Resources : Insights

BOSTON – July 16, 2024 – Towerwall, a 25-year provider of cybersecurity services for emerging to mid-size enterprises, today announced its appointment of Greg Neville as Chief Information Security Officer (CISO) and Vice President of Towerwall Cyber Consulting Services. “Greg Neville is a seasoned professional with nearly two decades of experience developing information security programs

Every 39 seconds some company is being hit by a cyberattack. Security incidents are a constant threat, an inevitability rather than a possibility. An incident response plan can help organizations as they grapple with the aftermath of a cyberattack, revealing a clear path through chaos, offering a step-by-step plan of action to contain and mitigate threats. However,

Like every business asset we need to insure, our network and security is also an asset we need to be protecting. The data within the network, the operating systems and software, they all need to be viewed as a corporate asset and hence the need for cyber insurance. The risk of cybercrime is growing exponentially with each

HIPAA audits are back! The Office of Civil Rights (OCR), a branch of the U.S. Department of Health and Human Services (HHS) which oversees enforcement of HIPAA compliance, announced the return of their HIPAA audit program due to an exponential rise in cyber-attack in the healthcare sector. According to IBM, the average cost of a

Our VP of Sales and Operations, Janelle Drolet shares her 10 Things I know about… Compliance Risk with Worcester Business Journal 10) No place to hide: The regulations, laws, and frameworks an organization needs to comply with will depend on its industry, location, and the type of data it processes. IBM cites the average cost

Critical infrastructure and public sector organizations such as governments and municipalities, manufacturing units, communication networks, transportation services, and power and water treatment plants have been battling a growing wave of breaches and cyberattacks. Three main reasons exist why critical infrastructure is being targeted: • Opportunity for real-world disruption. Attacks on railways, ports or air control systems can create shortages

Our own Michelle Drolet was named as an Impactful Women in Security, 2024 by Elite X Magazine! Article below: In the dynamic realm of cybersecurity, where threats loom large and stakes are high, one individual stands out as a beacon of innovation and resilience. Meet Michelle Drolet, the founder and CEO of Towerwall, a visionary

Our VP of Sales and Operations, Janelle Drolet shares her 10 Things I know about… Security training with Worcester Business Journal 10) Become security aware: Organizations face the enormous challenge of safeguarding data from complex cyber threats. Human error still accounts for 95% of security breaches, according to the World Economic Forum. 9) Employee accountability: Security lies

In an era where data breaches and cyber threats loom, the security of patient information in plastic surgery practices (PSPs) is more critical than ever. Envision a scenario where, in a mere moment, the confidential data of your patients is at risk, posing a serious threat to the trust they place in your practice and

In 2024, for cybersecurity, we’re entering an era where advanced AI tools and intricate social engineering tactics (especially during election years) are changing the game. To avoid potential cyber threats, businesses, governments and individuals must grasp these emerging trends. Trend 1. Rise Of Cybersecurity AI In 2024, AI’s role in cybersecurity will expand to encompass automated

Cyber threats such as ransomware, phishing and data theft pose significant risks to cannabis dispensaries. These attacks can disrupt operations with long recovery delays, compromise client data, invite litigation and damage business reputations. IBM says the average global cost of a data breach is $4.45 million, prompting 51% of organizations to raise their security budgets. Implementing security measures

The cybersecurity skills gap situation has become a vicious cycle. On one hand, 63% of cybersecurity professionals complain that working conditions have become more difficult over the last two years owing to a heavy surge in cyberattacks, mounting data privacy concerns, overwhelming workloads, budget restrictions, staffing shortages and a complex regulatory environment. On the other hand, 71% of

A need for organizations to strengthen their third-party risk management practices. The Securities and Exchange Commission (SEC) recently charged software company SolarWinds and its Chief Information Security Officer (CISO) with fraud and internal control failuresOpens a new window. The prospect of a public CISO being indicted will be chilling to other C-suite members, calling into question

10. Isolate infected systems. Just as we had to quarantine for Covid infections, power down compromised endpoints to avoid spreading the contagion to other parts of the network. 9. System recovery. Create, review, and exercise a system recovery plan to ensure the restoration of services as part of a comprehensive disaster recovery strategy. This may

In this Insight article, Michelle Drolet, Founder of Towerwall, discusses the key enhancement and practical insights offered by the newly released NIST Cybersecurity Framework 2.0 (CSF 2.0). The US National Institute of Standards and Technology (NIST) just released a new update to its Cybersecurity Framework, the NIST CSF 2.0. This new version is currently in

Consider this advice to successfully replace a perimeter approach to security with a zero trust framework. Despite organizations upping their spend on cybersecurity technology, infrastructure, and services each year, threat actors are still finding ways to slip through the cracks. There are two main reasons for this: One, human error: Unfortunately, many users still don’t take security

If you’re an existing Amazon Web Services customer or are considering migrating to AWS, it’s likely you have major concerns around security. Cloud security has become a top risk and a top priority for enterprises because cloud assets are becoming the biggest targets for cyberattacks. No doubt, AWS does everything it possibly can to protect itself and its customers; however, the

When mechanized looms were first introduced, workers protested because they feared the automation would rob them of their skilled craft. When ATMs first arrived, some foretold the demise of bank tellers. When self-service kiosks were introduced, everyone believed they would replace cashiers. While technological shifts may have caused job losses in certain sectors, it could

  Last week, Microsoft patched two zero-day vulnerabilities (CVE-2023-36884 and CVE-2023-38180). These vulnerabilities are part of Microsoft’s August 2023 Patch Tuesday, which also includes security updates for 87 vulnerabilities. Both of these vulnerabilities were exploited in cyberattacks, and one of them was publicly disclosed prior to the patch release. CVE-2023-36884 CVE-2023-36884 is a remote code

Disasters and cybersecurity incidents are inevitable. The unprepared are hit the worst, and the consequences can range from massive monetary and reputational damages to outright business closure. A recent study suggests enterprises can lose up to $5 million per hour in unexpected operational disruptions and data loss events. The only way around this is to stay alert

Large language models (LLMs) like ChatGPT and Google Bard have taken the world by storm. While these generative AI programs are incredibly versatile and can be implemented in a wide range of productive business use cases for the good, there is also a potential downside for LLMs to empower threat actors, adversaries and cybercriminals with

10. Benefits & risks. Like most tools, large language models (like ChatGPT & Google Bard) can be used for good or ill purposes. Positives: generate creative content, translate languages, and debug software. Negatives: They can be used to damage reputations, spread misinformation, code malware, and conduct cyberattacks. 9. Phishing at scale. LLMs can be used

Audits can help companies identify weaknesses and make a company more resilient in the event of a cyberattack. Washington, D.C. magazine CFO reports financial auditors are increasingly concerned about cybersecurity, demanding greater transparency on how organizations are managing and mitigating cyber risk. And why shouldn’t they? A cyberattack or a data breach can lead to major financial

A major vulnerability in DNA sequencing equipment was discovered, highlighting the risks of cyberattacks on medical devices. The vulnerability was found, of all things, in DNA sequencing equipment made by San Diego biotech firm Illumina; discovered by its security team and subsequently patched. Such an intrusion could expose sensitive patient data or allow threat actors

Almost every other week, we hear or read stories about some high-profile organization experiencing a data leak. In the U.S. alone, there were about 1,802 publicly reported incidents last year that resulted in 4.2 billion private records being leaked online. This is only a tip of the iceberg since plenty of organizations that suffer leaks won’t usually

The threat landscape continues to change as bad actors refine their cybercrime tactics and expand their attack options. Cyberattacks continue to break new records and bad actors keep getting better at what they do. The only way organizations can truly defend themselves is by gaining an understanding of how cyber threats are evolving, acquiring the knowledge

What You Need to Know: A zero-day vulnerability (CVE-2023-28252) was found in the Windows Common Log File System (CLFS) and is being actively exploited. The vulnerability allows attackers to gain SYSTEM privileges on target Windows systems and deploy Nokoyawa ransomware payloads. CISA’s Known Exploited Vulnerabilities catalog now includes CVE-2023-28252, which impacts all versions of supported

The rising number and increasing severity of ransomware attacks are sufficient to prove that current cybersecurity strategies are simply not working. The fact is, today’s security approaches are far too focused on the network perimeter and too lenient when it comes to internal traffic. And since most users, devices and cloud-based applications operate outside of the corporate

Recent bank failures are creating opportunities for cybercriminals to readily access your personal and company bank accounts. With the vast uncertainty, cybercriminals are posing as representatives from banks, requesting account information and gaining immediate access to remove your money and change your login information. We encourage you to be vigilant and verify all communication you may

Editor’s Note: All the text in bold below was written by the ChatGPT artificial intelligence. Those sections were verified as accurate by a human editor, but they have not been changed. 10) ChatGPT is a language model developed by OpenAI, a research organization dedicated to creating and promoting friendly artificial intelligence (AI). Free for now,

