Creating Successful Acceptable Use Security Policies

Stephen Palamara, TCC Director of Business Development

Good security policies are more important now than ever.  Since the beginning of the COVID-19 pandemic, there has been a surge in cybercrime including phishing attacks and other types of scams.

One type of security policy is externally focused and technology-oriented.  This type of policy helps prevent external threats and maintain the integrity of the network.

The other type is user focused.  Defining policies for appropriate use of the network can protect companies from liability if an employee violates the policy.

This article published on the Tripwire website outlines some considerations for creating a successful Acceptable Use Policy https://www.tripwire.com/state-of-security/risk-based-security-for-executives/risk-management/7-things-consider-creating-acceptable-use-policy/

  1. CONSIDER IMPACTS BEFORE ESTABLISHING RULES

The article suggests “If you haven’t gone through the process of identifying risks and the impacts of those risks, it’s really important to have some kind of discussion or risk assessment before drawing up rules that may or may not fit your organization.”

2. DEFINE WHAT DATA MATTERS AND WHY

“When this is well defined up front, it will create an expectation that staff can apply generally even if they forget a specific rule defined in the policy.”

3. DEFINE ANY COMPLIANCE OR LEGAL CONCERNS

“A good policy should speak to both best practices and compliance standards.”

4. SOLICIT FEEDBACK FROM STAKEHOLDERS AND REVISIT POLICY

“Even if things are going well and you have established a strong culture, your policies will need to adjust over time. New staff will come on board, and they will need to be taught the proper rules, as well. Plus, everyone needs a refresh once in a while. This feedback loop is very important and will help make policy stronger and easier to manage.”

5. CONSIDER PERSONALLY OWNED DEVICES THAT ACCESS COMPANY DATA ASSETS

“Ultimately, the most valuable part of your system is the data you control. In general, organizations that have major breaches or loss of data face significant challenges moving forward. Therefore, your policy should focus on controlling and securing data. As such, I would encourage any organization that allows staff to “Bring Your Own Device” to consider device usage as part of their Acceptable Use Policy.”

6. SOCIAL MEDIA

“Social media can be a very productive tool for organizations but obviously, it can also be a time waster and, even worse, a potential outflow of sensitive information or a tool as part of a phishing scam. Social media also transcends the IT infrastructure of the organization, so it’s important to take a broad view of this just like you would with personally owned devices.”

An Acceptable Use Policy can help reduce the risks associated with data security and IT management, but it must be tailored to meet the needs of each organization.

To learn more about TCC’s Security Services please visit our website https://www.e-tcc.com/security-services.

TCC Seeks a Quality Assurance Analyst (Contract)

Posted by Kelly Grant, Senior Technical Recruiter

Type: Contract
Duration: 12 months
Location: Indianapolis, IN

Our client is looking for a QA Analyst to develop and execute test plans on a major software applications prior to their implementation. Candidate will work to ensure quality, design integrity, and proper functionality.  Rigorous testing methods are employed including extensive end-user simulations, automation testing, and performance testing.

Representative duties include:
• Perform testing for Salesforce application using Provar automation test tool
• Develop, build, execute and automate API tests using tools like Postman or SoapUI.
• Develop test plans and scripts in line with defined workflows. • Execute test scripts according to plan.
• Document defects and problems that arise during software test
• Track reported problems and defects using Jira tracking software

Job Requirements:
• Extensive knowledge of SDLC testing methodologies and automation framework.
• Thorough knowledge and experience with codeless automation testing preferably using Provar.
• Thorough knowledge and experience with API testing tool preferably POSTMAN or SOAP UI.
• Experience with Salesforce objects such as Process Builder Flows, Lightning, Apex, Aura and Triggers.
• Knowledge of and experience with SOQL.
• Any Saleforce Development experience is an added advantage.
• Experience working in an Agile environment.

At TCC, we know that having a strong company culture is paramount in sustaining the success and stability of the company, especially within the information technology industry. We place our focus on the people who make our success possible and strive to create an environment that preserves and fosters growth while still promoting the DNA of our company.

