GraVoc Joins Mass. Bankers Association

GraVoc is happy to announce that recently they joined the Massachusetts Bankers Association.  The membership will give the company access to resources that will enable them to better serve clients in the financial services sector.  As part of this association, GraVoc will be able to better keep abreast of issues that concern financial institutions.  GraVoc hopes to use this knowledge to continuously improve existing information security services and create new offerings to fit the needs of their bank and credit union customers in a rapidly-changing business environment.

The organization has a membership of over 200 financial institutions in Massachusetts, as well as an additional 200 vendors that provide products and services to the banking industry.  GraVoc provides services to banks and credit unions throughout New England in the areas of information security and information technology.  Massachusetts-based financial institutions especially have a daunting challenge ahead with the dawn of the Massachusetts Data Security Law in March 2010.

Peabody, MA-based GraVoc Associates is celebrating fifteen years of business in the areas of information systems, information security, and professional services.  GraVoc offers a wide array of services to regional financial institutions, both on the network infrastructure, design, and maintenance side as well as information security, network security, and business continuity services.  GraVoc also extends services to commercial accounts in all three practices.  For more information about GraVoc and the versatility of services provided, please visit www.GraVoc.com.

GraVoc Celebrates Milestone

On Wednesday night, GraVoc Associates, Inc. hosted a get-together with staff members, customers, and friends at the Lyceum Bar and Grill in Salem.  The event marked the celebration of GraVoc’s fifteen-year anniversary serving businesses in Greater Boston, New England, and beyond in the fields of information systems, information security, and professional services.

The event featured a video (courtesy of DivergingSoul) featuring the company’s evolution over the last fifteen years and a speech by President/CEO David Gravel introducing the staff.  Customers had the chance to interact with each other and with staff members, and GraVoc greatly appreciates its guests taking the time out of their Wednesday evening to travel to the event. 

The party was held as a gesture of appreciation toward GraVoc’s customers and how, while the company’s slogan is “our business is your success,” that it is also true that “your business is our success.”  The milestone would not have been reached without the confidence of GraVoc’s customers.  Moving forward, GraVoc looks forward to continuing to help clients achieve efficiency, maintain compliance, and improve profits through technology for many years to come.

For more information about GraVoc Associates, Inc, based in Peabody, MA, please visit www.GraVoc.com.

Social Engineering: Are There Rules?

A very interesting alert came from the National Credit Union Administration last month regarding a fraudulent letter and accompanying CD.  The letter and CD were sent to an unnamed credit union, indicating they were from the NCUA when in actuality they were not.  An employee of the credit union told the NCUA about it, prompting the alert.

It was very quickly learned that the letter and CD were sent by a consulting firm contracted by the credit union in question to conduct penetration testing and social engineering testing.  The consulting firm, MicroSolved, owned up to it and praised the client credit union for doing exactly what they should be doing:  Reporting suspicious activity to the appropriate authority.  In his blog, MicroSolved CEO Brent Huston expressed his admiration for the whistleblower, the NCUA, and the multiple media and Internet outlets who made this incident into an inadvertent “awareness campaign” regarding the dangers of social engineering.

MicroSolved got a considerable amount of heat for impersonating the NCUA and for using the NCUA’s logos, names, and likenesses.  Whether this is ethical or not, it is probably more effective if not necessary to use those likenesses.  Are real-life attackers going to be following the rules of “we don’t use logos to impersonate agencies?”  Of course not.  And the most effective tests are the ones that most closely resemble the real-life scenarios.  Unless real fraudsters have the ethics to not use the agency’s likenesses, the people complaining about this firm’s ethics using them should really be complaining about something else.  The priority should be keeping businesses’ information safe, not the proper use of names and logos. 

Social engineering is a tactic employed by malicious attackers that instead of targeting weaknesses in computer systems, targets human beings as a way to gain unauthorized access to confidential information.  Social engineering preys upon trust, curiosity, and authority in a variety of different ways, including bogus emails, phone calls, letters, CDs, or other means.

GraVoc Associates, Inc. is celebrating fifteen years of business serving Greater Boston, New England, and beyond in the fields of information security, information systems, and professional services.  With three CISMs on staff, GraVoc brings a high skill level to its information security consulting practice.  As a service to its clients, GraVoc posts items of note such as the one above to increase awareness of constant changes in the information security landscape.  For more information about GraVoc’s offerings in information security consulting, please visit www.gravoc.com or speak to a representative at 978-538-9055.

