infojet

for AVPros
(srchddg)

5 minute NWS/AWS/NOAA Airport Aviation Weather


(AVWthr1)


(AVWthr2)   (AVWthr3)  (AVWthr-METAR trend)



(Aviation -- METAR/TAF only)




FastAWS Links (Metars, Airmets, Sigmets, ProgCharts)

UTC/Zulu time





DuckDuck Go



NEWS,Recalls,IT-ALERTS


SECMKTS


RESOURCES



LINCDEC











DuckDuck Go











SpeedTest-Megapath



SpeedTest-Fast.com(netflix)



Google Internet Speed Test



Comcast Business Internet Speed Test



AT&T Internet Speed Test



Comcast Xfinity Internet Speed Test





AT&T Speed Tiers by service category (download/upload speeds)



Comcast/Xfinity Internet Speed Tiers by service category (download/upload speeds)







Start Options for USB/microSDHC computers



privacy policy
terms of use




Scan URL (urlscan.io)












(ttls)
27627













Commercial(webbot) TOP site visits by (.com,.net,.org) Domain Name(since JAN-1-2020)






as of 2021-05-17




sogou.com ,5350
googlebot.com ,1752
amazonaws.com ,1337
msn.com ,762
omnis.com ,605
googleusercontent.com ,435
cloudsystemnetworks.com ,173
tmodns.net ,139
apple.com ,108
pagething.com ,106
myvzw.com ,93
internet-census.org ,75
colocrossing.com ,69
mycingular.net ,69
hwclouds-dns.com ,65
vultr.com ,55
h12-media.com ,38
webnx.com ,36
google.com ,35
aspiegel.com ,27
kyivstar.net ,26
contaboserver.net ,25
ispsystem.net ,24
okitup.net ,24
dataprovider.com ,20
lipperhey.com ,19
duckduckgo.com ,17
onr.com ,17
007ac9.net ,15
cdn77.com ,15
linode.com ,14
dreamhost.com ,13
qwant.com ,13
sbcglobal.net ,12
sprious.com ,10
completel.net ,10
quadranet.com ,10
rr.com ,10
gthost.com ,10
secureserver.net ,9
jscriptsdev.com ,9
ip-167-114-175.net ,9
scaleway.com ,8
verizon.net ,8
dnspure.com ,8
baidu.com ,8
datapacket.com ,8
directwebhost.org ,8
chinaunicom.com ,7
spectrum.com ,7
secqin.com ,7
netsystemsresearch.com ,7
fbsv.net ,6
hostry.com ,6
onyphe.net ,6
nextconnex.net ,5
comdevelopment.com ,5
bluehost.com ,5
ColocationAmerica.com ,5
rima-tde.net ,5
totalplay.net ,5
ip-192-99-18.net ,5
cosmoyard.com ,5
jumpingroo.com ,4
scalabledns.com ,4
servebyte.com ,4
prcdn.net ,4
btcentralplus.com ,4
hostwindsdns.com ,4
web-hosting.com ,4
cargojet.com ,4
ip-144-217-190.net ,4
ip-51-79-111.net ,4
ovh.net ,4
woorank.com ,4
cox.net ,3
inwitelecom.net ,3
ip-158-69-252.net ,3
puregig.net ,3
ip-167-114-124.net ,3
cantv.net ,3
wiredns.net ,3
zare.com ,3
domaincrawler.com ,3
clientshostname.com ,3
rootlayer.net ,3
pldt.net ,3
rch003.net ,3
ip-167-114-172.net ,3
ip-167-114-159.net ,3
bitdefender.net ,2
coldhak.com ,2
mycdz.com ,2
skyeris.net ,2
ptklp.com ,2
websitewelcome.com ,2
example.com ,2
2com.net ,2
plus.net ,2
rederatural.com ,2
telia.com ,2
virginm.net ,2
ip-142-44-251.net ,2
startdedicated.com ,2
sonic.net ,2
hinet.net ,2
hostdime.com ,2
totinternet.net ,2
triolan.net ,2
ip-51-222-50.net ,2
hecombawatedly.com ,2
ip-142-44-138.net ,2
accesskenya.net ,2
ip-51-161-57.net ,2
Borealisbroadband.net ,2
uelockies.com ,2
ip-198-245-49.net ,2
prismwebnets.com ,2
ip-167-114-150.net ,2
cipherwave.net ,2
ip-51-79-116.net ,2
hidehost.net ,2
ip-167-114-90.net ,2
lagranfrancia.com ,2
glesys.net ,2
fasternetwork.com ,2
ip-51-222-43.net ,2
group-ib.com ,2
ip-51-222-151.net ,2
turk.net ,2
kpn.net ,2
contabo.net ,2
dataproviderbot.com ,2
ip-54-39-227.net ,2
hargray.net ,1
ipvnow.com ,1
nephosdns.com ,1
rcncustomer.com ,1
serverhotell.net ,1
telkomsa.net ,1
superonline.net ,1
as13285.net ,1
avast.com ,1
ip-192-99-225.net ,1
cloudradium.com ,1
linuxpl.com ,1
rogers.com ,1
metronethn.com ,1
64m.org ,1
telecom-solution.com ,1
ip-192-95-29.net ,1
ip-66-70-203.net ,1
cloudedic.net ,1
xo.net ,1
luisgermano.com ,1
cavtel.net ,1
ip-142-4-195.net ,1
silverstar.com ,1
InterCable.net ,1
abilitybusinesscomputing.com ,1
sciencescores.com ,1
airtelkenya.com ,1
foundationapi.com ,1
i3d.net ,1
protedtmailsrv22.com ,1
edns1.com ,1
i-tera.com ,1
tangobacchus.com ,1
m247.com ,1
othush.com ,1
eu.org ,1
fex.net ,1
appliedprivacy.net ,1
dnsserverboot.com ,1
volia.net ,1
lockingall.com ,1
promocloud.net ,1
2i3.net ,1
dsci-net.com ,1
online.net ,1
opera-mini.net ,1
ip-51-161-120.net ,1
h0sted.net ,1
torservers.net ,1
as42926.net ,1
dslextreme.com ,1
datection.net ,1
ricetell.com ,1
bhn.net ,1
tedata.net ,1
vuhuv.com ,1
free-face-sitting.com ,1
sitting.com ,1
royal-watches.com ,1
246.net ,1
serverastra.com ,1
azimut-r.net ,1
proxad.net ,1
svea.net ,1
mivocloud.com ,1
keff.org ,1
webhop.net ,1
no-reverse-dns-configured.com ,1
quintex.com ,1
qwest.net ,1
serveroffer.net ,1
cloudlinkd.com ,1
idknet.com ,1
windstream.net ,1
gtt.net ,1
aglyptrutivin.com ,1
myaisfibre.com ,1
ip-51-222-133.net ,1
hosted-by-worldstream.net ,1
sukienhanoi.com ,1
townisp.com ,1
inew-cs.com ,1
q-challenges.com ,1
chaycrop.com ,1
ptd.net ,1
routergate.com ,1



