User behavior analytics sniffs out anomalies in users’ actions and alerts IT security teams of suspicious behavior The theft of unstructured data is extremely common. It can be very difficult to safeguard emails and files when a lot of people have access. Even the CIA is not immune, judging by the recent exposure of its … Continue reading Protect your unstructured data with user behavior analytics
We need to secure the internet of things. The internet of things (IoT) is all about connecting devices to the internet so that they can talk to each other and to us, to make life more convenient. That might mean turning on the lights when we get up, or allowing us to use our phones … Continue reading IoT Could Be Our Downfall
Find out how to prepare for new EU legislation on data collection and security In 2012, the European Commission proposed new regulations on data protection that would supersede the national laws of the 28 EU member states. It was formally approved in April this year, and it will go into effect May 25, 2018. This … Continue reading What is the General Data Protection Regulation and why should you care?
The average cost of a data breach involving fewer than 10,000 records was $5 million The American public has become so inured to data breaches that it’s difficult to remember them all. Infamous breaches like the ones at Target and Sony become almost forgettable when confronted with the recently disclosed half-billion accounts compromised at Yahoo … Continue reading How Much Does a Data Breach Actually Cost?
The last time we looked at how Critical Security Controls (CSC) can help you build your InfoSec framework, we covered getting a handle on your software and your hardware inventories. Today, we’re going to discuss the importance of continually assessing and remediating vulnerabilities, keeping a tight control of administrative privileges, and monitoring your audit logs. … Continue reading Applying more Critical Security Controls to your organization
Once again, the Information Security Summit hosted by Towerwall and MassBay was a resounding success. Hundreds of attendees and vendors participated in diverse data security panels and networked with industry leaders and peers. The Summit opened with Michelle Drolet, CEO of Towerwall, and Shamsi Moussav, Computer Science Professor at MassBay Community College, presenting scholarships to … Continue reading Another Successful Information Security Summit
Tips for your third-party risk management program “Home Depot said the crooks initially broke in using credentials stolen from a third-party vendor […] Recall that the Target breach also started with a hacked vendor…” — Brian Krebs, Krebs on Security In everyday business, a complex set of external relationships is commonplace. Services, infrastructure, and … Continue reading Throw your vendor under the bus? Not quite so fast
secuProvided by William Gallagher Associates Insurance Brokers, Inc. News broke last week that Anthem, the nation’s second-largest health insurance carrier, was the victim of a data breach by external hackers. This breach affects both current and potentially former clients of Anthem. WGA is monitoring the situation on an ongoing basis, and here is what we … Continue reading Data Privacy Alert Vol 13.83 – Anthem Healthcare Breach
Our Michelle Drolet is quoted in NetworkWorld’s article “Are mobile apps putting your data at risk?“. Read more below: Quite often, companies don’t realize that the mobile apps they use are reason for concern. Once their data is breached, they begin to investigate. However, there are telltale signs that indicate an insecure mobile app. If you know … Continue reading Michelle Drolet published in NetworkWorld – Are mobile apps putting your data at risk?
The funkily-named bug of the week is GHOST. Its official moniker is the less catchy CVE-2015-0235, and it’s a vulnerability caused by a buffer overflow in a system library that is used in many, if not most, Linux distributions. A buffer overflow is where you assume, for example, that when you handle a four-byte network number written out as … Continue reading Data Privacy Alert Vol 13.82 – The GHOST vulnerability – what you need to know