The challenge of keeping valuable secrets confidential is often held in tension with the challenge of being a robust company with opportunity to discover and grow. Some companies lock-down information so tightly it can inhibit workflow, cause unnecessary duplication, and even generate a culture of suspicion. Other businesses may err the other way and lose valuable information that can hurt […]
Protecting Against Insider Threats to Your Organization
How do you guard against employee theft of data without creating an environment of suspicion? By developing and administering an internal security policy, you can keep internal security at a professional level. Here are a few highlights in beginning to consider a plan: Understanding Your Data Monitoring Network Activity Utilizing Data Protection Tools for Various […]
10 Ways to Improve Network Security
The New York Times reported recently on a Computer Security Institute survey of 443 companies and government agencies. They found that 64 percent reported malware infections and the “financial loss from security breaches was $234,000 on average for each organization.” Here are ten ways to improve network security based on the New York Times article. […]
Underestimating the Consequences of a Data Breach
According to a report from the Ponemon Institute, many small to medium businesses (SMBs) fail to prepare for data breach.[1] In the “State of SMB Cyber Security Readiness: US Study,” Ponemon reports that organizations that had suffered a breach had different expectations from organizations that had not suffered a breach. As a result, many SMBs […]
Cyber Attackers Gain Ground Every Day
In the last few years, government and business cybersecurity experts continue doing better and better, while attackers also continue to do better and better. Steven Chabinsky, former chief of the FBI’s Cyber Intelligence Section, challenges the business and government sectors to adapt, adjust, rethink their approach to cybersecurity or slide backwards. Dennis Fisher over at […]
Protecting Against SQL Attacks
Businesses have two primary options when building a defense against SQL attacks: prevention and detection. Code can be developed in a way that defeats SQL injection, and developers should take steps when writing code to avoid SQL injection flaws. At the same time, companies use a wide range of 3rd party applications. Avoiding SQL injection […]
“Managed Diversity” and the Challenge of Supporting Mobility
Information technology advisory firm Gartner challenges IT groups to put priority focus on developing and supporting a mobile device management (MDM) policy. “The era of fully supporting company-owned devices is giving way to an era of managed diversity in which tiered support for employee-owned, consumer-class devices is the norm,” said Terrence Cosgrove, research director at […]
Ransomware: What You Need to Know (Part 1)
What is Ransomware? Ransomware is malware that enables cyber extortion for financial gain. Criminals can hide links to ransomware in seemingly normal emails or web pages. Once ransomware infects a user’s system, it either encrypts critical files or locks a user out of their computer. It then displays a ransom message that demands virtual currency […]
Ransomware: What You Need to Know (Part 2)
How does it spread? Ransomware has been shown to spread in four different ways: As an email sent to company addresses pretending to be from customer support from FedEx, UPS, DHL, Outback Steakhouse, etc. The trojan is attached to the email, usually labeled as a tracking number In PDF documents that are attached to emails, […]
Ransomware: What You Need to Know (Part 3)
Best Practices to Combat Ransomware Take a layered approach to security A firewall and Antivirus combination are not enough to secure an environment against ransomware. Layers of protection are an important and in-depth part of your defense. Manage network traffic Proper management of network traffic leads to better control of what traffic is on the […]