What You Need to Know: In response to attacks aimed at hacking iPhones, iPads, and Macs, Apple issued urgent security updates that address two vulnerabilities, one of which is a zero-day vulnerability. The first vulnerability, tracked as CVE-2023-23529 [1,2], is a WebKit confusion zero-day that can lead to OS crashes and the execution of arbitrary

Janelle Drolet was recently named The Most Admired Women Leaders in Business, 2023 by CIO Views   It’s a sad fact of doing business – criminal hackers are continuously evolving their tactics to breach defenses, steal intellectual property and deploy ransomware. To combat them, a business needs leadership capable of keeping the company’s security controls

Michelle Drolet was recently named The Most Admired Women Leaders in Business, 2023 by CIO Views   Many people equate money with success. Although, money is not a bad indicator, but it is not the end all be all. To me success is being blessed with a beautiful family, my Towerwall team members and our

The Commonwealth of Massachusetts may soon approve a data privacy bill called the Massachusetts Information Privacy and Security Act, which will make the state a national leader in regulation of data privacy and security. There are extensive fines and penalties for non-compliance, and the ruling will allow individuals to sue organizations for data breaches. Who

What You Need to Know: A vulnerability was found in the open source JsonWebToken (JWT) library. According to Palo Alto Networks Unit 42, CVE-2022-23529 it could allow an attacker to achieve remote code execution (RCE) on a server verifying a maliciously crafted JSON web token request. The vulnerability impacts JsonWebToken package version 8.5.1 and earlier.

It’s that time of year again when we try to predict what’s ahead of us in terms of cybersecurity. 2022 has already become a record-breaker for the sheer volume of phishing scams, cyberattacks, data breaches and crypto heists. There was also a rise in hacktivism cases where state-sponsored cyber legions disrupted critical infrastructure and services,

Ransomware attacks and ransomware attackers are both evolving, becoming much more complex and damaging with each passing year. Attackers are moving in and out of victims swiftly, encrypting systems or exfiltrating data well before security teams can detect their presence. What organizations need is an offensive approach in which cyber threats and adversaries are hunted down

What You Need to Know: There are two zero-day vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability and CVE-2022-41082 is a vulnerability that allows for remote code execution when PowerShell is accessible to a threat actor. Microsoft stated that the current attacks are limited but the

SMBs face the same threats as larger companies but are challenged with limited resources, budgets and security talent. Organizations that outsource with an experienced security partner can make up for shortfalls in expertise and resources. In 2021, 40% of SMBs experienced a security breach partly because they are low-hanging fruit and attractive targets for leapfrogging to a

What You Need to Know: Apple released security updates for vulnerabilities found in iOS, iPadOS, MacOS Big Sur, and macOS Monterey. CVE-2022-32894 and CVE-2022-32893 are zero-day flaws that have code execution vulnerabilities being exploited by attackers in the wild. There are few details surrounding the vulnerabilities or how they were used, but the flaws are

What You Need to Know: A large-scale phishing campaign was disclosed by ThreatLabz this week. The researchers observed the use of advanced phishing kits in a large campaign primarily targeting corporate enterprise users of Microsoft email servers. The threat actors behind the campaign have not been identified, but researchers observed the attackers using an adversary-in-the

What You Need to Know: A hardcoded credentials vulnerability was found in the Questions for Confluence app and is under active exploitation. The vulnerability allows remote, unauthenticated attackers that know the hardcoded password for specific accounts in the app, to gain access to non-restricted pages in Confluence. CVE-2022-26138 was observed to be under active exploitation

We were honored to have our Director of Sales, Janelle Drolet, present at the AWS re:Inforce yesterday in Boston. We were excited to share the unique partnership of Towerwall, Alert Logic, and AWS. Learn more about the Towerwall and Alert Logic MDR difference.  

First of all, thank you! With your help, Towerwall, along with our partners SentinelOne, Proofpoint and Alert Logic are proud to announce the donation of $1,600 to MassBay’s Cybersecurity Scholarship Fund. The funds were raised as part of Towerwall’s recent Annual Security Summit. The Bi-annual Sessions and Annual Summit create an open forum for knowledge

What You Need to Know: A zero-day vulnerability was found in the latest Widows 11 and Windows Server 2022 releases. CVE-2022-22047 is a local privilege escalation vulnerability found in the Windows Client and Windows Server Runtime Subsystem. Although Microsoft has issued a patch, the vulnerability is actively being exploited by attackers and has a CVSS

What You Need to Know: Over the Fourth of July weekend, Google released a patch for a high-severity zero-day Chrome vulnerability. The vulnerability is being exploited in the wild and affects Google Chrome and other chromium-based browsers. The heap-based buffer overflow vulnerability is found in the WebRTC (Web-Real-Time Communications) component. The vulnerability is being tracked

Thank you to all that joined us at our Cybersecurity Executive Session this past Thursday. It was an amazing event with great discussion from industry leaders. A huge thank you to our presenting partners: MassBay Community College, Alert Logic, Sentinel One and Proofpoint. As in years past, all proceeds of the event will go to

What You Need to Know: A ransomware attack was deployed against an unnamed target, using Mitel’s VoIP appliance an entry point. CVE-2022-29499 is actively being used by attackers to achieve remote code execution and to gain initial access to their victim’s environment. The vulnerability is rated 9.8 in severity on the CVSS vulnerability scoring system.

What You Need to Know: Today, VMware issued patches for two security flaws discovered in Workspace ONE Access, Identity Manager, and vRealize Automation. The vulnerabilities are tracked as CVE-2022-22972 and CVE-2022-22973 and could be exploited to backdoor enterprise networks. The first vulnerability, CVE-2022-22972 has a critical CVSS score of 9.8 and is an authentication bypass

Think about this for a moment — global CEOs rank cyber risk as a top concern ahead of macroeconomic volatility, health risks, climate change or even geopolitical crises. What’s worse, they represent organizations that are deploying top-tier security tools, teams and security measures. So where is everyone going wrong? Truth is, cybersecurity is more than just committing

Organizations collect, store and process vast amounts of data today. Employee information, supplier information, customer information, intellectual property, financial records, communication records—all common types of data that ordinarily exist in almost every business. When organizations fail to secure or protect this data, it exposes them to a host of business risks like breaches, financial losses,

BOSTON, March 10, 2022 (Newswire.com) – Towerwall, a cybersecurity preparedness and consulting services firm, today announced that its Founder and CEO Michelle Drolet was named to the inaugural SIA Women in Security Forum Power 100 honoree list sponsored by the Security Industry Association (SIA), a trade association for global security solution providers with over 1,200 member companies that help

What You Need to Know: This week, ESET researchers discovered three new cyberattacks against Ukraine: HermeticWizard, HermeticRansom, and IsaacWiper. There is a new exploit, HermeticWizard, which spreads HermeticWiper across local networks via WMI and SMB. HermeticWizard is a worm that was deployed on a Ukrainian system on February 23, 2022. The malware starts by trying

Businesses are gearing up for another bumpy year of cybercrime. An ongoing barrage of phishing and ransomware attacks, third-party breaches like those involving Log4j and SolarWinds and the surge in remote work are but a few of the many reasons why almost 80% of security leaders still lack confidence in their cybersecurity posture. In response, a majority of them are planning to significantly

FTC warns businesses that failure to address critical vulnerability could result in legal action. On Dec. 9, the Apache Software Foundation issued a Log4j security alert that a vulnerability (CVE-2021-44228), aka Log4Shell, allows unauthenticated users to remotely execute or update software code on multiple applications via web requests. On a scale of severity, the NIST has graded

This holiday season, we are proud to announce we have made a donation to a new scholarship fund aimed at supporting young women and minority students to pursue rewarding careers in cybersecurity. Long-time colleague and client, United States Air Force Veteran, Saeed Garner, Director of Information Security for Christian Care Ministry, founded the newly established

What You Need to Know: Security teams are in a hurry to patch an unknown active vulnerability that was found in Apache’s Log4j and is now named Log4Shell. Log4j is a Java-based open-source library used by apps and services, and the newly found vulnerability could allow an attacker to compromise millions of devices across the

Traditional cybersecurity practices relied on the age-old maxim, an ounce of prevention is better than a pound of cure. But here’s the biggest truth about modern cybersecurity: There’s no such thing as foolproof security, and bug-free software is an oxymoron. From the ’90’s script kiddies to present-day state-sponsored actors and cybercrime syndicates, attacks have grown

If you have third-party partners, you need a third-party cyber risk management program. Here are six key steps to follow. Many organizations transact with hundreds of third-party partners, according to EY’s Global Third-Party Risk Management Survey 2019-2020, a trend that PwC finds shows no sign of slowing, even as the risks increase. A recent survey by security vendor Anchore found that in

BOSTON – August 31, 2021 – Towerwall, a 25-year provider of cybersecurity services for emerging to mid-size enterprises, today announced it has teamed up with Amazon Web Services (AWS) to list its array of data and IT security services and onsite deployment of Virtual Security Officers on the AWS Marketplace. Towerwall is one of the