(lines in domain name file)
12063





sogou.com ,5350 (44.4% of visits)
googlebot.com ,1752 (14.5% of visits)
amazonaws.com ,1337 (11.1% of visits)
msn.com ,762 (6.3% of visits)
omnis.com ,605 (5% of visits)
googleusercontent.com ,435 (3.6% of visits)
cloudsystemnetworks.com ,173 (1.4% of visits)
tmodns.net ,139 (1.2% of visits)
apple.com ,108 (0.9% of visits)
pagething.com ,106 (0.9% of visits)
myvzw.com ,93 (0.8% of visits)
internet-census.org ,75 (0.6% of visits)
colocrossing.com ,69 (0.6% of visits)
mycingular.net ,69 (0.6% of visits)
hwclouds-dns.com ,65 (0.5% of visits)
vultr.com ,55 (0.5% of visits)
h12-media.com ,38 (0.3% of visits)
webnx.com ,36 (0.3% of visits)
google.com ,35 (0.3% of visits)
aspiegel.com ,27 (0.2% of visits)
kyivstar.net ,26 (0.2% of visits)
contaboserver.net ,25 (0.2% of visits)
ispsystem.net ,24 (0.2% of visits)
okitup.net ,24 (0.2% of visits)
dataprovider.com ,20 (0.2% of visits)
lipperhey.com ,19 (0.2% of visits)
duckduckgo.com ,17 (0.1% of visits)
onr.com ,17 (0.1% of visits)
007ac9.net ,15 (0.1% of visits)
cdn77.com ,15 (0.1% of visits)
linode.com ,14 (0.1% of visits)
dreamhost.com ,13 (0.1% of visits)
qwant.com ,13 (0.1% of visits)
sbcglobal.net ,12 (0.1% of visits)
sprious.com ,10 (0.1% of visits)
completel.net ,10 (0.1% of visits)
quadranet.com ,10 (0.1% of visits)
rr.com ,10 (0.1% of visits)
gthost.com ,10 (0.1% of visits)
secureserver.net ,9 (0.1% of visits)
jscriptsdev.com ,9 (0.1% of visits)
ip-167-114-175.net ,9 (0.1% of visits)
scaleway.com ,8 (0.1% of visits)
verizon.net ,8 (0.1% of visits)
dnspure.com ,8 (0.1% of visits)
baidu.com ,8 (0.1% of visits)
datapacket.com ,8 (0.1% of visits)
directwebhost.org ,8 (0.1% of visits)
chinaunicom.com ,7 (0.1% of visits)
spectrum.com ,7 (0.1% of visits)
secqin.com ,7 (0.1% of visits)
netsystemsresearch.com ,7 (0.1% of visits)
fbsv.net ,6 (0% of visits)
hostry.com ,6 (0% of visits)
onyphe.net ,6 (0% of visits)
nextconnex.net ,5 (0% of visits)
comdevelopment.com ,5 (0% of visits)
bluehost.com ,5 (0% of visits)
ColocationAmerica.com ,5 (0% of visits)
rima-tde.net ,5 (0% of visits)
totalplay.net ,5 (0% of visits)
ip-192-99-18.net ,5 (0% of visits)
cosmoyard.com ,5 (0% of visits)
jumpingroo.com ,4 (0% of visits)
scalabledns.com ,4 (0% of visits)
servebyte.com ,4 (0% of visits)
prcdn.net ,4 (0% of visits)
btcentralplus.com ,4 (0% of visits)
hostwindsdns.com ,4 (0% of visits)
web-hosting.com ,4 (0% of visits)
cargojet.com ,4 (0% of visits)
ip-144-217-190.net ,4 (0% of visits)
ip-51-79-111.net ,4 (0% of visits)
ovh.net ,4 (0% of visits)
woorank.com ,4 (0% of visits)
cox.net ,3 (0% of visits)
inwitelecom.net ,3 (0% of visits)
ip-158-69-252.net ,3 (0% of visits)
puregig.net ,3 (0% of visits)
ip-167-114-124.net ,3 (0% of visits)
cantv.net ,3 (0% of visits)
wiredns.net ,3 (0% of visits)
zare.com ,3 (0% of visits)
domaincrawler.com ,3 (0% of visits)
clientshostname.com ,3 (0% of visits)
rootlayer.net ,3 (0% of visits)
pldt.net ,3 (0% of visits)
rch003.net ,3 (0% of visits)
ip-167-114-172.net ,3 (0% of visits)
ip-167-114-159.net ,3 (0% of visits)
bitdefender.net ,2 (0% of visits)
coldhak.com ,2 (0% of visits)
mycdz.com ,2 (0% of visits)
skyeris.net ,2 (0% of visits)
ptklp.com ,2 (0% of visits)
websitewelcome.com ,2 (0% of visits)
example.com ,2 (0% of visits)
2com.net ,2 (0% of visits)
plus.net ,2 (0% of visits)
rederatural.com ,2 (0% of visits)
telia.com ,2 (0% of visits)
virginm.net ,2 (0% of visits)
ip-142-44-251.net ,2 (0% of visits)
startdedicated.com ,2 (0% of visits)
sonic.net ,2 (0% of visits)
hinet.net ,2 (0% of visits)
hostdime.com ,2 (0% of visits)
totinternet.net ,2 (0% of visits)
triolan.net ,2 (0% of visits)
