Blog

In our recent blog post, we covered our partner, Cohesity’s immutable and AirGap Backup solutions. Before that, we dove into immutable backups and why you need them for your disaster recovery strategies. Now, we need to address one of the biggest players in the disaster recovery game, Veeam. Veeam offers data backup, disaster recovery, and modern data protection software for your on-prem, virtual, or multi-cloud infrastructure. 

In our recent blog, Immutable Backups and 5 reasons why you need them for your disaster recovery plan, we introduced immutable backups. Now it’s time to dive into the different solutions that are out there, to help you decide which one is the best approach for your environment. 

While there is no precise ‘how to’ guide on how to lower your cybersecurity insurance policy premiums because every single business is different, you can hedge the bets in your own favor.     We’ve put together 4 tried and true best practices to help you up your chances of getting a more manageable cybersecurity insurance premium. Let’s review.  

Most organizations are bewildered at the mention of this latest cybersecurity requirement. When the term immutable backup comes up, we often hear, “’What is it,’ ‘Why would I need it?’, and ‘How can it help me?’”  

A zero-day critical security vulnerability affecting the Java logging library Apache Log4j service was first discovered on December 9th. This vulnerability can allow remote attackers to perform unauthenticated remote code execution and access to Apache web server, which are widely deployed and used in many products. Security researchers have observed hundreds of thousands of attempts to exploit this vulnerability since it was discovered. As such, organizations should take all measures necessary to mitigate this threat. 

Disclaimer: To protect the privacy of a former client, I have changed key details of this story, however the main sentiment and methods remain the same.    A few years ago, I orchestrated a jewel heist.   Yes, you read that correctly. While claiming a mysterious former life of crime is always intriguing, the truth is it was all in the name of compliance and I had explicit (albeit less interesting) permission from the jeweler's CEO. Don’t get me wrong, I was no Box Man in this scenario. I didn’t need to be, especially since I’d been privy to the common security inconsistencies of the jeweler in question.  My job was to create, deploy, and enforce security procedures. When I’d noticed that the employees had not been following these procedures as strictly as I’d recommended...I had to try a different tactic.  I made my point the day I smuggled $20,000 in inventory from the main vault. The loss was enough to constitute a termination, and somehow this made them keener to heed my security warnings. They’d made a major procedural mistake by leaving the keys and safe combo in the same location. They’d served me the keys to the kingdom on a silver platter.   It was the easiest $20,000 I’d ever made and my oh my did they learn their lesson!  For the record, I returned the assets, but taking them had been too easy and it troubled me.   In my experience as a compliance expert, I’ve seen lax attitudes and confusion surrounding information security programs. More specifically: the policies, standards, procedures, and guidelines that make up the program. While these components are often (wrongly) used interchangeably, there are very distinct differences between them, and each one should be taken seriously to maintain security protocols and protect your organization. Clearly defining the roles of each of these components and enforcing them within your workplace are essential for upholding a strong security posture.  Before we dive into differentiating these four components, we need to first understand what an information security program is and why it is critical for your overall business operations.