CISA in their January and August 2023 Bulletins again called out some of the most important ways that schools can protect themselves from cyber attacks. In both reports, CISA suggested that schools start their Cybersecurity journey by implementing six of the Highest-priority security measures.
Priority 1 – Deploy Multi-factor Authentication (MFA)
Tech Tidbit – You need to implement this free, simple local account lock out policy ASAP
As we attempt to harden our networks and strengthen our passwords, I wanted to bring up something again I have talked about in various settings. Password lock-out policies. Since the beginning of time, we have had a basic password lock-out policy.
Tech Tidbit – Thoughts About Passwords
Recently it was worldwide “change your password” day! I have a few thoughts. If you attended the CSI CyberSecurity event in December, you heard the NYS SED CISO get caught up in the incongruent password guidance between NYS and NIST CSF. Unfortunately, there was no breakthrough in this discussion, but NYS SED heard you that […]
Using CPGs in Real Life – Minimize Exposures to Common Attacks
Would you be comfortable giving your plumber the key to your house so he/she can come in at any time to fix anything they might feel is amiss? The answer is probably no. Did you know that when you give a vendor unfettered access to your network you are essentially doing the same thing? Similarly, […]
Tech Tidbit – Be Sure To Check That Your Door’s Are Locked Before You Leave For Spring Break
Happy Spring! As Spring break looms for most of you, I once again need to be a killjoy and remind you of a stark reality. Whenever you and your team are enjoying some downtime and have more limited staffing, the bad guys are working extra shifts trying to break into your and your peer’s networks.
The Essential Triad of Information Security: Confidentiality, Integrity, and Availability
I know of three CIAs: The Central Intelligence Agency (CIA) The Hudson Valley’s Culinary Institute of America (CIA) The Triad of Information Security – Confidentiality, Integrity, and Availability (CIA) The first chapter of every Certified Information Systems Security Professional (CISSP) training is always about this Triad of Information Security.
CSI’s Special Update…Current K-12 Cybersecurity Challenges – Recording Available
Please join us on Wednesday, March 8th, as Scott Quimby delivers a special update addressing the current K-12 cybersecurity challenges, NIST Cybersecurity Framework (CSF) alignment as it relates to Ed Law 2-d, and NEW actions to improve your district’s security posture, help you with documentation, and measure your technology teams productivity.
Introducing CSI’s CyberCNS Vulnerability Advisory Service – Recording Available
It seems like Cyber Attacks are happening everywhere these days. Whether it’s a national news report of an attack against a company that has your credit card information or local news reporting a school district like yours that’s been hit with a ransomware/data breach, these stories are plentiful.
Using CPGs in Real Life – Patching
Everyone knows the adage “No one is perfect”. Unfortunately for anyone with a computer network, the bad actors who want to infiltrate your system are ready to take full advantage of any mistake they can find. The Cybersecurity and Infrastructure Security Agency (CISA) knows this, as they called out CPG 1.E (Mitigate Known Exploited Vulnerabilities) in […]
Cisco K-12 Cybersecurity Updates and Funding Ideas for Solutions – Recording Available
Join Cisco and CSI for a very special upcoming webinar. We will be joined by several specialists from Cisco (including Cisco Talos) who will discuss the dangers of spyware, deep links, content manipulation, malware, and keyloggers, and how to protect your school district from these threats.
CSI Tech Talk Part III – Recording Available January 31st, 2023
Scott Quimby discusses the following: Reading DMARC reports – In preparation for achieving DMARC Quarantine status, Scott will walk you through reading DMARC reports and look at what they mean and what actions are required based on the data.
Tech Tidbit – No One Is Exempt From Security
My wife works for a multi-billion dollar hospital network you all will know. Every time she signs into their mandated VPN and MFA solution she curses out, “How annoying it is to have to do this each time to do anything!” I was the only “IT guy” in earshot to hear her frustration.
CSI Webinar – Come learn how to provide world-class protection for your district against cyberattacks in a sane, manageable way.