ip-51-222-50.net ,2 (0% of visits)
hecombawatedly.com ,2 (0% of visits)
ip-142-44-138.net ,2 (0% of visits)
accesskenya.net ,2 (0% of visits)
ip-51-161-57.net ,2 (0% of visits)
Borealisbroadband.net ,2 (0% of visits)
uelockies.com ,2 (0% of visits)
ip-198-245-49.net ,2 (0% of visits)
prismwebnets.com ,2 (0% of visits)
ip-167-114-150.net ,2 (0% of visits)
cipherwave.net ,2 (0% of visits)
ip-51-79-116.net ,2 (0% of visits)
hidehost.net ,2 (0% of visits)
ip-167-114-90.net ,2 (0% of visits)
lagranfrancia.com ,2 (0% of visits)
glesys.net ,2 (0% of visits)
fasternetwork.com ,2 (0% of visits)
ip-51-222-43.net ,2 (0% of visits)
group-ib.com ,2 (0% of visits)
ip-51-222-151.net ,2 (0% of visits)
turk.net ,2 (0% of visits)
kpn.net ,2 (0% of visits)
contabo.net ,2 (0% of visits)
dataproviderbot.com ,2 (0% of visits)
ip-54-39-227.net ,2 (0% of visits)
hargray.net ,1 (0% of visits)
ipvnow.com ,1 (0% of visits)
nephosdns.com ,1 (0% of visits)
rcncustomer.com ,1 (0% of visits)
serverhotell.net ,1 (0% of visits)
telkomsa.net ,1 (0% of visits)
superonline.net ,1 (0% of visits)
as13285.net ,1 (0% of visits)
avast.com ,1 (0% of visits)
ip-192-99-225.net ,1 (0% of visits)
cloudradium.com ,1 (0% of visits)
linuxpl.com ,1 (0% of visits)
rogers.com ,1 (0% of visits)
metronethn.com ,1 (0% of visits)
64m.org ,1 (0% of visits)
telecom-solution.com ,1 (0% of visits)
ip-192-95-29.net ,1 (0% of visits)
ip-66-70-203.net ,1 (0% of visits)
cloudedic.net ,1 (0% of visits)
xo.net ,1 (0% of visits)
luisgermano.com ,1 (0% of visits)
cavtel.net ,1 (0% of visits)
ip-142-4-195.net ,1 (0% of visits)
silverstar.com ,1 (0% of visits)
InterCable.net ,1 (0% of visits)
abilitybusinesscomputing.com ,1 (0% of visits)
sciencescores.com ,1 (0% of visits)
airtelkenya.com ,1 (0% of visits)
foundationapi.com ,1 (0% of visits)
i3d.net ,1 (0% of visits)
protedtmailsrv22.com ,1 (0% of visits)
edns1.com ,1 (0% of visits)
i-tera.com ,1 (0% of visits)
tangobacchus.com ,1 (0% of visits)
m247.com ,1 (0% of visits)
othush.com ,1 (0% of visits)
eu.org ,1 (0% of visits)
fex.net ,1 (0% of visits)
appliedprivacy.net ,1 (0% of visits)
dnsserverboot.com ,1 (0% of visits)
volia.net ,1 (0% of visits)
lockingall.com ,1 (0% of visits)
promocloud.net ,1 (0% of visits)
2i3.net ,1 (0% of visits)
dsci-net.com ,1 (0% of visits)
online.net ,1 (0% of visits)
opera-mini.net ,1 (0% of visits)
ip-51-161-120.net ,1 (0% of visits)
h0sted.net ,1 (0% of visits)
torservers.net ,1 (0% of visits)
as42926.net ,1 (0% of visits)
dslextreme.com ,1 (0% of visits)
datection.net ,1 (0% of visits)
ricetell.com ,1 (0% of visits)
bhn.net ,1 (0% of visits)
tedata.net ,1 (0% of visits)
vuhuv.com ,1 (0% of visits)
free-face-sitting.com ,1 (0% of visits)
sitting.com ,1 (0% of visits)
royal-watches.com ,1 (0% of visits)
246.net ,1 (0% of visits)
serverastra.com ,1 (0% of visits)
azimut-r.net ,1 (0% of visits)
proxad.net ,1 (0% of visits)
svea.net ,1 (0% of visits)
mivocloud.com ,1 (0% of visits)
keff.org ,1 (0% of visits)
webhop.net ,1 (0% of visits)
no-reverse-dns-configured.com ,1 (0% of visits)
quintex.com ,1 (0% of visits)
qwest.net ,1 (0% of visits)
serveroffer.net ,1 (0% of visits)
cloudlinkd.com ,1 (0% of visits)
idknet.com ,1 (0% of visits)
windstream.net ,1 (0% of visits)
gtt.net ,1 (0% of visits)
aglyptrutivin.com ,1 (0% of visits)
myaisfibre.com ,1 (0% of visits)
ip-51-222-133.net ,1 (0% of visits)
hosted-by-worldstream.net ,1 (0% of visits)
sukienhanoi.com ,1 (0% of visits)
townisp.com ,1 (0% of visits)
inew-cs.com ,1 (0% of visits)
q-challenges.com ,1 (0% of visits)
chaycrop.com ,1 (0% of visits)
ptd.net ,1 (0% of visits)
routergate.com ,1 (0% of visits)












