From time to time, when we see a particular vulnerability that keeps showing up over and over again during penetration testing engagements, we like to write about it and help spread awareness. This can help explain the issue, the subsequent risk it presents to your organization, and how to successfully remediate the issue or at […]
What is “phishing”? How can we protect our firm from phishing attacks? How can we train our employees to spot a phishing attempt? These are all valid questions and today we will explore the ins and outs of how to recognize phishing and how to protect your firm from it. As we have discussed before, […]
In our last blog on tackling the broad topic of how do I protect my company’s sensitive information, we reviewed several ways to get started with this process. Before you can protect your sensitive data or “crown jewels”, you’ve got to know what you have and where it lives. We covered creating an asset inventory […]
Today, we’re going to try and tackle the million dollar question of how to protect your organization’s sensitive data. Keep in mind, this isn’t going to be a single, magical answer. There is no silver bullet when it comes to security, but when it comes to tackling a broad topic like this, we’ll try and […]
We often get asked whether it is a good idea to change penetration testing companies each year. Obviously we don’t want our clients to leave us and we pride ourselves on building a long term relationship with them, but we will always offer advice that is in line with their best interests. As with anything, […]
The question of “do startups need a penetration test” comes up quite often when speaking with entrepreneurs and folks in the startup scene. Unfortunately, startups can be a natural target for would-be hackers as they know that the security posture of startups can often be immature or non-existent. Sometimes the pressure to build and get […]
Today we’re going to talk about a question that seems to be coming up more and more in the security and penetration testing world, even though it’s been around in the technology and software development world for quite some time. Does it matter if I use an offshore penetration testing company? It doesn’t matter who […]
In this blog, we will discuss some ways your organization can improve its wireless security. To do this, we will take a look at our 3 of the top findings we see during wireless penetration tests and discuss how to mitigate the associated risks. We’ll look at rogue access points, the risks associated with pre-shared […]
As we have previously discussed, it is often times difficult to justify the budget and quantify the return on investment for a penetration test. While we always recommend ensuring your firm is conducting a reasonable amount of testing with a sufficient scope to maintain a stable security posture, we recognize that sometimes the budget and […]
One of the things you’ll hear us say a lot is that we try to ensure all of our tests are as holistic as possible, to help you truly understand the cyber risk to your organization. But what does that really mean? Are our penetration testers using herbs and essential oils rather than our standard […]
