Consolidating passwords and other account information can save time, but expose you to risk… An article review. Given the amount of account related information that the average person is expected to keep track of–such as account numbers, passwords, PINs and secret questions–it’s no wonder that a convenience like the Fuze Card was such a success […]

New FBI statistics suggest compromised business email accounts have led to over 12 billion dollars in losses since 2013… An article review. So much attention has been paid to ransomware, botnets and other relatively recent developments that it’s easy to forget about some of the older threats that are still out there claiming victims. Our […]

While already happening in practice, the new legislation would officially make it one of the agency’s priorities. An article review. In an acknowledgment of what is recognized as a growing threat, legislation introduced recently in the House of Representatives would officially add industrial control systems to the Department of Homeland Security’s cybersecurity priorities. The bill, […]

Previously thought to be designed to deliver a DDoS attack, VPNFilter can alter data in transit and change what you see on your screen. An article review. Initially, researchers thought that a new piece of router-based malware called VPNFilter was a relatively simple tool for directing and implementing a distributed denial of service (DDoS) attack. […]

US Cyber Command joins with the FS-ISAC to share threat intelligence… An article review. Threat intelligence sharing is a concept we’re all probably familiar with, at least in passing–it’s hard to imagine where we’d be without the efforts of organizations that work to identify and communicate new and developing threats! However, until relatively recently those […]

A new study has identified the most profitable malware, showing just how much unprepared businesses have paid. An article review. Despite pleas from various experts and authorities, it looks like a significant number of organizations ultimately decide to pay the criminal organizations who have held their data hostage. That’s something that many people have probably […]

Many organizations spend time and money deploying endpoint protection, then think they can forget about it… An article review. Not too long ago when it came to endpoint security it was common practice to simply install an antivirus program, set it to automatically update and move on. That kind of hands-off approach has never ensured […]

Some small organizations continue to use customer data to generate initial passwords, despite the risks. An article review. When rolling out a new online banking platform organizations are often faced with the task of issuing new usernames and passwords to existing users, but how they choose to do that can have a big impact on […]

In the absence of specific guidance, organizations are left to use their judgement in retaining logs… Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Not long ago a Client asked for my input on their firewall log policy, as they were collecting logs but […]

Object Access Limitations. . . While offering some visibility, there are limitations to object access monitoring. If your organization has to comply with industry regulations such as GLBA, HIPAA, or Sarbanes Oxley, you know that maintaining data security and privacy are important, and one of the ways you can accomplish that is with object access […]