Webbot/Spiders (A-Z list)


007ac9.net ,15
246.net ,1
2com.net ,2
2i3.net ,1
64m.org ,1
Borealisbroadband.net ,2
ColocationAmerica.com ,5
InterCable.net ,1
abilitybusinesscomputing.com ,1
accesskenya.net ,2
aglyptrutivin.com ,1
airtelkenya.com ,1
amazonaws.com ,1337
apple.com ,108
appliedprivacy.net ,1
as13285.net ,1
as42926.net ,1
aspiegel.com ,27
avast.com ,1
azimut-r.net ,1
baidu.com ,8
bhn.net ,1
bitdefender.net ,2
bluehost.com ,5
btcentralplus.com ,4
cantv.net ,3
cargojet.com ,4
cavtel.net ,1
cdn77.com ,15
chaycrop.com ,1
chinaunicom.com ,7
cipherwave.net ,2
clientshostname.com ,3
cloudedic.net ,1
cloudlinkd.com ,1
cloudradium.com ,1
cloudsystemnetworks.com ,173
coldhak.com ,2
colocrossing.com ,69
comdevelopment.com ,5
completel.net ,10
contabo.net ,2
contaboserver.net ,25
cosmoyard.com ,5
cox.net ,3
datapacket.com ,8
dataprovider.com ,20
dataproviderbot.com ,2
datection.net ,1
directwebhost.org ,8
dnspure.com ,8
dnsserverboot.com ,1
domaincrawler.com ,3
dreamhost.com ,13
dsci-net.com ,1
dslextreme.com ,1
duckduckgo.com ,17
edns1.com ,1
eu.org ,1
example.com ,2
fasternetwork.com ,2
fbsv.net ,6
fex.net ,1
foundationapi.com ,1
free-face-sitting.com ,1
glesys.net ,2
google.com ,35
googlebot.com ,1752
googleusercontent.com ,435
group-ib.com ,2
gthost.com ,10
gtt.net ,1
h0sted.net ,1
h12-media.com ,38
hargray.net ,1
hecombawatedly.com ,2
hidehost.net ,2
hinet.net ,2
hostdime.com ,2
hosted-by-worldstream.net ,1
hostry.com ,6
hostwindsdns.com ,4
hwclouds-dns.com ,65
i-tera.com ,1
i3d.net ,1
idknet.com ,1
inew-cs.com ,1
internet-census.org ,75
inwitelecom.net ,3
ip-142-4-195.net ,1
ip-142-44-138.net ,2
ip-142-44-251.net ,2
ip-144-217-190.net ,4
ip-158-69-252.net ,3
ip-167-114-124.net ,3
ip-167-114-150.net ,2
ip-167-114-159.net ,3
ip-167-114-172.net ,3
ip-167-114-175.net ,9
ip-167-114-90.net ,2
ip-192-95-29.net ,1
ip-192-99-18.net ,5
ip-192-99-225.net ,1
ip-198-245-49.net ,2
ip-51-161-120.net ,1
ip-51-161-57.net ,2
ip-51-222-133.net ,1
ip-51-222-151.net ,2
ip-51-222-43.net ,2
ip-51-222-50.net ,2
ip-51-79-111.net ,4
ip-51-79-116.net ,2
ip-54-39-227.net ,2
ip-66-70-203.net ,1
ipvnow.com ,1
ispsystem.net ,24
jscriptsdev.com ,9
jumpingroo.com ,4
keff.org ,1
kpn.net ,2
kyivstar.net ,26
lagranfrancia.com ,2
linode.com ,14
linuxpl.com ,1
lipperhey.com ,19
lockingall.com ,1
luisgermano.com ,1
m247.com ,1
metronethn.com ,1
mivocloud.com ,1
msn.com ,762
myaisfibre.com ,1
mycdz.com ,2
mycingular.net ,69
myvzw.com ,93
nephosdns.com ,1
netsystemsresearch.com ,7
nextconnex.net ,5
no-reverse-dns-configured.com ,1
okitup.net ,24
omnis.com ,605
online.net ,1
onr.com ,17
onyphe.net ,6
opera-mini.net ,1
othush.com ,1
ovh.net ,4
pagething.com ,106
pldt.net ,3
plus.net ,2
prcdn.net ,4
prismwebnets.com ,2
promocloud.net ,1
protedtmailsrv22.com ,1
proxad.net ,1
ptd.net ,1
ptklp.com ,2
puregig.net ,3
q-challenges.com ,1
quadranet.com ,10
quintex.com ,1
qwant.com ,13
qwest.net ,1
rch003.net ,3
rcncustomer.com ,1
rederatural.com ,2
ricetell.com ,1
rima-tde.net ,5
rogers.com ,1
rootlayer.net ,3
routergate.com ,1
royal-watches.com ,1
rr.com ,10
sbcglobal.net ,12
scalabledns.com ,4
scaleway.com ,8
sciencescores.com ,1
secqin.com ,7
secureserver.net ,9
servebyte.com ,4
serverastra.com ,1
serverhotell.net ,1
serveroffer.net ,1
silverstar.com ,1
sitting.com ,1
skyeris.net ,2
sogou.com ,5350
sonic.net ,2
spectrum.com ,7
sprious.com ,10
startdedicated.com ,2
sukienhanoi.com ,1
superonline.net ,1
svea.net ,1
tangobacchus.com ,1
tedata.net ,1
telecom-solution.com ,1
telia.com ,2
telkomsa.net ,1
tmodns.net ,139
torservers.net ,1
totalplay.net ,5
totinternet.net ,2
townisp.com ,1
triolan.net ,2
turk.net ,2
uelockies.com ,2
verizon.net ,8
virginm.net ,2
volia.net ,1
vuhuv.com ,1
vultr.com ,55
web-hosting.com ,4
webhop.net ,1
webnx.com ,36
websitewelcome.com ,2
windstream.net ,1
wiredns.net ,3
woorank.com ,4
xo.net ,1
zare.com ,3


