According to Ponemon, 67% of respondents to a CISO survey believe hackers and cybercriminals are more likely to target their companies. In this regard, the role CISOs play in modern organizations has grown more critical, as they’re tasked with managing enterprise risk, securing Internet of Things (IoT) devices and deploying security analytics. To maximize the security of

The landscape of cybersecurity insurance is shifting in the wake of a wave of high-profile ransomware attacks. Over the last five years, the U.S. has suffered more than 4,000 ransomware attacks a day, according to a U.S. government interagency report. It’s a pandemic unto itself: Ransomware attacks happen once every eight minutes. This trend has driven greater

For small to mid-size businesses (SMBs), knowing what you need to remain secure and setting a resilient plan in place is half the battle. With the average cost of a security breach nearing $4 million, organizations need to detect threats early. Threat monitoring, detection and response (MDR) services offer businesses a turnkey security response. Combined

For Georgia, Virgina, the Carolinas and other states, it was Jimmy Carter revisited as long lines and price spikes awaited motorists at the gas pumps. Some stations as far south as St. Petersburg, Fla. ran out entirely, worrying travelers making plans for Memorial Day weekend. We learned a few things from the Colonial Pipeline ransomware

Over 37 billion records were exposed in breach events in 2020 – by far the most records exposed in a single year, according to a recent report by Risk Based Security. How has remote working impacted your organization’s security posture? What lessons can security professionals learn from the recent wave of breaches and what steps

We are proud to share that our founder and CEO, Michelle Drolet has been named as a “Top 25 Women in Cybersecurity” by The Software Report. See below for more information and to read more: “The women that comprise this year’s list have not only stepped up to new challenges in addressing cyber risks and

Navigating the vendor landscape is a challenge for many IT departments, particularly when looking at detection and response solutions, and especially since the cybersecurity industry is overly reliant on acronyms. EDR, MDR and XDR are three emerging endpoint security technologies built to provide greater visibility, threat detection and response across all corporate endpoints. With today’s

Modern cyber threats are growing in scope, cost and complexity. Hackers are continuously evolving their tactics to execute breaches, hold businesses at ransom and steal intellectual property. Globally, cybercrime is estimated to cost $10.5 trillion annually by 2025. To put things in perspective, the combined revenue of the world’s largest tech companies, Apple, Amazon, Alphabet and Facebook,

Selecting a Large-Scale, Secure and HIPAA-Compliant Covid Scheduling Solution A year ago, the coronavirus threw the world into a historic crisis. One industry pushed to the brink was the U.S. healthcare system. Now, with the arrival of life-saving vaccines, hospitals that were once tasked with treating waves of sick patients are now shifting gears to

While Service Organization Control (SOC) 2 compliance isn’t mandatory, it can bring a range of benefits for your organization. Created by the AICPA (American Institute of Certified Public Accountants), this auditing process helps you to assess your data privacy and security standards. Once achieved, you will have a comprehensive set of security policies that will

Healthcare organizations have faced continual stress from heavy COVID-19 caseloads in 2020. Cyberattacks on their information networks also loomed as a serious threat, and the pressure to protect data is expected to grow this year, as more criminals target healthcare providers. Protecting patient data from unauthorized access has long been a regulatory prerequisite for healthcare

The pandemic has dominated the news in 2020, overshadowing everything else. We’ve seen a rapid rise in remote working, a wave of pandemic-related scams and pressure to modernize IT while cutting costs. As the dust settles on a tumultuous year, it’s time to plan ahead. IT departments were forced to accelerate their plans and roll

I wanted to reach out to provide you with important information on the recent hack that has impacted nearly 20,000 of SolarWinds customers. The attack, which dates back to October 2019, has impacted many sectors including government, hospitals, educational and technology organizations. Over 80% of the Fortune 500 companies have uncovered a breach in their

10) With so many people working from home on all sorts of devices, make sure these endpoints continue to receive the latest security patches and software operating system updates to lessen your chance of compromise. 9) Avoid running sensitive transactions (like banking) over public WiFi networks that are typically unsecured from eavesdropping. Using your smartphone

Penetration testing is vital, but are you doing it right? Here are some common mistakes and advice on how to avoid them. One of the most effective ways to uncover flaws and weaknesses in your security posture is to have a third party carry out planned attacks on your system. Penetration testing is all about

The threat of a cybercriminal gaining access to your network is a constant source of anxiety. Amid all of the high-profile data breaches, businesses and organizations of all sizes have been successfully targeted by hackers who employ a wide range of different strategies. Too many companies have had to learn all about the potential cost of

If you don’t have a lot of budget at your disposal, these open-source intrusion detection tools are worth a look. As businesses grapple with the pandemic, millions of workers are no longer working in the traditional office behind the traditional perimeter. They are working from home, accessing data and network resources using unauthorized devices, unauthorized

With ransomware and phishing attacks on the rise, companies must continuously focus on cyber risks to protect assets and customers. Covid-19 forced organizations to evolve their business models overnight. The demand for digital infrastructure has skyrocketed and industries are seeing large-scale adoption of work from home. Unauthorized software, unsecured devices, stressed and distracted workers have

Unauthorized software and devices and stressed and distracted workers have expanded the attack surface and left businesses exposed to a number of cyber-risks. Small and medium-sized businesses in particular are most vulnerable since a majority of them run legacy or outdated systems.

Cybersecurity resilience depends on having a detailed, thorough, and tested breach response plan in place. Here’s how to get started. No matter how secure your business, data breaches are an unfortunate fact of life. Whether an attack is the result of a determined cybercriminal, a disgruntled insider, or simple human error, you can limit the

Per a recent analysis from Microsoft (via The Interpreter), every country in the world has fallen prey to at least one COVID-19-related attack. Homeland Security and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory back in issued an advisory back in April…

Covid-19 has disrupted our lives and caused a lot of stress and panic globally. Even though lockdowns may be relaxing, cyber-attacks are showing no signs of slowing down. The pandemic has created the perfect environment for hacktivists to strike with a high degree of success. Let’s understand the top five reasons for this: 1. Expanding

As the average monetary cost of a malware attack continues to increase and currently costs an organization an average of $3.86 M, it is vital to be up to date on detection and prevention best practices. No level of investment prevents or blocks 100% of attacks. You will learn how to continuously identify and address

Per a recent analysis from Microsoft (via The Interpreter), every country in the world has fallen prey to at least one COVID-19-related attack. Homeland Security and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory back in April relating to heavy exploitation of Covid-19 by malicious cyber actors. A Breeding Ground For Cybercriminals That’s Not Going

In a recent article, “New Tech Project? Get Your Devs On Board Fast  with These 16 Tips” published on Forbes Technology Council, Michelle Drolet shares how a Solid Secure Development Lifecycle can help: Create a solid SDLC program plan. Developers need a solid secure development life cycle program plan. Test against the plan/program’s “application risk

Security pros have a lot to juggle, but look in the right places and you can find invaluable assistance for free. Maintaining security is a never-ending business. There’s so much to worry about, from misconfigured software to phishing attacks to a rapidly expanding inventory of devices with their own vulnerabilities and update requirements. We could all use

10) Zooming out. Video conferencing is a two-edged sword; while a boon to nurture group discussion, the degree of focus paid to a small screen while feeling self-conscious (how’s my hair?) can oversaturate users. People are now reporting Zoom fatigue, citing anxiety. Identify mental health and grief counsellors who can step in during these COVID-19

The COVID-19 pandemic has brought about a seismic shift in how the world goes to work. Apart from essential services, remote work is the new normal, mandated everywhere — even in organizations that never previously offered remote work options. Lack of VPN infrastructure or its ability to scale, legacy systems that were never designed for remote work,

Live online June 4, 2020 12:00 pm ET Presented by Diana Kelley, Cybersecurity Field CTO, Microsoft Michelle Drolet, CEO, Towerwall Wherever we turn it feels like the news is all COVID-19 all the time. Many of us are feeling stressed and overwhelmed and attackers know it. At Microsoft, we’ve seen an increase in the success

These are unprecedented times. As companies scramble for business continuity, millions of workers around the world are forced to adapt to a workplace culture dubbed as the world’s largest work-from-home experiment. But there is a steep price to be paid for this change — weakened cybersecurity. With more and more people working from home, the attack

10. Pandemic panic Criminals thrive during a crisis, knowing people under stress and distraction are more prone to readily click a text or email link without thought to its legitimacy. As such, COVID-19-related phishing attacks grew 600% in the first quarter. 9. FTC Warnings The Federal Trade Commission just reported $12 million in coronavirus scams calling it the

10) Start with a plan. Companies of all shapes and sizes should draft a distinct crisis response plan. Existing disaster recovery plans or business continuity plans might not suffice. 9) Lead with leadership. Pick a small team responsible for your plan. Get buy-in from the top, pull in human resources, finance, IT. Develop policies minimizing

