Client Area

This section can be repurposed a number of ways.

mobile-logo

Security

Zero-Trust-Cybersecurity
05 Apr

The Case for Zero Trust Cybersecurity

by Mathew Mendel
in Articles, Operations, Security, Services
Comments

As the business community faces down cyber threats, one medical office is defending itself with a Zero Trust approach to cybersecurity

Physicians have always been at the front of the line when it came to technology integration. Among the first to realize the benefits wearing a pager, having a cell phone, using a tablet, and essentially digitizing their business, doctors and researchers are typical early adopters of mobile, Cloud and IOT systems. 

As attacks on the healthcare industry make weekly news, personal information (PII) floods the black market, and steep fines take their toll,doctors and practice administrators wonder what they can do differently. 

A holistic strategy, a Zero Trust approach to cybersecurity means that you:

     1) Verify Explicitly
     2) Use Least Privilege
     3) Assume Breach

Want to learn more? Complete the form and download the business case.

Zero Trust
30 Mar

You’re About to Get Hit. You Ready?

by Mathew Mendel
in Operations, Security, Services
Comments

As cyberattacks on midsize firms prove inevitable, are you ready to be hit?

A strong defensive posture minimizes exposure, limits collateral damage and protects client privacy. ‍

We’ve been providing IT consulting and technology services to the mid-size business community since 1999, and from basic firewalls to advanced breach detection systems we absolutely guarantee there’s no shortage of security products designed to protect the enterprise. 

 

But third party/supply chain attacks have changed this game. Drastically. And, from the most basic user training videos, to a 24×7 monitored security and information management (SEIM) system, there’s not one thing a business can do to protect data when its business management system, ERP or CRM is breached. Bottom line – every business on the planet relies on third-party software and there’s simply no safe place to hide. Boo!

Since shutting down shop isn’t an option, we must, as always, take up this threat and face it head on!

 

As we wrote in an post about Zero Trust Cybersecurity, you can only worry about what’s within your control. Since fully defending against this attack isn’t possible, we can only protect our organizations and prepare to be attacked.

1. Deploy a multi-layered detection and response approach. Multisyllable marketing jargon aside – as quickly as possible, you need to know you’ve been breached, and you need a post-attack response plan (or plans). “Honeytokens” or virtual trip wires setup to alert organizations of suspicious activity in their network are a great tool. If a being breached is bad, not learning about it till days or weeks after it happens is worse and not knowing what to do next can be catastrophic. www.upguard.com/blog/how-to-prevent-supply-chain-attacks

2. Include threat hunting as regularly scheduled IT maintenance. As described by our partners at SentinolneOne, threat hunting is quite a different activity from incident response (IR). While IR methodologies aim to determine what happened after a data breach, a threat hunting team searches for attacks that have slipped through your defensive layers to help you find adversaries hiding in your network before they can execute an attack or fulfill their goals.

 

3. Work with a SIEM solution that offers automated remediation actions. A security information and event management (or SIEM) is a cybersecurity solution that collects and converges data from different parts of your IT environment with the intent of monitoring your firm’s security levels. Providing advanced visibility and insight into your users, endpoints, traffic, activity, and more, a SIEM enables you to maintain oversight into your network and beyond the perimeter as your company scales.

4. Log capture and file retention for critical infrastructure. As detailed in this whitepaper from the National Institute for Standards & Technology (NIST) nvlpubs.nist, log management is essential to ensuring that computer security records are stored in sufficient detail for an appropriate period of time. Routine log analysis is beneficial for identifying security incidents, policy violations, fraudulent activity, and operational problems. 

5. Encryption for all data. In cryptography, encryption is the process of encoding information or sensitive data so only authorized parties can access it. While encryption can’t prevent criminal activity or third-party attacks, it does deny intelligible content to the interceptor. For more on encryption, we recommend this article published by UpGuard www.upguard.com/blog/encryption.

6. Use two-factor/multi-factor authentication. With two-factor authentication enabled, criminals who do gain access to user login credentials aren’t automatically granted entry. A key element to a Zero-Trust Security framework, multi-factor authentication requires users validate their identity to provide that extra layer of security.

Above all, at OWG we believe cybersecurity will always come down to your corporate culture and your posture – on your toes, knees bent, arms ready. Stay sharp, be prepared and have your plan in place and you’ll have an advantage and typically able to weather the storm. The complacent or unprepared will get swallowed.  

 

For more information, or to set a time to speak, drop your name and email below and we’ll reach out.

 

 #StaySafeOnline‍

HIPAA seal of compliance
30 Mar

OWG Achieves HIPAA Compliance with Compliancy Group

by Mathew Mendel
in Articles, News, Security
Comments

OWG completes HIPAA compliance process.

