Aaron Israel, and we’ll be talking about competition vs. defensive training. As Aaron told me, expect some sacred cows to get barbecued!
Here’s the link to the show page, which goes LIVE this evening. I hope you can join me!  (If you can’t make the live show, you can always watch the replay …

The post PDN Training Talk is tonight! appeared first on www.GrantCunningham.com.

read more