Webbot visit BAR chart to Infojet.org since 1-JAN-2020

























Small Business CyberSecurity 3-step Fast-List:

(1) Business Continuity Plan and BACKUPs(ENCRYPTED)-- Have malware-free backups of encrypted data ready to maintain operations after a cyber-event. Have a ready-to-go Business continuity plan. Your business continuity plan should be ready to snap into place to keep business operating without interuption.)

(2) UPDATEs-- Automatically update and automatically encrypt all hardware and software. Only use Apple or Chrome computers if possible. Ensure full encryption is used on all data in all phases (in-transit, in-storage, in-memmory).

(3) TRAINING-- Train yourself and all staff to never click on any links in any type of messages (emails, instant messages, text messages, etc.) or on any attachments in any messages. When reading messages, put your hands behind your back and only view, but not touch, any messages, or you will be fired!!


Cyber security resouces:
NIST Cybersecurity Framework
CISA Cyber Essentials
Checklist from your cyberinsurance provider (AIG has a 40 item checklist)
FINRA's cyber security checklist for small business
IRS's Safeguarding Taxpayer Data cybersecurity checklist (pub. 4557) & pub 5293
NIST Small Business Information Security
NIST Small Business Cybersecurity Corner



If your business is planning to operate 100% offsite, in the cloud, such as a tax firm running Chromebooks, Google Workspace and Intuit ProConnect, your number one priority will be to control access to your cloud resources through strict user and device management.


Most cybersecurity checklists are far too long, too detailed and too full of confusing jargon for most small businesses to successfully implement or implement in a timely manner. Because of these factors as well as the time and cost to fully implement a comprehensive cybersecurity program, many small businesses feel overwhelmed and do almost nothing (except for activating automatic updates on software) hoping they will not get hit.

Your small business will likely experience a cyber-event of some type in the future. Just make sure all of your systems are (1) automatically updated, (2) have a malware-free backup system ready to snap into place to keep your business going and (3) ensure all data is encrypted with the highest level of encryption available (AES-256) so you can assure affected parties that any data lost from a cyber event cannot by viewed cyber invaders (If the cyber invaders have your data but do not have your encryption key, they cannot view your data. Currently, AES-256 encryption would take hundreds of years to break with today's computing resources.).


Cyber Review (Traveler's Insurance)


CyberSecurity Videos (Traveler's CyberInsurance)



6 Basic foundations for a Secure Network:

CIS Control 1: Identify and Control of Hardware Assets (Are only authorized devices allowed to connect to network?)


CIS Control 2: List and Control of Software Assets (Are only authorized software programs run on the network?)


CIS Control 3: Continuously Assess for & Eliminate Network Vulnerabilities (Is the network checked & cleaned of vulnerabilities?)


CIS Control 4: Are Administrative Privileges controlled and monitored (Are only the bare minimal administrative rights granted to perform tasks?)


CIS Control 5: Secure configuration of network devices (Are network devices securely configured? Are device manufacturers' default settings changed to secure settings?) (secure benchmark refs: CIS, NIST NCP)


CIS Control 6: Monitor, Analyze and Maintain network logs (Are network logs analyzed, monitored, maintained and checked for integrity for later investigation to understand current or potential cyber attacks?)


Key Cybersecurity Resources (for planning for and creating a secure operation-source for cybersecurity frameworks):
Center for Internet Security (CIS)

NIST Cybersecurity Framework(Identify, Protect, Detect, Respond, Recover)

References for CyberAlerts/CyberEvents:
CYBERSECURITY & INFRASTRUCTURE SECURITY AGENCY

US-CERT

NSA Cybersecurity Advisories






MITRE Attack Framework (displays attacker techniques)





Federal Communications Commission (FCC) Cyberplanner





Federal Trade Commission (FTC) Cybersecurity for Small Business








IRS Security Nine (FAT BET VUR):
(1) Firewall
(2) Anti-malware
(3) Two-Factor Authentication for all accounts (Online tax software, MS 365, Google Workspace, etc.)
(4) Backups of data to a secured location offnetwork or in the cloud secured with two-factor authentication. Practice restoring your backups to a live environment to ensure your data is actually fully restored.
(5) Encryption of all data and devices (use 7zip to encrypt data and store in external drive or encrypted cloud storage like Google Drive in Google Workspace (Enterprise edition)
(6) Training for all staff and decision makers, have data confidentiality and data security agreement policy on logon screen so staff see it and agree to it at each logon.
(7) Virtual Private Network (VPN) connection to the internet (use ProtonVPN)
(8) Update everything automatically
(9) Review ALL Terms of Use agreements with any online service that will handle entity data, (for incidents, Recover and Report) (3-step incident response plan: Identify, Assess, Recover/Report)






IRS Data Security Plan required by the Federal Trade Commission (FTC) Safeguards Rule:
15 USC 6801: Protection of nonpublic personal information


§6801. Protection of nonpublic personal information
(a) Privacy obligation policy

It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers' nonpublic personal information.

