Part 2- Top 5 Things to Keep in Mind as You Implement Remote Work Policies  
​
It’s likely that by now you’ve either heard of or have been personally impacted by recent cancellations of major industry conferences, closed campuses, travel limitations, or remote work mandates as a result of the continued spread of the novel Coronavirus (COVID-19). All of these actions are a reflection of the Center for Disease Control’s recommendations and proactive efforts focused on lessening the spread and impact of this virus.  

Part 1- The Coronavirus Isn’t Just Taking a Toll on Healthcare Patients 
Preying on fearful, distracted and overworked individuals during times of global concern is a tried-and-true tactic for cyber criminals. And as news around the spread of the Coronavirus (COVID-19) continues to dominate headlines, malicious actors across the world are licking their chops at the opportunities this pandemic presents for planning and launching targeted and timely cyber-attacks.  

Cyberattacks on businesses do more than violate laws and regulations. Insufficient investment into cybersecurity best practices can lead to devastating consequences to the victim company’s reputation, business continuity, and growth opportunities. One of the most vulnerable windows during which malicious actors target enterprise networks is during a merger and acquisition (M&A) process. In these cases, a successful compromise can hamper or even kill these efforts by reducing the value of the target’s assets, tarnishing its brand and ultimately derailing the acquisition as a result.
​

We recently explored the growing data storage options for organizations in the healthcare industry, such as cloud migration or a hybrid of cloud and on-premises. Regardless of which option an organization chooses, there are many factors to consider when moving data to the cloud to ensure the entity is HIPAA compliant and HITRUST certified.
 
Understanding the compliance-related pros and cons of both cloud and on-premises storage will help healthcare organizations create the infrastructure that fits their particular needs, addresses compliance and certification, and reduces the risk of a breach that can be costly from a financial and reputation standpoint.
 ​

​Introduction
Microsoft Teams Rooms (MTR), formerly known as Skype Room System and Lync Room Systems, is the latest and greatest solution from Microsoft for managing online collaborative meetings. In many businesses across the globe, a Teams Rooms console (“Teams console”) is the lifeblood of the conference room. The console typically consists of a supported computer system, management dock, camera, and output device(s). The Teams Room application suite runs on Windows 10 Enterprise or Windows 10 Enterprise IoT. 
For offensive security testers, this post will cover a simple case where attacking Teams gear may be beneficial when conducting a physical or internal penetration test.  For defenders and system administrators, this post will highlight opportunities to reduce the attack surface of your expensive, often forgotten conferencing equipment.  Let’s get started…

EmberSec is headed to HIMSS! And while the conference is a phenomenal opportunity to network with colleagues and pick up the latest in marketing swag, there is much to be learned from the various speaker sessions, workshops, forums, and seminars. Here are a few we’ve bookmarked as can’t miss from the HIMSS 2020 agenda, including one of our very own.   ​

For the majority of organizations, regardless of size, any mention of the word ‘cybersecurity’ can lead to some serious anxiety. Whether that anxiety is the result of a lack of general awareness, limited internal expertise, absence of a response plan, restricted budgets, or a myriad of other triggers, there is no doubt that the complex web of cyber best practices can be daunting.
 
To help calm this overwhelming reality, many business leaders will turn to one of several existing cybersecurity frameworks as a starting place. These frameworks provide guidance around managing risk, foster improved communications, allow for scalability in application, and can support recruitment and hiring of cyber talent. For this blog post the EmberSec team digs in on the NIST Cybersecurity Framework to share how it can be leveraged to improve your overall cybersecurity strategy. We chose to focus this blog specifically on the NIST Framework due to our D.o.D. and government heritage, rich experience working with it, and due cause how it takes a threat-based approach to cybersecurity.