History Matters: Cyber Attacks from the 1960s

History Matters: Cyber Attacks from the 1960s

For some, the history of cyber-attacks might live in their minds as scenes from movies from as far back as Tron or Matthew Broderick in War Games. But in the real-world timeline of attacks in the digital sphere, these classics are preceded by cyber criminals who set the bar for future testers of cyber security. There are too many famous quotes about the need to and benefits of learning from history to include here, but the sentiment is worth repeating--looking back at the history of cyber-attacks helps develop a well-rounded security posture for today.

Read More

What’s Your Policy: Does Your Company Need Cyber Risk Insurance?

What’s Your Policy: Does Your Company Need Cyber Risk Insurance?

The risk of a cybersecurity breach seems to increase daily, with companies large and small falling victim to hacks and attacks. In this threat landscape, many businesses have invested in cyber risk insurance to help mitigate the cost of a future attack. Also known as cyber insurance and cybersecurity insurance, these plans help organizations offset the expense of a breach or other security incident.

Read More

3 Foolproof Tips to Securely Complete Online Transactions

3 Foolproof Tips to Securely Complete Online Transactions

Most users think they’re savvy enough to shop securely online, but even the most security-minded and Internet-knowledgeable shoppers have been duped when making business purchases. Wise users need to overcome their over-confidence and brush up on online shopping best practices to avoid getting taken by a suave scammer.

Read More

How to Proactively Identify and Report “Vishing” Attempts

How to Proactively Identify and Report “Vishing” Attempts

A reformed cyber-criminal who popularized the term “social engineering attack” famously pointed out that “it is far easier to trick someone into handing over, say, their password than to go to the trouble of hacking them.” This approach has taken hold in the cyber-crime world, with social engineering and phishing attacks—when an attacker poses as an authority figure via email or a website to trick a victim into divulging sensitive data—costing businesses $676 million in 2017, according to the FBI. Now an even simpler attack is gaining traction.

Read More

Don't Be Fooled by Padlocks and SSL Certificates

Don't Be Fooled by Padlocks and SSL Certificates

If you check for the green padlock symbol in your browser to ensure you’re accessing a safe and legitimate site, you’re not alone. According to a 2018 PhishLabs survey, more than 80% of those surveyed thought the green padlock in the address bar guaranteed the legitimacy/safety of a website. The reality is the padlock doesn’t mean the site is legitimate and it doesn’t mean you’re safe from hackers.

Read More

Why Users Should Never Auto-fill Forms: Browser Exploit Overview

Why Users Should Never Auto-fill Forms: Browser Exploit Overview

Life is hectic. As a result, we all look for ways to eliminate inconvenience, ease our stress levels, and save precious time. However, some comforts might come at too high of a price. Unfortunately, the auto-fill function on your browser might be a more of a risky convenience than most people realize. For years, security insiders have argued the dangers of the auto-fill function: the handy tool that automatically provides your name, address, phone number, and such for web page forms. It turns out, they are right.

Read More

Fixing the People Problem: Why Security Awareness Should Come First

Fixing the People Problem: Why Security Awareness Should Come First

It happens all too often. Imagine a Human Resources (HR) assistant receives an email from the CFO requesting an update to the companies account and routing number. The email appears to be legitimate and the diligent employee rushes to handle the CFOs request only to discover later it was a phishing email. These types of social engineering attacks have become increasingly sophisticated and difficult to detect. So what are your employees supposed to do?

Read More

A Brief Overview of Data Breach Notification Requirements

A Brief Overview of Data Breach Notification Requirements

In an October 2016 data breach, the email addresses, phone numbers, and names of 57 million customers and personal information of approximately 7 million drivers was stolen from Uber. Although the company immediately worked to secure the data and prevent further unauthorized access, the data breach went unreported to authorities and victims for more than a year, with the company finally coming forward toward the end of 2017. Uber has openly stated that it mishandled the situation, but the attack and response raises the question: How long do companies have to notify regulating bodies and those affected when a data breach occurs?