Montville, NJ; March 29, 2022 – OWG is pleased to announce that we have taken all necessary steps to prove our good faith effort to achieve compliance with the Health Insurance Portability and Accountability Act (HIPAA). Through the use of Compliancy Group’s proprietary HIPAA solution, The Guard™, OWG can track our compliance program and have earned their Seal of Compliance™. The Seal of Compliance is issued to organizations that have implemented an effective HIPAA compliance program through the use of The Guard.

HIPAA is made up of a set of regulatory standards governing the security, privacy, and integrity of sensitive healthcare data called protected health information (PHI). PHI is any individually identifiable healthcare-related information. If vendors who service healthcare clients come into contact with PHI in any way, those vendors must be HIPAA compliant.

OWG has completed Compliancy Group’s Implementation Program, adhering to the necessary regulatory standards outlined in the HIPAA Privacy Rule, Security Rule, Breach Notification Rule, Omnibus Rule, and HITECH.  Compliancy Group has verified OWG’s good faith effort to achieve HIPAA compliance through The Guard. 

“I am so proud of our team and our continued efforts to distinguish ourselves as a best-in-class, technology consulting practice”, explains Nick Rigali, Operating Partner at OWG.” As a firm, we’ve always been dedicated to protecting sensitive data and the personal information of our partners (clients) and our partner’s clients. This certification solidifies those responsibilities and allows us to publicly demonstrate our commitment to security.” 

Clients and patients are becoming more aware of HIPAA compliance requirements and how the regulation protects their personal information. Forward-thinking providers like OWG choose the Seal of Compliance to differentiate their services.

 

About Compliancy Group:

HIPAA should be simple. That’s why Compliancy Group is the only HIPAA software with expert Compliance Coaches™ holding your hand to simplify compliance. Built by auditors, Compliancy Group gives you confidence in your compliance plan to reduce risk, increase patient loyalty, and profitability of your organization. Visit https://www.compliancy-group.com or call 855.854.4722 to learn how simple compliance can be.

Always Verify
18 Mar

What is Zero Trust Cybersecurity?

by Mathew Mendel
in Security
Comments

Confusion about Zero Trust is making it harder to implement

 

 

As we detailed in our business case exploring the Zero Trust, at its core, ZT is a concept and shift in how organizations approach the idea of security and data privacy.

 

It’s not one product or piece of software, rather an approach that assumes breach and secures your organization by requiring users prove they are who they say they are and be granted gated access accordingly.

As explained in a recent article from WIRED, “What is Zero Trust” the approach eliminates the old moat & castle networking model and instead of trusting particular devices and assuming what’s inside your walls are safe, a Zero Trust methodology uses verification, network segmentation and least privilege to protect the enterprise.

 

Eliminate the moat & castle model of cybersecurity

 

 

Eliminate the moat & castle model of cybersecurity

Under the old model, all the computers, servers, and other devices physically in an office building were on the same network and trusted each other. Your work computer could connect to the printer on your floor or find team documents on a shared server. Tools like firewalls and antivirus were set up to view anything outside the organization as bad;everything inside the network didn’t merit much scrutiny. 

 

However, the explosion of mobile devices, cloud services,and remote/hybrid work have radically challenged those assumptions. Organizations can’t physically control every device its employees use anymore. And even if they could, once an attacker slipped by perimeter defenses, the network would instantly grant them a lot of trust and freedom. “Outside bad, inside good.”‍

“Zero Trust is a concept, not an action.”

Ken Westin, Security Researcher

Instead of trusting particular devices or connections from certain places, Zero Trust demands that people prove they are who they claim and should therefore be granted access. Typically, that means logging into a corporate account with biometrics or a hardware security key in addition to usernames and passwords to make it harder for attackers to impersonate users. And even once someone gets through, it’s on a need-to-know or need-to-access basis. If you don’t invoice contractors as part of your job, your corporate account shouldn’t tie into the billing platform.

 

Zero Trust isn’t a single piece of software you can install or a box you can check, but a philosophy, a set of concepts, a mantra,a mindset.

 

You still must implement things like device and software inventory, network segmentation, access controls.

 

Confusion about the real meaning and purpose of Zero Trust makes it harder for people to implement the ideas in practice. Proponents are largely in agreement about the overall goals and purpose behind the phrase, but busy executives or IT admins with other things to worry about can easily be led astray and end up implementing security protections that simply reinforce old approaches rather than ushering in something new. 

 

Here at OWG, we work with our partner clients and help them engineer a true Zero Trust methodology throughout their IT ecosystem. If you have questions or would like to see if we can help your organization better protect its most critical data, email partnerwithus@overwatchgrp.com or click here to set a time to speak.i 

NEW JERSEY / NEW YORK
150 River Road, Suite C-4
Montville, NJ 07045

Google Maps

SOUTHERN CALIFORNIA
2376 Westwood Blvd
Los Angeles, CA 90064
Google Maps

CONTACT

Email: partnerwithus@weareowg.com

Phone: 973-774-0055

Linkedin

SIGN UP FOR OUR NEWSLETTER!

© OWG | All rights reserved.