As the novel coronavirus (which causes COVID-19) continues to spread around the world, businesses must do what they can to prepare for absent staff and possible periods of enforced closure. In general, it’s vital that companies of all sizes and types draft a distinct crisis response plan because existing disaster recovery plans or business continuity

10) High priority. 64% of businesses are prioritizing IT security above everything else and 80% of small and medium businesses rank IT security as a top business priority. 9) Bad news. A successful cyber-attack can damage your company reputation beyond repair including financial losses, intellectual property theft and erosion of customer confidence and trust. 8)

As a valued customer, I appreciate the trust you place in your Towerwall team. I want to assure you that the safety and security of our customers and employees is Towerwall’s highest priority. Given the heightened business environment due to the Coronavirus (COVID-19), our top priority is to ensure the continuity of our support services

When apps are developed in a hurry and not properly put through their paces, the risk of something going wrong is high, as the Iowa Democratic Party just learned to its cost. Creating secure, fully functional mobile apps takes time and requires stringent testing. In the aftermath of the delayed results for Iowa’s Democratic presidential caucuses, it

As California’s privacy legislation goes into effect, it’s time to take stock of your security strategies around data and think about the future. The trend towards greater privacy is set to continue. The big data grab drove companies to stockpile data, with little thought of how to use it, and even less thought about how

Is cybersecurity a top priority for your business? We certainly hope so. A recent report revealed that almost 64% of all businesses prioritize IT security above everything else. Even 80% of all SMBs rank IT security as a top business priority. The Impact Of Cybercrime Can Be Far-Reaching A successful cyberattack can damage your company beyond repair. This could

The risk of a data breach is ever-present and can prove disastrous especially for cash-based businesses like cannabis. It’s vital to guard against cyber-attacks, but also to establish solid plans to ensure you react to any breach in the right way. It has never been easier for cybercriminals to infect your business with malware or

Our CEO, Michelle Drolet recently sat down with Superb Crew to discuss industry trends, threats and how to stay ahead. Link to the full interview below Q: What are you most excited about in the industry at the moment and what future trends are you expecting to see? A: We see more business coming to

10. Nigerian prince lives. The royalty who wants to send you money is the oldest scam in the book, yet it continues to lure victims. Phishing works by creating false trust to give up log-in credentials, click a bogus URL or download a malware-infected file. 9. Avoid pain. Be aware successful phishing scams can result

Record numbers for internet sales were reported in 2019, but online retailers aren’t the only ones laughing all the way to the bank. Cybercrime costs retailers a staggering $30 billion a year, and the sector is among the top ones targeted globally. Last year, three quarters of global retailers reported falling victim to cyberattacks. A New Attack Method Emerges: Ad Threats Cyberattackers are

2019 is set to break a record for the highest number of security incidents ever recorded and probably the biggest and most expensive year in terms of data breach fines, penalties and court settlements. While large-scale breaches always make big headlines, hackers are not sparing small businesses and consumers. As we head into the new decade, cyberattacks will continue

It’s almost a no-brainer that all organizations, regardless of their size, need some form of cybersecurity. Cybersecurity not only means that you protect your digital assets against a cyberattack, but it also means that you must plan for the inevitable. What if your data is breached or your systems are attacked? Seems pretty obvious, doesn’t

The cloud has revolutionized the way we work. It has become an indispensable part of our lives. It has allowed us to do business in a faster, more scalable way and has become the foundation for other disruptive businesses. Cloud accelerated the fortunes for some of the world’s largest companies. For Google, Microsoft and Amazon, cloud services is one

Forbes Technology Council Is an Invitation-Only Community for Executives Leading Their Industry BOSTON – October 25, 2019 — Michelle Drolet, CEO of Towerwall, is celebrating her one-year anniversary as a member of the Forbes Technology Council, an invitation-only organization for senior leaders to publish original content, connect and excel. “We are so pleased to have

Companies that move to the cloud have to assume new responsibilities, develop new skill sets and implement new processes. The first step to better cloud security is to assume you have no security. Cloud computing has transformed the way businesses work and continues to disrupt traditional business models. IDC predicts that by 2023 public cloud spending will

Our own Michelle Drolet sits down with Jeffrey Davis, founder and host of Radio Entrepreneurs to share her story and lessons learned as an entrepreneur. Watch above or click here to listen > Radio Entrepreneurs shares the stories of entrepreneurs in the interest of giving more exposure to innovative and fast-moving companies while creating a

One of the biggest challenges about working in cybersecurity is that you’re facing an enemy who learns and adapts. Cybercriminals can be very organized, they cooperate, and they’re constantly working to develop new techniques and strategies that will breach your defenses. They’re also growing increasingly adept at sniffing out the best opportunities to extract maximum

Social media has completely changed the way humans interact. Our lives have become increasingly public as we all share a variety of personal information online on various social networks. 2019 has seen worldwide social media user numbers grow to almost 3.5 billion, with 288 million new users in the past 12 months, pushing the global social

When we hear the word “cybersecurity” a lot comes to mind — firewalls, antivirus, endpoint protection, email security, web security and much more. But how often do we think or talk about people? This is a central element in cybersecurity that is often ignored. ‘To err is human”— it’s obvious that as humans we often

While much of cybersecurity is focused on prevention, the simple fact is that many attacks are successful. Even a sophisticated, expensive security system is going to be breached from time to time. Smart attackers try to fly under the radar, biding their time and extracting maximum value or causing maximum carnage, sometimes over a period

Businesses continue to face modern cyber attacks such as ransomware threats and data breach incidents. In the wake of a non-stop onslaught from advanced hackers, it seems that no matter what defensive measures organizations put in place, cyber adversaries and malware authors are able to circumvent them. Cybercriminals are not only motivated to target high-profile

When we say “operationalizing cybersecurity,” what we are essentially saying is the implementation of best practices that strengthen your cybersecurity infrastructure. This results in a strong security posture able to address advanced and continuously evolving cyberthreats leveled at any organization. A well-defined cybersecurity strategy lies at the very root of seamless operationalizing. Key stakeholders like

The numerous high-profile data breaches that took place in 2018 illustrate that no organization, irrespective of size, scale or scope, is immune from cyberattacks. Last year witnessed a 350% increase in ransomware attacks and a 70% increase in spear-phishing attacks. We are looking at a state-of-affairs wherein it is very easy for cybercriminals to exploit security vulnerabilities and target

Ransomware attacks can prove extremely disruptive and expensive to remedy. Prevention is better than finding a cure, and ransomware incidents are easily preventable with the right action. A few high-profile ransomware incidents have spread awareness, and many individuals and organizations have likely taken strides to protect themselves, which may have diminished the success rate of ransomware

Bad actors have taken advantage of unpatched systems, software vulnerabilities and increasingly devious forms of malware for years, but their preferred weapon is often phishing. While their motives haven’t changed — luring target victims to click highly legitimate-looking emails so they can steal the keys to the castle — I’ve seen their attack methods grow more sophisticated

The NIST Cybersecurity Framework (CSF) is a crowdsourced set of best practices to help you analyze your cyber risk posture and work towards improving it. Learn what it can do for your business, how to tailor and implement it, and how to manage it to work towards your desired security posture. The cybersecurity threat and

Breaches often take weeks or even months to uncover, but the right strategy combined with strong endpoint detection & response (EDR) tools can make all the difference. We examine seven vital factors to consider. Many different elements need to come together for an organization to secure its data properly. Most companies adopt a security strategy

Michelle Drolet sits down with Mindset Entrepreneur. Click the image below to watch now:

Many organizations take steps to guard against data breaches, employing new policies, tools and strategies that make them feel protected, but their defenses may not be as strong as they think. Unfortunately, this false sense of security is all-too-easy to come by. Data breaches are commonplace now and there’s a growing realization that organizations need

10) Got cloud? According to Cloud Security Alliance, more than 70 percent of the world’s businesses now operate in some capacity on the cloud. 9) Cloud positive. Running apps in the cloud offers lower fixed costs, auto updates, easier collaboration, disaster recovery, scalability, pay-as-you-go options, lower tech support costs and access from any device. 8)

Everyone should employ an intrusion detection system (IDS) to monitor their network and flag any suspicious activity or automatically shut down potentially malicious traffic. We look at five of the best open source options. As cybersecurity professionals, we try to prevent attackers from gaining access to our networks but protecting perimeters that have grown exponentially

As cloud adoption soars to new heights, security standards have failed to keep pace. Organizations need to start taking responsibility for their own cloud security and these five practical tips will help. There’s no doubt that widespread adoption of the cloud has enabled collaboration on a much greater scale, driving innovation and creativity. Distributed workforces

With the CCPA coming hot on the heels of the GDPR it makes sense to get your consumer data management in order. Taking steps to protect all private data today will pay dividends tomorrow. The idea that organizations should be doing more to protect the personal data they hold about individuals has been gaining ground

Make sure you understand the need to operationalize data management and security. There has been a widespread rush to get organized and compliant in time for the May 25 deadline when the EU data privacy law General Data Protection Regulation comes into effect. Little wonder when you consider what non-compliance with the GDPR could cost you —