Read More

How Will the GDPR Affect Your Business?

How Will the GDPR Affect Your Business?

With the May 25, 2018, enforcement deadline approaching, many businesses are wondering how the General Data Protection Regulation (GDPR) will affect them. Briefly, the GDPR is a joint effort from the Council of the European Union (EU), the European Commission, and the European Parliament to better protect citizens’ personal data, give them greater control over how companies handle and use their personal data, and make it easier for companies to comply with this single personal data oversight regulation.

Read More

Are You Liable for a Vendor Data Breach?

Are You Liable for a Vendor Data Breach?

According to the 2017 Ponemon Cost of Data Breach Study, the average global cost of a data breach is $3.62 million, and the average cost for each record lost or stolen with sensitive data is $141. The study also found that the size and number of breaches is increasing. And, not surprisingly, many of these incidents, approximately 63%, are the result of third-party vendor breaches. So where does responsibility lie for a vendor-caused data breach that affects your business?

Read More

What Exactly is a Bitcoin Heist? Real Life Examples

What Exactly is a Bitcoin Heist? Real Life Examples

With the growth of bitcoin popularity comes the danger of hacker attention. Industry insiders estimate that cryptocurrency attacks have cost governments and businesses nearly $11.3 billion in the past decade. As more people invest in bitcoins—some less savvy about security than others—there are new avenues for bitcoin attacks.

Read More

5 Data Security Plan Requirements for Every Business Owner

5 Data Security Plan Requirements for Every Business Owner

Whether an organization hasn’t developed a data security plan out of a false sense of security or a lack of expertise, the results will be the same. A security breach will be debilitating. Every business owner, regardless of company size, should develop and implement a concrete data security plan.

Read More

5 Big Data Breach Myths the Hackers Don't Want Exposed

5 Big Data Breach Myths the Hackers Don't Want Exposed

We all have sneaking suspicions about security, but as with all assumptions, some of these beliefs are actually myths. And they’re myths that hackers hope stay around as long as Nessie and Yetis. Separating reality from fairytale can help you keep your organization secure.

Read More

How to Improve PHI Compliance Without Alienating Patients

How to Improve PHI Compliance Without Alienating Patients

Securing electronic personal health information (ePHI) to maintain Health Insurance Portability and Accountability Act (HIPAA) and other regulatory compliance can be a challenging task. Doing so while ensuring patients feel welcome and confident in your organization’s data security practices is even more challenging.

Read More

Components of Cyber Resilience Part 3: Thinking Beyond Risk Management

Components of Cyber Resilience Part 3: Thinking Beyond Risk Management

In our two previous posts on cyber resilience (CR)—how you manage operational risk and protect your assets—we explored how a holistic approach is best practice for a security-minded organization. Continuing to build on that knowledge foundation, this third part in the series explores risk management, external dependencies management, training and situational awareness.

Read More

Business Email Compromise Attacks Explained

Business Email Compromise Attacks Explained

Business email compromise (BEC) attacks are increasing at a staggering rate. These social engineering attacks are cleverly disguised and can fool even the best of them. So, what exactly is a BEC attack and how can you protect your company from falling victim?

Read More

Phishing Scam Subject Line Red Flags

Phishing Scam Subject Line Red Flags

Phishing scams are on the rise—and even more prevalent through the holiday season. One way to effectively combat these attacks is to recognize that suspicious emails start with suspicious subject lines. However, whether subject lines look suspicious depends on the awareness of the user ...

Read More

4 Golden Ransomware Prevention Rules for Employees

4 Golden Ransomware Prevention Rules for Employees

Ransomware is a type of malware that prevents or limits users from accessing their system—either by locking the system's screen or by locking the user’s files—unless a ransom is paid. Suppose, for example, that Michael in Finance receives an email that looks like it’s from Human Resources (HR) with a subject line that reads “2016 Health Insurance Options.” How do you train Michael and the rest of your staff not to open the attached document? 

Read More