(b) Financial institutions safeguards
In furtherance of the policy in subsection (a), each agency or authority described in section 6805(a) of this title, other than the Bureau of Consumer Financial Protection, shall establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical, and physical safeguards-
(1) to insure the security and confidentiality of customer records and information
(2) to protect against any anticipated threats or hazards to the security or integrity of such records and
(3) to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.




16 CFR part 314 _ STANDARDS FOR SAFEGUARDING CUSTOMER INFORMATION (also known as the Gramm-Leach-Bliley Act (GLBA)




FTC Safeguaurds Rule

Complying with the FTC Safeguards Rule





CISA 1-page Ransomware Fast Tips





CISA Cybersecurity planning questions/table top exercises





US Secret Service Cybersecurity planning guides











CISA Resources (Cyber Self-Assessments)





CISA Incident Reporting Form (for Federal Information Security Modernization Act of 2014 (44 USC 3552), FISMA related incidents and violations)


The Federal Information Security Modernization Act of 2014 (FISMA) defines incident as an occurrence that (A) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or (B) constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.




Notification Requirement

Agencies must report information security incidents, where the confidentiality, integrity, or availability of a federal information system of a civilian Executive Branch agency is potentially compromised, to the NCCIC/US-CERT with the required data elements, as well as any other available information, within one hour of being identified by the agency’s top-level Computer Security Incident Response Team (CSIRT), Security Operations Center (SOC), or information technology department. In some cases, it may not be feasible to have complete and validated information for the section below (Submitting Incident Notifications) prior to reporting. Agencies should provide their best estimate at the time of notification and report updated information as it becomes available. Events that have been found by the reporting agency not to impact confidentiality, integrity or availability may be reported voluntarily to US-CERT; however, they may not be included in the FISMA Annual Report to Congress.




In 1986, theUnited States Congress enacted the Computer Fraud and Abuse Act (CFAA), as an amendment to18 U.S.C. 1030. The CFAA has since been amended multiple times to address advancements in technologyand cybercrime. The CFAA criminalizes knowingly accessing a computer without authorization, obtainingprotected information, with the intent to defraud, intentionally causing unauthorized damage to a protectedcomputer, knowingly and with intent to defraud trafficking in passwords or access information, and extortioninvolving computers.







Small business Cybersecurity Road Map, one-page poster/cartoon (CISA)








CISA Small Business Cyberessentials





CISA Small Business Cyberessentials Starter kit





CISA Small Business Cyberessentials Starter Kit, by Chapter











CISA CyberEssentials Fast List

Managing cyber risks requires building a Culture of Cyber Readiness. The Culture of Cyber Readiness has six Essential Elements:

Yourself

You, as leader of your organization are an essential element of your organization’s Culture of Cyber Readiness. Your task for this element is to drive cybersecurity strategy, investment and culture.

Actions For Leaders

Action to Take in Consultation with IT

To learn more about how you can drive cybersecurity strategy, investment and culture, explore the Cyber Essentials Toolkit on this element.

Your Staff

As users of your organization’s digital equipment and systems, your staff are essential elements of your organization’s Culture of Cyber Readiness. Your task for this element is to develop cybersecurity awareness and vigilance.

Actions For Leaders

Actions to Take in Consultation with IT

Your Systems

As the infrastructure that makes your organization operational, your systems are an essential element of your organization’s Culture of Cyber Readiness. Your task for this element is to protect critical assets and applications.

Action For Leaders

Actions to Take in Consultation with IT

Your Surroundings

As your organization’s digital workplace, this is an essential element of your organization’s Culture of Cyber Readiness. Your task for this element is to ensure only those who belong on your digital workplace have access to it.

Actions to Take in Consultation with IT

Your Data

Your data, intellectual property, and other sensitive information is what your organization is built on. As such, it is an essential element of your organization’s Culture of Cyber Readiness. Your task for this element is to make backups and avoid loss of information critical to operations.

Action For Leaders

Actions to Take in Consultation with IT

Your Crisis Response

As your strategy for responding to and recovering from compromise, this is an essential element of your organization’s Culture of Cyber Readiness. Your task for this element is to limit damage and quicken restoration of normal operations.

Actions For Leaders

Action to Take in Consultation with IT

Booting Up: Things to Do First

Even before your organization has begun to adopt a Culture of Cyber Readiness, there are things you can begin doing today to make your organization more prepared against cyber risks.

Backup Data

Employ a backup solution that automatically and continuously backs up critical data and system configurations.

Multi-Factor Authentication

Require multi-factor authentication (MFA) for accessing your systems whenever possible. MFA should be required of all users, but start with privileged, administrative, and remote access users.

Patch &Update Management

Enable automatic updates whenever possible. Replace unsupported operating systems, applications and hardware (replace network hardware like routers 3 years after purchase and computing devices 5 years after purchase). Test and deploy patches quickly.













Recommendations

CISA recommends that users and administrators consider using the following best practices to strengthen the security posture of their organization's systems. Any configuration changes should be reviewed by system owners and administrators prior to implementation to avoid unwanted impacts.

Additional information on malware incident prevention and handling can be found in National Institute of Standards and Technology (NIST) Special Publication 800-83, Guide to Malware Incident Prevention & Handling for Desktops and Laptops.






















Questions Every CEO Should Ask About Cyber Risks



Remember__ CyberSecurity Risk __ Equals __ Business / Oranizational Risk

As technology continues to evolve, cyber threats continue to grow in sophistication and complexity. Cyber threats affect businesses of all sizes and require the attention and involvement of chief executive officers (CEOs) and other senior leaders. To help companies understand their risks and prepare for cyber threats, CEOs should discuss key cybersecurity risk management topics with their leadership and implement cybersecurity best practices. The best practices listed in this document have been compiled from lessons learned from incident response activities and managing cyber risk.