Our own Michelle Drolet featured in Fierce CEO’s “Special Report Women CEOs on Blazing a Trail to the Top: Part 2” What does it take to reach the chief executive post? Being direct about what you want, for one. “If women want the brass ring, they should try to grab it,” says Jennifer Keough, CEO of

A look at some options for keeping tabs on your staff and the possible pros and cons. Securing your data in the digital age is very challenging, but it has never been more necessary. We just looked at the hair-raising cost of a data breach in 2018 and we know that employees are often the weakest

Learn about best practices to combat the threat of ransomware There have been some seriously nasty ransomware attacks in the last few years. From Petya to Wannacry to the SamSam attack on health record company Allscripts just last month, ransomware has been wreaking havoc across the world. Global ransomware damages exceeded $5 billion last year, up from $325 million in

10) Data breaches. Nearly 5 million data records are lost or stolen worldwide every single day, or 58 records every second. According to an IBM report, the average cost of a data breach is $7.3 million. 9) Machine learning will play a bigger role in cybersecurity. Because the battle against cyber criminals moves so rapidly,

58 data records are stolen every second at an average cost of $141 each. Trading in intellectual property and personal data is so widespread that someone invented a calculator that can estimate the potential harm to your own business. Nearly 5 million data records are lost or stolen worldwide every single day, according to the

Policies and software are not enough to secure your data, staff must be regularly trained. Your organization might have the most robust security program in the world. You may have stringent policies, and the latest and greatest security software tools. You might think your data is safe, but if your employees don’t have the right

Towerwall & Darktrace Dinner Seminar Hosted by Towerwall When: Wednesday, January 17, 2018 6:00 PM to 8:00 PM Where: Il Capriccio 888 Main St, Waltham, MA 02453 To Register: Contact Kelley Gallo atkelleyg@towerwall.com About DarkTrace Darktrace is the world’s leading machine learning company for cybersecurity. Created by mathematicians from the University of Cambridge, the Enterprise

It may be possible to glean valuable security insights by monitoring the dark web. Although awareness of the importance of cybersecurity is spreading, the number of successful cyber-attacks continues to grow with every passing year. Globally, almost 1.9 billion data records were compromised in the first half of 2017, up 164% compared to the last

Skills shortage is making shift to continuous appsec testing challenging. While application security (appsec) is firmly on the radar, most organizations still have a way to go before they can be confident about how secure their apps are. Devops is accelerating the speed of development and, coupled with the shift to the cloud, it’s creating

New challenges and threats will face IT departments in the year ahead. As we stand on the threshold of another year, the war for our cybersecurity rages on. There have been many data breaches in 2017, most notably for Equifax, Verizon, and Kmart. But if you seek a silver lining in the cloud, perhaps you’ll

Today we’d like to introduce you to Michelle Drolet… Thanks for sharing your story with us Michelle. So, let’s start at the beginning and we can move on from there. As founder of Towerwall, I have to say my proudest moment was when I sold my company and then… I rebought it! I remained active

Deep learning can be a vital supplementary tool for cybersecurity. The meteoric rise of malware has put us all at risk. We are engaged in a never-ending race with cybercriminals to protect systems, plug gaps, and eradicate vulnerabilities before they can gain access. The front line grows by the day as we share more data and employ

Coming to a future near you: software code that mutates and evolves. We often talk about computer systems and information security in biological terms. Threats and defenses evolve, viruses run rampant, and machines learn by emulating the neural networks in our brains. Cybersecurity is an endless war between attackers and defenders, just as biology is

The headline-making Equifax data breach was one of the worst ever. Equifax exposed approximately 143 million consumers, but did not notify any of them. This data breach exposed vital information, such as driver’s license, credit cards, social security numbers, addresses, and birth dates. According to the Ponemon Institute, which conducts independent research on privacy, data

Why you need to go beyond compliance. Businesses will continue to face a ton of cyber threats, some of which will impact organizations severely enough to require security measures that will reach far beyond compliance. A Ponemon Institute study showed that the average compromised record cost approximately $194 per record. Loss of business due to

You already know how important it is to be HIPAA compliant. A lot of businesses, including registered marijuana dispensaries, get confused about the requirements, when it comes to dealing with protected health information. It can get a little fuzzy, if you’re not privy to the big picture. The Health Insurance Portability & Accountability Act was

Thanks to all who joined us at the Worcester Business Journal’s IT Forum. We hope that you found the event informative.   The following is some post event information that we thought would be helpful. CLICK HERE to take our event survey. Please take a moment to complete this survey. Your feedback is important to

Any breach of the General Data Protection Regulation could lead to severe fines. The General Data Protection Regulation (GDPR) went through four years of preparation and debate before being passed by the EU parliament last year. Strict GDPR requirements lay out how companies should process, store, and secure the personal data of EU citizens. The enforcement date

Companies must respond to data breaches properly to limit the damage. Unfortunately, Equifax did not. There have been some very high-profile data breaches in the last few years, but the latest disaster to hit the headlines concerns one of the largest credit bureaus in the United States. It’s estimated that the Equifax data breach exposed 143 million consumers, with

WELLESLEY HILLS, MA (September 20, 2017) – Massachusetts Bay Community College is pleased to announce it has received a generous donation of $10,000 from this year’s annual Information Security Summit to support student scholarships in the field of cyber security. The Information Security Summit, held each year on MassBay Community College’s Wellesley Hills campus, was

The need for continuous monitoring, effective metrics and skilled workers. The laudable aim of the National Institute of Standards and Technology (NIST) is to build a common language through a set of best practices and security principles that any organization can apply to combat cybercrime. We’ve looked at what NIST’s Cybersecurity Framework can do for you.

Diving into NIST Special Publication 800-53 for practical advice. We’ve already laid out a broad overview of what NIST’s cybersecurity framework can do for you, so today we’re going to drill into Special Publication 800-53. Published by the National Institute of Standards and Technology, and based on important research from the Information Technology Laboratory, this publication offers

Medical marijuana, like any controlled substance, requires a strong system of identifying patients properly. As the industry matures, the federal government has increasingly been more involved in enforcing ever more stringent laws and regulations on medical marijuana dispensaries. While it is easy to dismiss this if you’re running your business on a strictly cash-only basis,

Practical advice to help you build a solid InfoSec plan The risk of your business falling victim to cybercrime has never been higher. Despite a seemingly endless parade of high profile data breaches, ransomware attacks, and phishing scams, many organizations still lack the necessary defenses to identify, prevent, or recover from an attack. The trouble

Over the last few years we’ve observed the steady rise of ransomware with some trepidation. It is fast becoming a multi-million dollar business, and it’s getting surprisingly sophisticated. The ransomware industry is continually innovating, offering cybercriminals new technology, various business models, and all the support they need to conduct successful attacks on unsuspecting individuals and

Canna Care Docs is a dynamic company specializing in cannabinoid therapies. Canna Care Docs hired Towerwall to assess their effectiveness in protecting sensitive information such as patient health information and employee personal information from security breaches. Click here to read the Case Study >  

10) Always lock your screen. Unlocked phones are always going to dangerously accessible. The first line of defense is a PIN, password, pattern or a biometric measure like your fingerprint. 9) Only install trusted apps. Apps should only ever be installed from official app stores, or your enterprise app store, to reduce the risk of

Please join us for the The ISSA New England Chapter’s 2017 Sponsor Expo Wednesday, August 2, 2017 from 8:00 AM to 4:30 PM EDT Verizon Labs 60 Sylvan Rd Waltham, MA 02451 You are invited to ISSA, New England Chapter’s Annual Sponsor Expo and Chapter Meeting. Compete in the Security Bee (questions from the CISSP exam)

We need to make sure the highly regulated world of cannabis business knows how to protect its data, customer and otherwise, yet also control access to it without too much hassle. As an insurgent breed, hackers are savvy and will seek out the path of least resistance. When your defenses are good, the weak link

After the recent wave of WannaCry ransomware attacks, managed service providers said the key takeaway they are bringing to customers going forward is the importance of proactive security. “Our whole stance is around proactive security. When you have proactive [security], WannaCry is not going to have an impact,” said Michelle Drolet, CEO of Framingham, Mass.-based

The legal regime for cannabis is a highly fractured one in the U.S. As of today, we’re approaching the legalized use of either recreational or medicinal marijuana in 30 states with eight states and the District of Columbia nearing full recreational use. Five states in the country continue to ban any use of cannabis, including

Everything you need to know to stop ransomware. Please join Towerwall and Sophos for an exclusive lunch and learn to learn how to stop ransomware cold. You’ll find out about: Polymorphic Malware What is Next Generation Malware How does a ransomware attack happen? 9 best security practices to apply NOW! June 28, 2017 | 12:00

BOSTON – May 15, 2017 – Towerwall (www.towerwall.com), a data security services provider for small to mid-size businesses, today announced that CRN®, a brand of The Channel Company, has named Michelle Drolet, Towerwall founder and chief executive officer, to its list of 2017 Power 30 Solution Providers, an elite subset of its prestigious annual Women