New York State K-12 school districts must follow EdLaw 2-d. We all know that is easier said than done. It is hard work with limited staff and limited resources to properly protect student and staff personally identifiable data while protecting the integrity of the district’s network and making sure there are proper controls to protect […]
Tech Tidbit – Managing and Protecting Local Administrator Accounts
Microsoft has tried hard to increase awareness of “pass the hash” attacks. They have been patching, but the threats keep coming. Back in April Microsoft released something quite awesome – their next-generation Local Administrator Password Solution (LAPS). Quite simply LAPS allows you to automatically rotate the password for a designated “local administrator” account on endpoints.
CSI Tech Talk Part II – Recording Available January 24, 2024
Join us, as Jeff Pigula, CSI Senior Network Engineer (Cisco CCNA and CC-NSF) will be discussing the changing world of PoE power management – what you need to know to keep from being driven crazy with the proliferation of new PoE devices being added to your network.
Tech Tidbit – 46-years helping you with your technology needs
March marks the month that I have been working with technology professionally for 46 years! It seems like yesterday that as a 16-year-old high school student I got my first part-time job (Thursday evenings and Saturday mornings) talking to people about technology.
Weekly Tech Tidbit – Malware Defenses
This week, I would like to talk to you about Malware Defenses. This topic is in the NIST Detect and Protect categories. Antivirus has been around for what seems like forever. However, as long as antivirus has existed, we have had the problem with getting it on “all” servers and “all” endpoints.
CSI’s Tech Talk-Wednesday, April 17th [IN PERSON] Save your seat today!
We are pleased to announce our upcoming Tech Talk/SYSOP will be IN PERSON on Wednesday, April 17th! This is the first in-person Tech Talk since the pandemic and we are looking forward to seeing you all there! We encourage you to join Bob Knapp, Scott Quimby, and members of the CSI engineering team in person as they […]
Tech Tidbit – Are You Caught in Groundhog’s Day?
‘Those who cannot remember the past are condemned to repeat it’ -George Santayana From his work; Life of Reason, Reason in Common Sense 1905 You have so many tasks you “must do” to keep your district safe.
Using CPGs in Real Life – Perform and Test Backups
What would you do if you came into school tomorrow and were told that all your District’s data had been corrupted? Your next step would be to check in with your IT staff to see if they were clearing your system and restoring your data with a backup.
Your Weekly Tech Tidbit – Your techs can’t be local admins anymore
Now that I work in a hybrid mode, it is always so annoying when I go to the office and forget my office keys. I have to ask someone to let me into my own office. The same is true for all of us techs with admin credentials. We are the ones building, rebuilding, installing, […]
CSI Tech Talk I October 2023 – Recording Available
We live in interesting times and continue to face some very unique challenges to keep your school district safe and stable so teachers can teach, students can learn, and the staff behind the scenes can do all the important tasks that make the district function well.
CSI’s Tech Talk II October 2023 – Recording Available
We live in interesting times and continue to face some very unique challenges to keep your school district safe and stable so teachers can teach, students can learn, and the staff behind the scenes can do all the important tasks that make the district function well.
CSI Tech Talk II May 2023 – Recording Available
Join us, as Scott discusses his latest “Tech Tidbits” including updates on security and industry news since we last got together. Watch it here × Please fill the form below
CSI Tech Talk I April 2023 – Recording Available
Join us, as Scott discusses his latest “Tech Tidbits” including updates on security and industry news since we last got together. Watch it here × Please fill the form below
CSI Tech Talk I January 2023 – Recording Available
Tech Tidbits – Scott’s updates on security, updates, and industry news since we last got together. Harden your endpoints as part of your overall security plan – We talk about patching constantly. However, recent ransomware attack post-mortem analysis has shown that there are a number of free, and mostly easy endpoint configuration changes you can quickly make to […]
Tech Talk II January 2023 – Recording Available
Tech Talk Part II will be a special session on email. We will talk about the following: Reading email headers. Every time something bad comes into the district, there is invariably a question about where it came from and why it got in.