Implementation Posts

Cyber SecurityImplementationInfosec Policies

The Wasteful Pursuit of Security Theater

Anytime you see security policies or practices implemented in a way that seems to be more for appearances than for genuine security protection, beware that you may be witnessing Security Theater.  Be skeptical if and when you see it.

At Havoc Shield we have no interest at all in helping companies go through the motions: we're interested in helping companies improve their security posture every week, every month, every year, reducing the chance that they fall victim to cyberattacks.  In this article, we'll share some of the key indicators of Security Theater -- each of which are practices that we strongly dislike.

The Wasteful Pursuit of Security Theater
Cyber SecurityImplementation

How a GDPR Data Protection Officer Boosts Cybersecurity

If you are in an organization that has any clients, partners, or employees in Europe, you've almost certainly heard of GDPR -- but how familiar are you with the Data Protection Officer role?

When we think about the cybersecurity changes that organizations make as part of their GDPR efforts, we often think of the Data Protection Officer as being the driving force.  Under GDPR, the Data Protection Officer has very specific obligations that have much to do with cybersecurity.  The problem?  GDPR specifies the responsibilities in a manner that is very formal and unapproachable.  In this post, we'll turn the complex language of Article 39 of GDPR into plain language discussion of some of the factors that you should consider.

How a GDPR Data Protection Officer boosts cybersecurity
Cyber SecurityImplementation

InfoSec Policies & The Feeling of Uncertainty

Part of our normal new-client onboarding conversation includes the prompt "tell me about your infosec policies" -- which is usually followed by either a long pause or a sigh.  Why? Clients joining the Havoc Shield family are often ones that have experienced recent growth causing them to have the realization that they can no longer "get away with" do-it-yourself cybersecurity.  Some have drafted rudimentary infosec policies on their own in their do-it-yourself era, some haven't, but almost none of them are confident that they've got the right infosec policies in place.  And that's a source of anxiety (one that we can help with).

InfoSec Policies and The Feeling of Uncertainty
Cyber SecurityEnterprise Security QuestionnairesImplementationVendor Onboarding

Risk Grading for Enterprise Compliance Directors

This blog is usually written with the small business audience in mind.  We usually post about cybersecurity topics that we believe will be useful to small business owners, small business CTOs, small business IT directors, etc.  Today is different.  Today, we'd like to speak to the Enterprise Compliance Director audience -- about their relationship with small businesses.

Enterprise Compliance Risk Grading
Cyber SecurityImplementation

7 Crucial Questions to Ask When Choosing an MSP

Many Havoc Shield clients work with a Managed Service Provider (MSP) for their broader IT needs -- things like provisioning laptops, configuring telecom closet equipment, setting up VoIP phones, helping employees set up their bluetooth headset, etc.  We love it when a client works with an MSP for those types of needs -- it accelerates our ability to help on the cybersecurity front, with penetration tests, security awareness training, endpoint security, dark web scans, etc.  The collaboration between Havoc Shield and MSPs has been great, enabling each of us to focus on what we do best.

7 Crucial Questions for MSPs
Cyber SecurityImplementation

Look for this, in your Acceptable Use Policy Template

Most companies craft their Acceptable Use Policy from a starting point of an Acceptable Use Policy Template. That’s wise: there is no reason to reinvent the wheel when creating a new policy, especially when it comes to structure, formatting, and the basic policy elements that are relevant to almost every company. At Havoc Shield we have a Policy Manager section in our platform to help companies get exactly that type of jumpstart: a solid, battle-tested policy baseline that lets organizations go from “no policy” to “defensible policy” in no time at all.

Acceptable Use Policy Templates - What to Look For
Cyber SecurityImplementation

Infosec Dashboard Trends – Best Practices

At Havoc Shield, infosec dashboard best practices come up early and often in our conversations with technology leaders.  Often it's a lack of robust infosec dashboards that is the wake-up call that leads a CIO, CTO, or CISO to engage our team to get to a better place.  Here are our most strongly-held views about what works best in an infosec dashboard in 2020.

Infosec Dashboard Trends - Blog Post
Cyber SecurityImplementationPhishing

What is DNS Filtering, and why do you need it?

DNS Filtering has been a protective technique known to the infosec community since 1997. Many IT professionals would argue that it should go hand-in-hand with antivirus, password keepers, and cybersecurity training as part of any entry-level cybersecurity implementation. So why is it that DNS Filtering remains a lesser-known term, with few non-professionals being aware of its protective benefits? Let's dig deeper.

DNS Filtering