Channel partners can make arguments for the integrated security suite and the best-in-class point product method, but the decision ultimately rests on a customer’s specific needs.   “Security is not one-size-fits-all, so it depends on the type of organization and what their risk tolerance level is,” said Michelle Drolet, CEO at Towerwall Inc., a data

10. Freely hackable Free public Wi-Fi connections are treated like a public utility, but they can be making you vulnerable to hackers. 9. Sign me up By default, most mobile phones/devices are set to ask your permission to join a network. Once you obtain credentials, the known network will join your phone automatically. 8. Sniffing

Michelle Drolet and the Towerwall team will be attending the 36th Annual New England Bank Technology + Retail Banking Conference and Exhibit, on Friday, May 19th at the DoubleTree in Danvers, MA. Stop by Booth 27 where we will be discussing: FinTech Security Challenges Topics include: Today’s top security threats and how to stay safe Identifying

User behavior analytics sniffs out anomalies in users’ actions and alerts IT security teams of suspicious behavior The theft of unstructured data is extremely common. It can be very difficult to safeguard emails and files when a lot of people have access. Even the CIA is not immune, judging by the recent exposure of its

AlienVault recently announced a new addition to the AlienVault training portfolio: Incident Response for USM Appliance Analysts, a two-day course that we will start delivering Live and Online in May. AlienVault has had *many* requests from customers and MSSPs for training focused on the analysis of threats identified by the USM Appliance. This course provides

Security is taking a backseat as more and more devices connect to the internet The tech world moves at a tremendous pace, unleashing wave after wave of innovation intended to improve our everyday lives. Many new devices, from security cameras to fridges, or TVs to baby monitors, are now internet connected. This affords us remote

In order to stay ahead of threats, you need to know what to watch out for. This great article: Fraud Speak — Learn the Lingo to Beat Scammers > breaks down and defines hacker lingo. Stay informed, stay ahead, stay safe.

Back when Apple was the plucky young upstart that dared to be different, the Mac was the machine for creative types and there was a perception that it wasn’t a target for hackers because of its cultural cool factor. You would expect the same rules to apply to the legalized marijuana market, but a major

Anatomy of a national point-of-sale breach and takedown of 1,000-plus marijuana dispensaries Back when Apple was the plucky young upstart that dared to be different, the Mac was the machine for creative types and there was a perception that it wasn’t a target for hackers because of its cultural cool factor. You would expect the

10) Change your password. If you’ve been using the same password for a long time, then it’s time to change it. You should not only change your passwords regularly but not use the same one for every app or website. Try to use more than 13 characters. 9) Turn off wireless connections. When you aren’t

What you need to know to defend against targeted attacks. The threat of a targeted attack for any business is real and substantial. It’s vital to ensure that your organization can identify constantly evolving threats, find abnormal and suspicious activity, and take effective action to keep your data safe. Consider that, on average, attackers are

10) Adult use A key legislative issue for both opponents and supporters. Only those 21 and over can legally consume, possess and grow marijuana. Some legislators are advocating for a higher age limit. 9) Possession Massachusetts residents can now legally possess up to 10 ounces of marijuana in their primary residence. 8) Growing Massachusetts residents

Fresh and familiar threats to concern IT departments. As we embark on 2017, it’s time to reflect on a year where cybersecurity has played a major role. Even presidential campaigns haven’t been free from hacking scandals and data leaks. The average cost of a data breach for companies grew from $3.8 million last year to

Our own Michelle Drolet sits down with tED Magazine to discuss what security measures companies can take to protect their data. Read the full article >

We need to secure the internet of things. The internet of things (IoT) is all about connecting devices to the internet so that they can talk to each other and to us, to make life more convenient. That might mean turning on the lights when we get up, or allowing us to use our phones

The Silicon Review has declared SnoopWall is One of the 50 Fastest Growing Tech Companies for 2016. SnoopWall, Inc. delivers breach prevention technology that helps small to medium size enterprises (SMEs) get one step ahead of the next cyber-criminal, malicious insider, phishing attacks, ransomware or zero-day malware behind the corporate firewall. Customer adoption and growth

Great turnout this year at Worcester Business Journal’s Outstanding Women in Business Awards Our own founder and CEO Michelle Drolet was voted among six other local business leaders as “2016 Outstanding Women in Business” by the Worcester Business Journal. “The winners were selected on their career achievements, ability to transcend both male- and female-dominated professions,

Find out how to prepare for new EU legislation on data collection and security In 2012, the European Commission proposed new regulations on data protection that would supersede the national laws of the 28 EU member states. It was formally approved in April this year, and it will go into effect May 25, 2018. This

Company among top 20 recognized for their IT security leadership and innovation BOSTON – November 15, 2016 – Towerwall (www.towerwall.com), a data security services provider for small to mid-size businesses, today announced that Cyber Defense Magazine has named Towerwall a “Cyber Security Leader for 2016.” Towerwall was among the top 20 companies to receive the

The key to securing against this threat lies in a common metaphor—if a ship has a hole, it is better to patch the breach than bail the water Data breaches are increasingly becoming an expensive problem for more and more companies. According to the most recent Ponemon Institute Data Breach report, insecure data cost companies

Michelle Drolet, CEO of Towerwall in Framingham, is an innovative thinker. Never one to shy away from looking at new factors that come into a situation with an open perspective, she has a few things she’s learned about good management and good leadership along the way. First, she delegates more. “When I first started, it

The average cost of a data breach involving fewer than 10,000 records was $5 million The American public has become so inured to data breaches that it’s difficult to remember them all. Infamous breaches like the ones at Target and Sony become almost forgettable when confronted with the recently disclosed half-billion accounts compromised at Yahoo

This year’s winners represent “the best of what professionals in the region can be” BOSTON – October 25, 2016 – Towerwall (www.towerwall.com), a data security services provider for small to mid-size businesses, today announced that its founder and CEO Michelle Drolet was voted among six other local business leaders as “2016 Outstanding Women in Business”

We are honored to be named a Cyber Security Leader 2016 by Cyber Defense Magazine We are excited to share the list other worth leaders in cyber security. Click here to see the full list of winners. Click here to read the latest edition of Cyber Defense Magazine > For nearly 25 years, our dedicated

Thank you to all who attended our inaugural InfoSec at Your Services Meetup! We discussed current and emerging issues, best practices and challenges facing information security and cyber security leaders across all industries. Stay tuned for more upcoming InfoSec Meetup events.

10) Nothing hazy about the laws Marijuana (or cannabis) is one of the most highly regulated industries in the world, and Massachusetts has the strictest rules governing its production, retailing, grow, testing and security operations. 9) You can be raided. Marijuana businesses must comply with federal, state, city and county regulations and requirements. Despite medical-use

Stay vigilant, plan your response and test your defenses with CIS Controls 18, 19 and 20 This is the final entry in our series on the 20 Critical Security Controls devised by the Center for Internet Security (CIS) as best practices to help the public and private sectors tighten their cybersecurity. We started down the

We are honored to share that our blog was named as a Top Computer Security Blogs 2016 by CreditDonkey. CreditDonkey sites: “Business owners who want the latest information on the world of digital security will appreciate this blog’s straightforward approach to news and advice.” We are excited to share the list with some of our security

The NSA should disclose all zero-day exploits. But it doesn’t. To say the National Security Agency (NSA) prefers to lay low and shuns the limelight is an understatement. One joke said about the secretive group, widely regarded as the most skilled state-sponsored hackers in the world, is NSA actually stands for “No Such Agency.” But

WELLESLEY HILLS, MA (August 2016) – Massachusetts Bay Community College is pleased to announce it has received a generous donation of $5,000 from this year’s annual Information Security Summit to support student scholarships in the field of cyber security. The Information Security Summit, held each year on MassBay Community College’s Wellesley Hills campus, was established

When is the right time to rent yourself a CISO? The enterprise is facing a dangerous combination of mounting cybersecurity threats of increasing subtlety—and a widening gap in the skills required to identify and combat them. Having someone who knows how to lead the charge in identifying and analyzing threats, creating strategic security plans and

Stay on top of account management and assess staff security skills with CIS Controls 16 and 17 You can have the most secure system in the world, but hackers will always seek out the path of least resistance. When your defenses are good, the weak link is often your employees. Data breaches are most likely

OXFORD, U.K., July 19, 2016 – Sophos (LSE: SOPH), a global leader in network and endpoint security, today announced Sophos SafeGuard Encryption 8, a new synchronized encryption solution that protects data against theft from malware, attackers or accidental leaks. All organizations can now choose to adopt the best practice of “always-on” file-level encryption to protect

Ensuring overall compliance with strict regulations is the next growth opportunity. Whatever you think of it, marijuana is here to stay and coming to full legalization in a state nearest you. Controversy follows cannabis into every branch of society: political, cultural, science, health, education, legal and finance. A quick search on YouTube will show heartbreaking

