Steven Vigeant

Recent Posts

Going Public? What SOX Compliance Means for IT

Posted by Steven Vigeant on 10/18/17 8:30 AM

Created in the wake of the financial scandals of the early 2000s, the Sarbanes-Oxley Act of 2002 (SOX) was the federal government’s attempt to keep public companies honest about their financial status — to investors, employees, and the public. But while Enron and Tyco grabbed the headlines, mega-corporations aren’t the only companies that must comply with SOX.

Any public company — or, crucially — any company intending to go public, must comply.

In the race to generate value, many startups set their sights on an initial public offering (IPO). Others hope to be acquired by a larger company. In the first case, SOX compliance will be mandatory. In the second, it can increase your company’s value in the eyes of potential buyers.

Read More

Topics: IT Outsourcing, SOX Compliance

3 New Password Best Practices to Protect Your Company in 2017

Posted by Steven Vigeant on 8/17/17 8:00 AM

With the recent news that Bill Burr, who originally wrote the guidelines for government employees password polices that influenced the business world too, now regrets those complexity standards he developed businesses are now left to decide how they should handle these new standards.

NIST released a draft of its guidelines for review last year, and this summer, released the final version. It’s a four-volume document, written, as Fortune describes, “in turgid bureaucrat-speak.” We’ll save you the trouble of wading through it and highlight some of the biggest changes from the password best practices of the past.

Read More

Topics: IT Security

Can Your Mac Get a Virus? 4 Myths About Data Security on MacOS

Posted by Steven Vigeant on 7/25/17 8:36 AM

Apple likes to cultivate a pristine image: hardware, software, and user experiences blending seamlessly together. And for the most part, image and reality are the same.

Apple products command a premium because they “just work.” Businesses owners will tell you they choose Macs — despite their higher price tags — because they’re powerful with less hassle. And the perception is that they’re more secure.

In fact, since Apple debuted Mac OS X (10.0) in 2001, the conventional wisdom has been that the operating system is nearly impenetrable to viruses and other malware due to it being built on Unix.

Read More

Topics: IT Security

The 4 Worst Email Scams of 2017; Are You Next?

Posted by Steven Vigeant on 7/11/17 8:00 AM

2017 hasn’t even reached its halfway point and already it’s been a banner year for email scammers. The hackers may be rejoicing, but if you or your company has been on the receiving end of an email-based cyberattack, it’s hardly something to celebrate.

According to the FBI, email scams have been hitting American businesses hard, to the tune of a half a billion dollars per year. And the pace doesn’t seem to be slowing for 2017.

If your company hasn’t fallen victim to an email scam this year, count yourself lucky. Up to 85 percent of organizations have suffered phishing attacks, according to one report. (Phishing is the blanket name for the most common form of email scam.)

Read More

Topics: IT Security, Email

5 Tips for Teaching Your Employees What Not to Click

Posted by Steven Vigeant on 6/20/17 8:30 AM

When you’re responsible for the security of your company’s network — and all the sensitive data contained in it — sometimes you can’t help but dream of a world without users.

When you set up a hardware or software security control — provided you configured it correctly and it’s up to date — you know it will do what it’s supposed to do without fail, never taking a shortcut, experiencing a “brain fart,” or suffering from sheer ignorance.

Employees, on the other hand, need to be constantly reminded to take data security seriously.

Read More

Topics: Email

Does Social Engineering Threaten Your Company’s Data?

Posted by Steven Vigeant on 6/6/17 8:30 AM

What came to mind? If your mental image of a hacker is informed by Hollywood stereotypes and stock imagery, you thought of a shadowy figure, bathed in the green glow of multiple screens, furiously pounding out complex algorithms and arcane programming.

If only that were accurate. The truth is, the perpetrators of some of the most devastating cyber attacks of recent years relied more on charm and quick thinking than on technical wizardry.

Hackers succeed by exploiting weaknesses. And long ago, they discovered that the weakest element of most systems is the human element.

It’s easier to talk someone into giving up their password then it is to crack it through sheer computing power. And hackers are all about what’s easier.

Read More

Topics: IT Security, Email

Slack vs. Microsoft Teams: Which Is Right for Your Office?

Posted by Steven Vigeant on 2/14/17 8:43 AM

It seems like eons have passed since email promised to make office communication easier, more pleasant, and more fun. Remember the feeling? No more navigating awkward voicemail menus, missing connections, or squinting at smudged faxes.

But now, as we confront our overflowing inboxes with dread every morning, many of us long to go back to the days when the desk phone was more than an inert prop and critical information was shared — shockingly — face to face.

Read More

Topics: IT Support

4 Expert Tips for Creating an Enforceable IT Security Policy 

Posted by Steven Vigeant on 1/26/17 8:00 AM

As we wrote in our last post, an enforceable IT security policy  is an important part of your organization’s security strategy. Unfortunately, many companies don’t have this policy. As many as one in three companies lacks an information security policy.

It’s not enough to develop this and then put it away. Depending on the size and type of your business this should be visited at least annually with the stakeholders in the systems and processes that are part of the security policy. If this is not done it is difficult to enforce and be sure it meets the needs of the business over time.

Read More

Topics: IT Security Policy

Draft an IT Security Policy in 2017

Posted by Steven Vigeant on 12/27/16 8:14 AM

Nobody enjoys creating policy. It’s complicated, detail-oriented work and just asking for endless debates over minutiae. And the results of the arduous policy-making process are often overlooked or outright ignored. Sometimes it feels like people are going to do whatever they want to do, regardless of your well-crafted, comprehensive policy.

So why bother going to the effort of writing an IT security policy for your business? Surely, there are better ways to spend your time.

Read More

Topics: IT Security

Why Laptop Encryption is a Must for All Businesses (Not Just Big Ones)

Posted by Steven Vigeant on 10/25/16 8:30 AM

You’re on your way home from work, your trusty laptop on the passenger seat beside you so you can pick up where you left off at home. You stop in at a coffee shop to refuel for the evening, and when you get back to the car — your laptop’s gone. Someone broke in and made off with it.

Losing a laptop is never fun. At minimum, you or your company will have to pay to replace it. But your laptop login is password protected. So at least your valuable company data is safe.


Not exactly. It doesn’t take much for a hacker to crack a password-protected laptop. He could use a USB stick to boot up a new operating system, for example, and see all the files on your hard drive. Or he could simply unscrew the hard drive and place it in a different computer.

Read More

Topics: IT Security