Cyber Security

Security convergence is the consolidation of traditionally disparate risk management spheres of influence, Physical Security, Information Security and Compliance into a unified view of risk. Find Out More.

Compliance

We maintain extensive partnerships with regional accounting and audit firms. Find Out More.

NESP_Color

New England Safety Partners helps small and medium sized business with comprehensive Risk Management services in cyber securityphysical security and compliance management.

Please contact us for details. 

****

Proud Sponsor of the Boston Chapter of InfraGard

ig_logo

NESP consultants had a very thorough understanding of the PCI-DSS requirement. (The word ‘encyclopedic’ comes to mind.) This was very helpful in areas where the written standard leaves room for interpretation. In those situations, they helped us to assess our risk and to develop practical solutions.

They brought strong operating systems and networking expertise. They quickly earned the respect of, and collaborated effectively with, our technical staff. Consistently their recommendations were technically sound.

Information Security Staff Member, Large University

Working with technology and people can be messy and a sometimes befuddling proposition. NESP exercised effective people skills in balance with deep understanding of project technical issues to yield positive results for ITG.

CEO, Interactice Tactical Group

NESP was a strong business partner on information security issues particularly as they related to our employees, data security, data access and data controls. They were instrumental in putting a robust information security program in place for the organization, and for educating senior management on the criticality of security awareness. They demonstrated strong technical expertise, but also had the ability to align with business demands/appetite.

VP HR, Property and Casualty Insurance Company

San Diego Sues Experian Over ID Theft Service

The City of San Diego, Calif. is suing big three consumer credit bureau Experian, alleging that a data breach first reported by KrebsOnSecurity in 2013 affected more than a quarter-million people in San Diego but that Experian never alerted affected consumers as required under California law.

The lawsuit, filed by San Diego city attorney Mara Elliott, concerns a data breach at an Experian subsidiary that lasted for nine months ending in 2013. As first reported here in October 2013, a Vietnamese man named Hieu Minh Ngo ran an identity theft service online and gained access to sensitive consumer data held by Experian’s subsidiary by posing as a licensed private investigator.

read more

Survey: Americans Spent $1.4B on Credit Freeze Fees in Wake of Equifax Breach

Almost 20 percent of Americans froze their credit file with one or more of the big three credit bureaus in the wake of last year’s data breach at Equifax, costing consumers an estimated $1.4 billion, according to a new study. The findings come as lawmakers in Congress are debating legislation that would make credit freezes free in every state.

The figures, commissioned by small business loan provider Fundera and conducted by Wakefield Research, surveyed some 1,000 adults in the U.S. Respondents were asked to self-report how much they spent on the freezes; 32 percent said the freezes cost them $10 or less, but 38 percent said the total cost was $30 or more. The average cost to consumers who froze their credit after the Equifax breach was $23.

A credit freeze blocks potential creditors from being able to view or “pull” your credit file, making it far more difficult for identity thieves to apply for new lines of credit in your name.

read more

Your Hump Day Reading List for March 21, 2018

Another hump day, and another great collection of articles to improve your safety and self-sufficiency!
 
How’s your food storage?
Having a stash of food to see you through an emergency has long been recommended (even FEMA and the American Red Cross say you should have food stored). Six months of food is a good goal, and a year’s worth is even better, but many people don’t go about building their food stock the right way. Stored food shouldn’t …

The post Your Hump Day Reading List for March 21, 2018 appeared first on www.GrantCunningham.com.

read more

15-Year-old Finds Flaw in Ledger Crypto Wallet

A 15-year-old security researcher has discovered a serious flaw in cryptocurrency hardware wallets made by Ledger, a French company whose popular products are designed to physically safeguard public and private keys used to receive or spend the user’s cryptocurrencies.

Hardware wallets like those sold by Ledger are designed to protect the user’s private keys from malicious software that might try to harvest those credentials from the user’s computer.  The devices enable transactions via a connection to a USB port on the user’s computer, but they don’t reveal the private key to the PC.

Yet Saleem Rashid, a 15-year-old security researcher from the United Kingdom, discovered a way to acquire the private keys from the Ledger devices. Rashid’s method requires an attacker to have physical access to the device, and normally such attacks would fall under the #1 rule of security — namely, if an attacker has physical access to your device it is not your device anymore.

read more

Once you’re in contact, the defensive problem changes

Last week I talked about the mistaken notion of seeing self defense and personal safety as a battle to be won, because such a mindset can lead to bad decisions. Today let’s look at a related topic: your view of the place for your concealed carry gun might be affected by some mistaken training notions.
Shortly after I wrote last week’s article someone sent me a link to a 10-minute promotional video for a training company. In it, the …

The post Once you’re in contact, the defensive problem changes appeared first on www.GrantCunningham.com.

read more

Adrian Lamo, ‘Homeless Hacker’ Who Turned in Chelsea Manning, Dead at 37

Adrian Lamo, the hacker probably best known for breaking into The New York Times’s network and for reporting Chelsea Manning’s theft of classified documents to the FBI, was found dead in a Kansas apartment on Wednesday. Lamo was widely reviled and criticized for turning in Manning, but that chapter of his life eclipsed the profile of a complex individual who taught me quite a bit about security over the years.

Adrian Lamo, in 2006. Source: Wikipedia.
I first met Lamo in 2001 when I was a correspondent for Newsbytes.com, a now-defunct tech publication that was owned by The Washington Post at the time. A mutual friend introduced us over AOL Instant Messenger, explaining that Lamo had worked out a simple method allowing him to waltz into the networks of some of the world’s largest media companies using nothing more than a Web browser.

read more

Who Is Afraid of More Spams and Scams?

Security researchers who rely on data included in Web site domain name records to combat spammers and scammers will likely lose access to that information for at least six months starting at the end of May 2018, under a new proposal that seeks to bring the system in line with new European privacy laws. The result, some experts warn, will likely mean more spams and scams landing in your inbox.

read more

Your Hump Day Reading List for March 14, 2018

It’s almost the Ides Of March, but I’m not going to stab you in the back — instead, my new camel caravan has brought information to keep you from being stabbed by the sharp knives of misfortune of all kinds!
 
Have you given this any thought?
Preparedness is more than just guns; I advocate an approach that recognizes the wide range of hazards you face, and making plans to mitigate them. One hazard all of us share is …

The post Your Hump Day Reading List for March 14, 2018 appeared first on www.GrantCunningham.com.

read more

Your Hump Day Reading List for March 14, 2018

It’s almost the Ides Of March, but I’m not going to stab you in the back — instead, my new camel caravan has brought information to keep you from being stabbed by the sharp knives of misfortune of all kinds!
 
Have you given this any thought?
Preparedness is more than just guns; I advocate an approach that recognizes the wide range of hazards you face, and making plans to mitigate them. One hazard all of us share is …

The post Your Hump Day Reading List for March 14, 2018 appeared first on www.GrantCunningham.com.

read more

Flash, Windows Users: It’s Time to Patch

Adobe and Microsoft each pushed critical security updates to their products today. Adobe’s got a new version of Flash Player available, and Microsoft released 14 updates covering more than 75 vulnerabilities, two of which were publicly disclosed prior to today’s patch release.

The Microsoft updates affect all supported Windows operating systems, as well as all supported versions of Internet Explorer/Edge, Office, Sharepoint and Exchange Server.

All of the critical vulnerabilities from Microsoft are in browsers and browser-related technologies, according to a post from security firm Qualys.

read more