Thanks to all who attended and sponsored our 2016 Information Security Summit. It was a great turnout where we discussed a number of issues and threats facing infosec today. We were happy to see attendees share ideas and continue the discussion online with #summitbuzz16 Here are some of the topics discussed at this year’s summit:

Failing to take basic security precautions with website passwords puts your data at risk Do you remember back in 2012 when LinkedIn was hacked? Around 6.5 million user passwords were posted on a Russian blog. There was a mandatory password reset for affected users, and LinkedIn released a statement advising people to enable two-step verification

Make sure the Internet of Things isn’t a route for hackers to get into your home or workplace As more and more Internet-connected devices find their way into our homes and businesses, it’s important to remember that they represent a security risk. The Internet of Things (IoT) is growing rapidly, and in the rush for

Higher education institutions are a prime target for cybercriminals, and IT needs resources to prevent attacks and provide a proper level of security No industry or sector is immune to data breaches, but some are targeted more often than others. Education came ahead of government, retail and financial sectors, and it was second only to

Your company’s data is its crown jewels, and you must protect it all times. CIS Controls 13, 14 and 15 will help you. Earlier we delved into disaster recovery and network security. Now it’s time to take a look at Critical Security Controls 13, 14 and 15, which cover data protection and access control. The Critical

10. Backup files every night. If you can access yesterday’s files, then there is no need to pay to unlock them today. 9. Patch automatically. Make sure operating systems software on all devices (phones, tablets, laptops) and browsers are patched automatically with security updates. 8. Update software. Make sure your endpoints and network devices are

Is your organization safe from all these connected devices? Wearables are rapidly invading the workplace in much the same way that smartphones did. Fitness trackers, smartwatches, head-mounted displays and other new form factors are beginning to capture the public imagination. Sales of wearable electronic devices topped 232 million in 2015, and Gartner forecasts they’ll rise

How security researchers and programmers hunt software bugs for cash rewards The business of bug hunting is a potentially lucrative one for both seasoned security researchers and amateurs with an interest in hacking. It’s an area that’s gaining legitimacy thanks to official bug bounty programs and hacking contests, but there’s still a seedy underbelly that

Watch out for April Fools scamming on Friday by Kevin Frey Annually, businesses and organizations often put up jokes or pranks for April Fools’ Day. Google, Starbucks, Amazon, etc. are frequent participants. E.g. Last year, Amazon revamped their site to look their old, original 1999 version… and Google (known for multiples) turned its “Maps” app

Complacency in addressing known vulnerabilities puts users at risk If you have even a passing interest in security vulnerabilities, there’s no chance that you missed the news about the DROWN vulnerability. It’s one of the biggest vulnerabilities to hit since Heartbleed, potentially impacting a third of all HTTPS websites. By exploiting the obsolete SSLv2 protocol,

According to Cisco’s 2015 Annual Security Report, 91 percent of companies have an executive with direct responsibility for security, but only 29 percent of them have a Chief Information Security Officer. The enterprise is facing a dangerous combination of mounting cybersecurity threats of increasing subtlety, and a widening gap in the skills required to identify

WASHINGTON –  The Internal Revenue Service today issued an alert to payroll and human resources professionals to beware of an emerging phishing email scheme that purports to be from company executives and requests personal information on employees. The IRS has learned this scheme part of the surge in phishing emails seen this year already has

Security researchers reveal new technique to break TLS using SSLv2 server. The war to close down security vulnerabilities is never-ending, but the new “DROWN” vulnerability is one of the biggest to rear its ugly head in recent months. A group of security researchers from a number of different universities and research institutes just unveiled this

Following the Center for Internet Security’s best practices. We discussed building malware defenses the last time out, but today we’re going to focus on Critical Security Controls 10, 11, and 12 covering data recovery, secure network configuration, and boundary defense. It’s unrealistic to think that you can completely avoid cyberattacks and data breaches, so it’s

Privacy and data protection issues confront all organizations—whether you handle employee information, credit card data, sensitive financial information, or trade secrets. Securing data is a daunting task that is further complicated by cross-border transfer issues and the differences in privacy laws around the world. The team at BakerHostetler has developed a prompt and practical PDF

10. A hedge against a breach A virtual chief information security officer can serve as security consul or as an interim CISO to fill the gaps during a planned information-technology security policy review. Better to be safe than sorry. 9. High talent at low costs As a temp hire, a vCISO offers flexibility and cost

As threats evolve and grow more sophisticated, securing IT systems is more important than ever. We may welcome in the New Year with open arms, but we must also prepare for the cybersecurity threats ahead of us. The 2015 Cost of Data Breach Study from IBM and the Ponemon Institute put the average cost of

Ransomware-as-a-service, help desks, third parties — all point to a mature yet illegal enterprise undergoing serious growth. Here are tips to protect yourself and your company. Ransomware is big business. Over the last few years we’ve observed the steady rise of ransomware, with some trepidation. It is fast becoming a multi-billion dollar business, and it’s

Online security trends continue to evolve. This year, online extortion will become more prevalent. We also expect that at least one consumer-grade IoT smart device failure will be lethal.  Ransomware will make further inroads, since the majority go unreported. China will drive mobile malware growth to 20M, and cybercrime legislation will take a significant step

10. Everything is connected. As the Internet of Things adds more and more devices to our networks, it creates more doors and windows for cyber criminals. Keep them locked. 9. Ransomware is on the rise. If you don’t want to end up paying to access your own data, then make sure that you protect it

Hacking and data breaches weren’t just the norm, but they reached far and wide, hitting victims of all kinds, from regular consumers, to government employees, and even children and cheaters. It seemed like no one was spared. The Worst Hacks of 2015…drum roll please! Israel Government Allegedly Hacks Kaspersky Lab The Massive Breach at OPM,

A “ransomware” segment was recently on NBC’s  Today featuring our security partner Sophos. To learn more about ransomware. click the thumbnail below:    

Another staple in a series examining the Center for Internet Security’s best practices. Our last article looked at applying Critical Security Controls 4, 5, and 6 to your organization, covering vulnerability assessment, administrative privileges, and audit logs. Now it’s time to move on to CSCs 7, 8, and 9. Email programs and web browsers are

The last time we looked at how Critical Security Controls (CSC) can help you build your InfoSec framework, we covered getting a handle on your software and your hardware inventories. Today, we’re going to discuss the importance of continually assessing and remediating vulnerabilities, keeping a tight control of administrative privileges, and monitoring your audit logs.

Originally posted on MetroWest Daily News. Towerwall, a Framingham-based network security and policy management company, donated $7,000 to the MassBay Foundation to sponsor student scholarships. Towerwall CEO Michelle Drolet, who is also a board member of the MassBay Foundation, presented MassBay interim president Yves Salomon-Fernandez, MassBay chief information officer Michael Lyons and MassBay vice president

How can you make sure the mobile apps you access are secure? A security profile should be at the top of the developer’s list when compiling a mobile app but that’s hardly the case. That’s a pity, because building a profile is easier to do during the dev phase. Are most mobile apps putting your

Vendors and other third parties should be treated with the same level of intense scrutiny as your own in-house risk compliance mandates. How seriously is your company treating the risk of a data breach? Have you done due diligence on all of your vendors and third-party partners? Cyberattacks can have a devastating impact in terms

by Sarah Kuranda Sophos is launching a new technology Monday that synchronizes threat intelligence and automation across endpoint and network levels. Sophos Security Heartbeat, part of the Oxford, England-based company’s new XG firewall series, links together the company’s next-generation firewall and UTM solutions with its next-generation endpoint technologies. In doing that, the company said, it is

When it comes to infosec, many of the most core basics are being overlooked. Many of the most obvious areas where security can be tightened up with little effort are being blatantly ignored. Are you doing your level best by covering the basics? Below are seven potential vulnerabilities. Most of these can be tackled without

Critical Security Controls is a set of best practices devised by the Center for Internet Security, a nonprofit dedicated to improving cybersecurity in the public and private sectors. Cyberattacks are costing businesses between $400 billion and $500 billion per year, depending on which analysts you listen to. Cybersecurity has never been a hotter topic. The

The Enterprise is at risk from malware and vulnerabilities hiding within mobile apps. You have to test your mobile apps to preserve your security. Mobile apps are ubiquitous now, and they offer a range of business benefits, but they also represent one of the most serious security risks ever to face the enterprise. The mixing

Encryption has a bad rap and far too often protection schemes are deployed foolishly without encryption in hopes of protecting data. t’s a heartache, nothing but a heartache. Hits you when it’s too late, hits you when you’re down. It’s a fools’ game, nothing but a fool’s game. Standing in the cold rain, feeling like

Encrypting data on your own might be the smartest move. For those of you old enough to remember the TV comedy series “Get Smart” featuring a spy that used his shoe for a phone, the good guys belonged to an agency called “Control,” and the bad guys were affiliated with “Chaos.” This month “Get Smart”