What should CEOs know about the cybersecurity threats their companies face?

CEOs should ask the following questions about potential cybersecurity threats:

What can CEOs do to mitigate cybersecurity threats?

The following questions will help CEOs guide discussions about their cybersecurity risk with management:

Recommended Organizational Cybersecurity Best Practices

The cybersecurity best practices listed below can help organizations manage cybersecurity risks.

Refer to the Cybersecurity and Infrastructure Security Agency (CISA) Cyber Essentials page for recommendations on managing cybersecurity risks for small businesses.



Remember __ CyberSecurity Risk __ Equals __ Business / Oranizational Risk






















Cybersecurity evolution should eventually lead to a zero-trust environment where devices, services and people will be required to continually request access to critical systems and data. Unless otherwise stated, all access is denied by default in a zero trust environment.

See the US National Security Agency's overview of a Zero-Trust environment


NSA Zero-Trust Model




NIST CyberSecurity Education Resources



































Salt Security Automated detection and response AI API security Model

Cyberattackers are in the process of fully automating and operationalizing adversarial artificial intelligence (AI) API attacks that will soon be able to easily breach current web app and API cybersecurity defenses.

Businesses will need AI API cybersecurity, like that provided by Salt, to battle this incoming threat.










ComplianceForge (Pre_Written Cybersecurity Policies)
Cybersecurity Frameworks _ Span of Coverage











Fast Cybersecurity Policies for broke, time-starved small businesses. If you are a broke small business and do not have any money and little time to spend on making cybersecurity policies, use the US Federal Communications Commission (FCC) CyberPlanner to make policies fast. The FCC policies are somewhat out of date but it will be better to have these policies fast than no policies at all.



FCC Cybersecurity for Small Business

FCC 10 CyberSecurity Tips

FCC CyberSecurity Planning Guide All Policies (50 pages)

FCC CyberPlanner (all policies) direct document
FCC Cybersecurity 10 tips (direc document)




TurboFast 2-step Cybersecurity for broke, time-starved, non-regulated businesses, such as dog walkers/dog trainers, who do not want to understand this cybersecurity stuff.

___ (1) Automatically generate Cybersecurity Policies, using the FCC CyberPlanner_|_FCC CyberPlanner-All Policies (check)



___ (1a) Safeguard data from creation to destruction through automated security and encryption processes applied to auto-updated devices, services and software handling data. All staff, including myself, agree daily to securely access (via VPN and MFA) data on company approved devices and services.




___ (2) Go through the process of getting (but not necessarily buying) CyberSecurity Insurance to find and plan to fix weaknesses in your business that would enable your business to qualify for cyber insurance coverage. Remember, cyber insurance requirements are bare minimum for a secure network. If your business cannot qualify for insurance, your network is likely insecure.(chose one or more of the below cyber insurance forms) (get CyberSecurity Insurance if your business can afford it.) (check)

(2a) Traveler's Insurance CyberSecurity Network Risk Pressure Checklist/Assessment___Traveler's Ins CyberRisk all forms

(2b) Traveler's Insurance CyberRisk Application longform (most comprehensive)__CyberRisk_app_local_PDF

(2c) Traveler's Insurance CyberRisk Application ShortForm Fast__CyberRisk_app_local_PDF

(2d) US Risk Cybersecurity Insurance application

(2e) Coalition Cybersecurity and Cyberinsurance automated risk scanner



___ (3) Is your company's private data secured using modern and automated cybersecurity methods to prevent unauthorized data access and/or unauthorized data disclosure? Do you know where your data is at all times? (check)

___ (4) Are company systems secured against unauthorized access and setup to maintain secure business operations if a cyber attack occurs (incident response and recovery). (check)

___ (5) Are all devices, software and services auto-updated and automatically secured by modern cybersecurity systems? Have I replaced all network devices greater than 3 years old, computing devices greater than 5-years old and all devices, software and services no longer being updated by the device, software or service vendor? Are staff trained in modern cybersecurity awareness on a monthly basis and annually agree to a data handling policy? (check)


check1, check2, check3, 4 and 5 check, done!


CyberSecurity TurboFast summary:
___ (1) Is my data secured to prevent public exposure and public access during all business operations?
___ (2) Can my business rapidly react, recover and restore normal business operations after a cyber event without public exposure of data? And efficiently report the event to relevant legally required entities? ___ (3) Are devices, services and software automatically updated and automatically secured? Are staff, including myself, trained on current cybersecurity best practices?





Do any laws, like HIPAA, FISMA, GLBA or SOX, apply to my type of business?
Are any cybersecurity frameworks required for my business type?

Some business types that are governed by specific laws and/or contractural requirements are required to use a specific minimum cybersecurity framework level, such as NIST CyberSecurityFramework (NIST CSF), to demonstrate cybersecurity compliance before the business is allowed to operate in that industry.


For example, does the Gramm-Leach-Bliley Act (GLBA) (15 USC 6801, 16 CFR part 314, 17 CFR part 248) also known as the FTC Safeguards Rule mandate a specific cybersecurity framework to meet compliance requirements for safeguarding customer information? No. Direct reading of the GLBA United States Code (USC) and Code of Federal Regulations (CFR) information for safeguarding customer information does not mandate a specific method to achieve compliance. The GLBA USC and CFRs just state that the method of safeguarding information must be written. Finra.org, which is the Finanacial industry regulatory authority overseeing brokers and financial advisors references the NIST CSF for safeguarding customer information (Finra Cybersecurity Checklist). Although no cybersecurity framework is required to meet GLBA compliance, adhering to a specified framework such as the NIST CSF makes the cybersecurity process more standardized and predictable and is also a cybersecurity best practice. IRS Tax preparers are required to be in compliance with the GLBA/FTC Safeguards Rule.