Our core values:

  • Building strong, reliable relationships with our employees, our partners and our clients
  • Upholding integrity, honesty and respect
  • Supporting our local community
  • Encouraging continued education and development

To apply for this position please visit our website https://jobs.ourcareerpages.com/job/617555?source=ccp&key=NzZlYACJtsKrm6M6V6J%2bCS%2bjAXjrXZ9buEWxTkjI1Eg%3d

TCC Seeks a Quality Assurance Analyst (Contract)

Posted by Kelly Grant, Senior Technical Recruiter

Type: Contract
Duration: 12 months
Location: Indianapolis, IN

Our client is looking for a QA Analyst to develop and execute test plans on a major software applications prior to their implementation. Candidate will work to ensure quality, design integrity, and proper functionality.  Rigorous testing methods are employed including extensive end-user simulations, automation testing, and performance testing.

Representative duties include:
• Perform testing for Salesforce application using Provar automation test tool
• Develop, build, execute and automate API tests using tools like Postman or SoapUI.
• Develop test plans and scripts in line with defined workflows. • Execute test scripts according to plan.
• Document defects and problems that arise during software test
• Track reported problems and defects using Jira tracking software

Job Requirements:
• Extensive knowledge of SDLC testing methodologies and automation framework.
• Thorough knowledge and experience with codeless automation testing preferably using Provar.
• Thorough knowledge and experience with API testing tool preferably POSTMAN or SOAP UI.
• Experience with Salesforce objects such as Process Builder Flows, Lightning, Apex, Aura and Triggers.
• Knowledge of and experience with SOQL.
• Any Saleforce Development experience is an added advantage.
• Experience working in an Agile environment.

At TCC, we know that having a strong company culture is paramount in sustaining the success and stability of the company, especially within the information technology industry. We place our focus on the people who make our success possible and strive to create an environment that preserves and fosters growth while still promoting the DNA of our company.

Our core values:

  • Building strong, reliable relationships with our employees, our partners and our clients
  • Upholding integrity, honesty and respect
  • Supporting our local community
  • Encouraging continued education and development

To apply for this position please visit our website https://jobs.ourcareerpages.com/job/617555?source=ccp&key=NzZlYACJtsKrm6M6V6J%2bCS%2bjAXjrXZ9buEWxTkjI1Eg%3d

Staying Safe Online – Five Tips for Good Cybersecurity Hygiene

Stephen Palamara, TCC Director of Business Development

I recently read an article published on the National Cybersecurity Alliance Website that gave some good, practical advice for staying safe online, amid a surge in cyber-attacks and scams. https://staysafeonline.org/blog/scams-and-misinformation-challenges/

The article pointed out that cybercriminals are taking advantage of the COVID-19 pandemic to leverage this hot topic to spread misinformation and lure audiences into their schemes. Often these scams target vulnerable populations such as children or senior citizens.

The article states “Cyber scammers are spreading misinformation to initiate cyber scams through email, social media, and messaging applications. Tactics have become more nefarious and misleading than ever before.”

The reliance on digital connectivity increased over the past year due to more people working from home or being on lockdown.  To be able to work and enjoy the internet safely, the article provides the following five tips for better cybersecurity:

  1. “Use strong passphrases and a password manager”
  2. “Enable multi-factor authentication (also known as two-factor authentication) on all accounts that support it (email, banking, online shopping, etc.)”
  3. “Back-up and protect your sensitive data and personal identifiable information (PII). Follow the 3-2-1 rule: have 3 copies of your data, on two different media, with one copy stored off-site.”
  4. “Pay close attention to possible phishing emails, texts and phone calls (think before you click).”
  5. “Pay attention to security settings at both the user level and device level. For example, free public WiFi can be spoofed easily. Try to avoid connecting to public WiFi and use a hotspot or VPN instead.”

Installing reputable cybersecurity protections and taking care of cybersecurity hygiene will allow you to use the internet safely.

To learn more about TCC’s Security Services please visit our website https://www.e-tcc.com/security-services.