It was reported that contractors in China used by Microsoft to train Cortana, their AI engine, were granted access to voice recordings with minimal cybersecurity controls. A former contractor told the Guardian that workers were not vetted and shared account credentials were able to be used on personal laptops.
Regulatory compliance can be a daunting task for small companies for a variety of reasons. For some, it could be that they do not have the necessary staff to commit to such a project. For others, it may be the lack of capital to pay an expensive consultant to do it for them. Another issue that plagues small companies is the lack of knowledge required to navigate the treacherous waters of regulatory compliance. While JustProtect may not be able to provide your company with more employees or extra money, something we can give you is knowledge. And Knowledge is Power.
Preparing for Risk
JustProtect is known for our ability to make cybersecurity and vendor risk assessments easier. But we, just like everyone else, have broader concerns from a risk perspective.
When COVID-19 arrived on our shores, it forced a large portion of the country's employees to work from home. While the majority of our team already worked remotely, we still needed to advise one of our office locations to work from home.
Before this pandemic, many employees seldom worked outside of the office environment. Therefore, the main focus of InfoSec and Cyber Security was on the organization’s on-site communication infrastructure. The majority of company policies on this subject were centered around internal conduct and practices. That begs the question of whether or not companies were prepared for this unforeseen transition. Chances are that many businesses were caught off-guard by this recent development, and that is why the Information Technology Laboratory released a special bulletin for March 2020 that addresses Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions.
During this time of uncertainly we wanted to make sure we added some assistance and relief to an otherwise stressful situation. We're required to embrace this period of adjustment and get used to a new "normal."
How are Cybersecurity Experts thinking about COVID-19?
From the time that I started my Cyber, or Information, Security in the early 2000's career one of the fundamental tenants that was drummed into me was that human safety and security is placed higher than the safety and security of data and technology.
Throughout its history, the Department of Defense (DOD) has relied on contractors, these are individuals or non-federal companies that supply services, supplies, or construction. Almost all of these relationships involve the sharing of sensitive information which could present some sort of risk.