Craft Compliance

Automated scanners and compliance tools are great at generating long lists of "issues" that you need to fix. What they aren't good at is explaining why it is an issue in YOUR specific environment. Business context, real-world impact, and unique circumstances are where automated tools still struggle. Fortunately, that is where we excel. Whether it is penetration testing or compliance requirements, we make sure that reported issues are real issues - not just because OWASP or NIST say so, but because they are a real risk in your, specific environment. Ready to talk about your specific context? Send us a message or contact us via our website! Just want to stay in touch? Sign up for our newsletter! #security #compliance #cybersecurity

Data is critical - but data can only drive decision making if we are asking the right questions. And to ask the right questions, we need to understand the core problem. This week, we share two examples where misunderstanding the problem can lead to bad data and even worse decision making. 1) Penetration testing 2) Phishing exercises Come check it out!

Hate it? Love it? Still confused why its ticking? TikTok has been a sensation and we dive into what the ban and "unban" can teach us for our own security and situations in this week's newsletter! Not subscribed? Subscribe on our LinkedIn page or on our website! And tell us what you think? Is the ban a good thing? Bad thing? Or something else? #security #cybersecurity #tiktok #privacy #newsletters

TikTok... To ban it or not to ban it, that is a question! But, not really the one we are focused in this week in Craft Compliance's newsletter. Whether or not you believe it should be banned, there is a lesson we can all take from the response to the ban. And it comes down to a single word: Reputation Check it out at Craft Compliance's LinkedIn page or website (linked below). #tiktok #security #cybersecurity #privacy

It is a new year and that can mean only one thing! 2025 Predictions!! What are the trends to watch in 2025? What are the security issues that will be top priority for the year? Come check out our take! And let us know what you think in the comments below! #security #cybersecurity

Happy New Year! ?? ?? We are looking forward to 2025 and the exciting things it will bring! How far will AI go in the next year? What will be the security trends to watch? Will we see any new compliance updates or recommendations? Give us your best bets! And stay tuned for next week's newsletter where we discuss our own predictions! #newyear #newyear2025 #security #compliance

Merry Christmas and Happy Holidays from the Craft Compliance Team! In this time of cheer, gifts, and sharing, it is always important to stay secure! Here are a few quick tips for keeping the holidays happy and avoiding scams: ?? Always be suspicious of links or attachments in emails or text messages. If a deal or sale is advertised, the same deal is still available if you navigate to the relevant website manually. ?? If somebody calls you claiming to be your bank, credit card company, etc., hang up and call them back at the number that Google or the back of your card tells you. DO NOT trust somebody calling you out of the blue. ?? Be very very wary of sales or deals that seem to good to be true. Do a quick Google search for "[store] sale scam" or something similar to see what other people have reported about it. ?? Talk to your family and friends about scams. If you are really ambitious, come up with a code word that you can use to assure people it is really you when you call. More realistically, just confirm with family and friends that you will double verify (phone call and Facebook message, email, etc.) when they need something like money or information. #scams #security #privacy #cybersecurity #holidays

Sometimes your security tools try to mess with you... But, if you test regularly, then, like Chandler Bing says, the messers become the messies! That is a lesson that Microsoft learned the hard way recently when researchers broke their MFA implementation in under 1 hour! Learn all about it and what to look/test for in an MFA implementation here! ***** Enjoyed the newsletter? Let us know! Give a like, comment, or share. We publish new articles every two weeks

While Nathaniel Shere is running his popular "Horrible Pentest Report Excerpts" this week with examples of bad penetration testing findings... We like to focus on the positive side of things - on what makes penetration tests and compliance work AWESOME! Here are some of our favorites: ?? Quality work by qualified professionals ?? Transparency in the work being done, the results achieved, and the process throughout ?? Direct access to the testers and engineers to ask questions, clarify issues, or understand findings ?? Pricing based on the work - not the size of the client Have you had success with a security vendor? What made your experience awesome?

It is our 100th newsletter and that has asking very important questions... What's the bottom line? Who really cares? What's the big deal with security and compliance? We dive into these questions in this 100th edition of our newsletter! Thank you to all of our readers, subscribers, and everyone who helped us get to this milestone! And subscribe to make sure you get the next 100 versions! #security #cybersecurity