10. You need a WISP. A written information security policy, or WISP, is vital. Make sure there’s a person in charge of enforcing it. 9. Always encrypt data. Sensitive data, especially personally identifiable information, must be encrypted at all times, from the server, to the cloud, to a laptop or USB drive. 8. Check your

Non-compliance is a risk, and the Attorney General’s office carries a big stick for those who don’t follow the rules. If you don’t have a written information security program (WISP) in place for your business, then you could be risking data theft, legal action, and punitive fines. The law in many states now dictates that

 The “Stagefright” hole in Android – what you need to know Provided by Paul Ducklin at Sophos, Inc. The conference circuit can be a competitive arena, especially when there are multiple parallel streams. For example, back in 2010, I was at Black Hat in Las Vegas, and I attended the talk next door to the late Barnaby Jack’s now legendary

Are you patching quickly enough? How safe is the software you use? Do you have a system in place to identify vulnerabilities and patch them when they are discovered? How quickly do you react to vulnerability reports? There’s evidence that software vulnerabilities are on the rise, and few companies are taking the necessary action to

Cybersecurity is only as strong as the weakest link. If your organization is using third-party vendors, policing their activity is critical to cybersecurity. Few can forget the theft of 110 million customer credit cards from Target in December 2013. But not as many know how hackers gained access to such a vast amount of sensitive

Falling victim to a ransomware attack is most definitely inconvenient, but it could also serve as a wake-up call to the importance of backing up important data. You’re minding your own business, sitting at your office computer. Suddenly, a pop-up appears – with the logo of the FBI – warning that you’re under investigation for

Once again, the Information Security Summit hosted by Towerwall and MassBay was a resounding success. Hundreds of attendees and vendors participated in  diverse data security panels and networked with industry leaders and peers. The Summit opened with Michelle Drolet, CEO of Towerwall, and Shamsi Moussav, Computer Science Professor at MassBay Community College, presenting scholarships to

The enterprise is facing a dangerous combination of mounting cybersecurity threats of increasing subtlety, and a widening gap in the skills required to identify and combat them. Having someone that knows how to lead the charge in identifying and analyzing threats, creating strategic security plans and ensuring compliance, requires the right level of expertise. Many

Is Android secure enough for the enterprise? Android has a bad reputation when it comes to security, which is unfortunate because it’s the biggest mobile platform around in terms of market share. Gartner says Android claimed 80.7% of the worldwide smartphone market in 2014. We know that the BYOD trend has sparked a dramatic rise in personal mobile

For all the infosec hurdles to overcome, we can build a bright future if the enterprise can pull together. We often talk about the enormous challenges facing IT departments around the world. The consumerization of IT, driven by the BYOD trend and coupled with mobility, has given birth to a wide range of serious security

From unencrypted email to open Wi-Fi to faulty firewalls, some of the most common security threats could easily give away the entire farm. More threats emerge for IT departments every year. Cybersecurity is increasingly challenging as attacks get more sophisticated. But many core basics are still being ignored. Verizon’s 2015 Data Breach Investigations Report put

Teaching the workforce to create a heightened state of awareness. It’s time for the business world to toughen up on security. The threat from cybercriminals is pervasive. Successful attacks on financial institutions, large retailers, and even government bodies, are all too common. There’s a reason that the Worldwide Threat Assessment of the US Intelligence Community

Towerwall Founder and CEO Michelle Drolet’s latest article “Secure Your Future with a Virtual CISO” is featured in the Infosecurity Magazine. Read more below: The enterprise is facing a dangerous combination of mounting cybersecurity threats of increasing subtlety and a widening

Towerwall Founder and CEO Michelle Drolet’s latest article “Secure Your Future with a Virtual CISO” is featured in the Infosecurity Magazine. Read more below: The enterprise is facing a dangerous combination of mounting cybersecurity threats of increasing subtlety and a widening gap in the skills required to identify and combat them. Knowing how to lead the charge

Cyber risk report cites server misconfigurations as the No. 1 vulnerability. It’s often said, “There’s nothing new under the sun.” And that appears to be the case in the world of cybersecurity where hackers most often exploit known vulnerabilities to gain access to private computer files, according to HP’s 2015 Cyber Risk Report. Maintaining strong computer security,

Towerwall Founder and CEO Michelle Drolet’s latest article “Know When to Onboard a Virtual CISO” is featured in the Web Security Journal. Read more below: A virtual Chief Information Security Officer (CISO) can be an invaluable asset to your company. The virtual CISO provides your business with a person who will be in charge of the electronic

Frequently, companies don’t realize that the mobile apps they use are reason for concern. Once their data is breached, they begin to investigate. However, there are telltale signs that indicate an insecure mobile app. If you know what to look for, you may be able to avoid a catastrophic data breach. Mobile apps are everywhere

  Tips for your third-party risk management program “Home Depot said the crooks initially broke in using credentials stolen from a third-party vendor […] Recall that the Target breach also started with a hacked vendor…” — Brian Krebs, Krebs on Security In everyday business, a complex set of external relationships is commonplace. Services, infrastructure, and

The US Federal Communications Commission (FCC) on Thursday lay down 400 pages worth of details on how it plans to regulate broadband providers as a public utility. These are the rules – and their legal justifications – meant to protect net neutrality. They were passed last month, and details have been eagerly anticipated. The main gist of the lengthy document

Our Michelle Drolet is quoted in TechTarget’s article “Four ways DevOps can boost AWS security“. Read more below: Many IT teams believe security belongs to someone else. Building security into the DevOps process can be a tricky but rewarding move. Combine the “It’s not my job” belief that many IT administrators have about security tasks

Four ways to implement and maintain security testing. Cybercriminals had a fantastic time in 2014 – breaching major retailers such as Home Depot and Kmart, major financial institutions (notably JPMorgan Chase), and a slew of smaller companies. Indeed, cybercrimes are growing more common, more costly, and taking longer to resolve. Those are among the key findings

Towerwall is proud to offer our new vCISO Program. Introducing Towerwall’s vCISO Program, our unique approach to Virtual CISO. Offering three distinct partner options, our vCISO solutions are tailor fit to your organization’s security needs. Recognizing many small and mid-sized companies have security concerns, yet do not warrant a full-time position, the Towerwall vCISO Platform

secuProvided by William Gallagher Associates Insurance Brokers, Inc. News broke last week that Anthem, the nation’s second-largest health insurance carrier, was the victim of a data breach by external hackers. This breach affects both current and potentially former clients of Anthem. WGA is monitoring the situation on an ongoing basis, and here is what we

Towerwall Founder and CEO Michelle Drolet’s latest article “Bridging the Cybersecurity Skills Gap: 3 Big Steps” is featured in the InformationWeek Dark Reading. Read more below: The stakes are high. Establishing clear pathways into the industry, standardizing jobs, and assessing skills will require industry-wide consensus and earnest collaboration. There is a dangerous dearth of qualified Information

Our Michelle Drolet is quoted in NetworkWorld’s article “Are mobile apps putting your data at risk?“. Read more below: Quite often, companies don’t realize that the mobile apps they use are reason for concern. Once their data is breached, they begin to investigate. However, there are telltale signs that indicate an insecure mobile app. If you know

The funkily-named bug of the week is GHOST. Its official moniker is the less catchy CVE-2015-0235, and it’s a vulnerability caused by a buffer overflow in a system library that is used in many, if not most, Linux distributions. A buffer overflow is where you assume, for example, that when you handle a four-byte network number written out as

As the International Consumer Electronice Show (CES) 2015 brings forth the next generation of devices to watch out for, it also opens issues of digital security. While new technologies and devices are always interesting, they also have the potential to burn consumers and vendors with risks to security and privacy. With these in mind, we picked

Our Michelle Drolet is quoted in NetworkWorld’s article “Throw your vendor under the bus after a breach? Not quite so fast“. Read more below: In everyday business, a complex set of external relationships is commonplace. Services, infrastructure, and even software live in the cloud, supplied by third parties. An organization’s value is often in the data it

Sophos Researcher James Wyke recently did an analysis of the malware Vawtrak. He found that Vawtrak has been targeting financial institutions, especially banks. Vawtrak injects a DLL code into the targeted bank’s website, which allows a bypass of the victim’s two-factor authentication and infects the victim with a mobile malware. The malware then automatically transfers

Sophos Researcher James Wyke recently did an analysis of the malware Vawtrak. He found that Vawtrak has been targeting financial institutions, especially banks. Vawtrak injects a DLL code into the targeted bank’s website, which allows a bypass of the victim’s two-factor authentication and infects the victim with a mobile malware. The malware then automatically transfers

Building a solid security program takes time. Every organization is different. It’s very important to assess your technology, and consider both internal and external threats. An assessment will reveal vulnerabilities. The remediation process will help you take full advantage of your existing security assets and point you at any gaps that need filling. Even once

The information security profession, which evolved largely in reaction to threats, is now paying the price of an entire “missing generation.” Companies are challenged finding pros with the combination of business and technical savvy that is needed to combat growing threats. Compounding this problem, educational institutions are not graduating enough students with the necessary skills