15 USC 6801
15 USC 6801: Protection of nonpublic personal information Text contains those laws in effect on May 9, 2021 From Title 15-COMMERCE AND TRADECHAPTER 94-PRIVACYSUBCHAPTER I-DISCLOSURE OF NONPUBLIC PERSONAL INFORMATION Jump To: Source CreditAmendmentsEffective Date §6801. Protection of nonpublic personal information (a) Privacy obligation policy It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers' nonpublic personal information. (b) Financial institutions safeguards In furtherance of the policy in subsection (a), each agency or authority described in section 6805(a) of this title, other than the Bureau of Consumer Financial Protection, shall establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical, and physical safeguards- (1) to insure the security and confidentiality of customer records and information; (2) to protect against any anticipated threats or hazards to the security or integrity of such records; and (3) to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer. ( Pub. L. 106–102, title V, §501, Nov. 12, 1999, 113 Stat. 1436 ; Pub. L. 111–203, title X, §1093(1), July 21, 2010, 124 Stat. 2095 .) Amendments 2010-Subsec. (b). Pub. L. 111–203 inserted , other than the Bureau of Consumer Financial Protection, after section 6805(a) of this title in introductory provisions.


16 CFR part 314 (GLBA, FTC Safeguards Rule) (Remember that this regulation covers a wide variety of busineses from the 1-person tax preparation office to a national bank like JP Morgan Chase. So, the details of Information Security Programs will vary widely.)

§314.3 Standards for safeguarding customer information.
(a) Information security program. You shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. Such safeguards shall include the elements set forth in §314.4 and shall be reasonably designed to achieve the objectives of this part, as set forth in paragraph (b) of this section.


(b) Objectives.
The objectives of section 501(b) of the Act, and of this part, are to:
(1) Insure the security and confidentiality of customer information;
(2) Protect against any anticipated threats or hazards to the security or integrity of such information; and
(3) Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.



§314.4 Elements. In order to develop, implement, and maintain your information security program, you shall:


____(a) Designate an employee or employees to coordinate your information security program.
________________________
________________________

____(b) Identify reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information, and assess the sufficiency of any safeguards in place to control these risks. At a minimum, such a risk assessment should include consideration of risks in each relevant area of your operations, including:
_________(1) Employee training and management;
_________(2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and
_________(3) Detecting, preventing and responding to attacks, intrusions, or other systems failures.

____(c) Design and implement information safeguards to control the risks you identify through risk assessment, and regularly test or otherwise monitor the effectiveness of the safeguards' key controls, systems, and procedures.

(Information safeguards below to protect against risks of unauthorized access, exposure, alternation and use of customer data will be implemented promptly but no later than beginning of calendar year.)

___________________ (encryption of data in all phases)
___________________ (control of access to data via VPN and MFA)
___________________ (Staff policy training and agreement to secure data handling, access and use on company approved devices and services)

(Evaluate effectiveness of safeguards yearly and create a scheduled fix-it list of problems and solutions called a plan of actions and milestones (POA&M).

____(d) Oversee service providers, by:
________(1) Taking reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for the customer information at issue; and
________(2) Requiring your service providers by contract to implement and maintain such safeguards.

____(e) Evaluate and adjust your information security program in light of the results of the testing and monitoring required by paragraph (c) of this section; any material changes to your operations or business arrangements; or any other circumstances that you know or have reason to know may have a material impact on your information security program.

(Changes to information security program after evaluating implemented program and POA&M list)

(Administrative changes) __________________________________________________

(Physical changes) _____________________________________________

(Technical changes) _____________________________________________







17 CFR part 248
§248.30 Procedures to safeguard customer records and information; disposal of consumer report information. (a) Every broker, dealer, and investment company, and every investment adviser registered with the Commission must adopt written policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information. These written policies and procedures must be reasonably designed to: (1) Insure the security and confidentiality of customer records and information; (2) Protect against any anticipated threats or hazards to the security or integrity of customer records and information; and (3) Protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer. (b) Disposal of consumer report information and records—(1) Definitions (i) Consumer report has the same meaning as in section 603(d) of the Fair Credit Reporting Act (15 U.S.C. 1681a(d)). (ii) Consumer report information means any record about an individual, whether in paper, electronic or other form, that is a consumer report or is derived from a consumer report. Consumer report information also means a compilation of such records. Consumer report information does not include information that does not identify individuals, such as aggregate information or blind data. (iii) Disposal means: (A) The discarding or abandonment of consumer report information; or (B) The sale, donation, or transfer of any medium, including computer equipment, on which consumer report information is stored. (iv) Notice-registered broker-dealers means a broker or dealer registered by notice with the Commission under section 15(b)(11) of the Securities Exchange Act of 1934 (15 U.S.C. 78o(b)(11)). (v) Transfer agent has the same meaning as in section 3(a)(25) of the Securities Exchange Act of 1934 (15 U.S.C. 78c(a)(25)). (2) Proper disposal requirements—(i) Standard. Every broker and dealer other than notice-registered broker-dealers, every investment company, and every investment adviser and transfer agent registered with the Commission, that maintains or otherwise possesses consumer report information for a business purpose must properly dispose of the information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal. (ii) Relation to other laws. Nothing in this section shall be construed: (A) To require any broker, dealer, or investment company, or any investment adviser or transfer agent registered with the Commission to maintain or destroy any record pertaining to an individual that is not imposed under other law; or (B) To alter or affect any requirement imposed under any other provision of law to maintain or destroy any of those records. 65 FR 40362, June 29, 2000, as amended at 69 FR 71329, Dec. 8, 2004



























































































































INFOJET(back to top)