Government Provides Pandemic Guidance

While there is little new to report on the H1N1 (swine flu) pandemic, other than the fact that flu season is coming soon, the vaccine will be released shortly, the flu as it currently stands is not as deadly as it was initially projected to be, and the 2009 H1N1 is now the dominant human flu on the planet, the United States government has a slew of resources available for businesses to plan for widespread employee absence, slowdowns in the supply chain, and public fear about the spread of illness.  Highlights include the following:

• Supply Chain Planning:  Banks may have to wait longer for cash shipments.  Manufacturers may have to wait longer to receive raw materials.  Vendors and service providers may have slower customer service as their employees may be out sick.  Businesses must plan accordingly for this as well as planning for the absenteeism of their own employees.
• Absenteeism Threshold:  How many people can your business afford to lose to absenteeism at the same time before business operations are adversely affected?  If the number of absent employees exceeds this number, does the company have plans to adjust accordingly?  Are there policies and technologies in place so that absent employees (if they are not sick themselves but are caring for a sick family member) can work from home?
• Sick Time Policies:  Has your HR department considered revising policies regarding sick time so that sick employees are not showing up to work and spreading the disease just because they have a limited number of sick days?  Businesses must take the health of other employees into account, as well as the probability that employees may have to care for children who are home from school as a result of a school closure or a child becoming ill.
• Extended Hours:  Social distancing will be a technique used to prevent the spread of the flu.  Many companies will stagger their hours of operation so that employees will have less contact with other employees, decreasing the probability that a virus will be spread.
• Screening:  Companies should consider whether employees will be asked if they have had symptoms of the flu (i.e. fever, headache, sore throat) in the last day, and whether they should be mandated to leave the workplace if they have.

More advice from the United States Government, including a useful pandemic planning checklist, are available here.

GraVoc Associates, Inc, based in Peabody, MA, are celebrating fifteen years of serving customers in many industries in the practices of information security, information systems, and professional services.  Encompassed in the information security field is business continuity and pandemic event planning, and GraVoc has many years’ experience helping businesses plan for a disaster or a pandemic event.  With the onset of the swine flu pandemic in April, the GraVoc News Blog has provided additional guidance and updates regarding how to plan so that business operations are not interrupted.  For more information about GraVoc’s business continuity services, as well as its other products and services, please visit www.gravoc.com. 

GraVoc Staff Earns Certifications

In response to the business environment becoming more competitive, several GraVoc Associates professionals have demonstrated their competence in GraVoc’s three practices of information systems, information technology, and technology and professional services.  Several staff members have earned certifications over the course of the summer, and the organization is using this space to congratulate them:

• Nate Gravel has achieved the CISM (Certified Information Security Manager) certification from the Information Systems Audit and Control Association (ISACA).  There are only about 10,000 CISMs worldwide, and Nate, 24, is likely one of the youngest to earn this certification.  A CISM demonstrates experience in the fields of information security governance, information risk management, information security program development and management, and incident response.  Nate also earned a Microsoft Certified Professional (MCP) certification in the Microsoft Dynamics CRM software.
• Eric Hannabury has added his seventh MCP distinction, as he successfully earned certification in the installation and configuration of Microsoft Dynamics GP 10.0.  Eric already holds the Microsoft Certified Systems Engineer (MCSE) certification, one of the premiere validations of technical capabilities in designing and implementing Microsoft network infrastructure.
• Ron Smoller, also an MCSE, has earned his sixth MCP distinction in the installation and deployment of Microsoft Dynamics CRM 4.0.
• Doug Tilley earned an MCP in the field of Microsoft Dynamics GP 10.0 Financials.
• Matt Wilkins earned an MCP in the area of the customization and configuration of Microsoft Dynamics CRM 4.0.

GraVoc Associates, Inc, located in Peabody, MA, has served Greater Boston, New England, and beyond in the three practices of information systems, information security, and technology and professional services.  Like any company, GraVoc relies on the strength of its employees, as knowledgeable employees help GraVoc better serve its clients.  For more information about the range of services offered by GraVoc, please visit www.gravoc.com.