Cybersecurity and Compliance

It may seem strange to talk about cybersecurity in terms of “zero trust.” After all, if you can’t trust your systems and applications, why are you using them? But the term actually refers to a cybersecurity best practice that applies the basic concept “Never trust, always verify.”  Under the zero-trust security model, no user is trusted with full access to…

Based on a survey conducted by ResearchCorp.org and sponsored by Xantrion, see how organizations responded when asked how confident they are about the effectiveness of their security measures and see how your company is doing in comparison to those surveyed.

Software is an important tool that most businesses use in their day-to-day operations. However, apps can be detrimental to organizations’ operations if they contain vulnerabilities — that is, flaws or weaknesses that can be exploited by an attacker for malicious purposes. In 2019 alone, there were 22,316 new software vulnerabilities reported. A similar total is expected for 2020, as the mid-year count…

In the past decade, the number of known malware programs has risen from 65 million to 1.1 billion. The ways in which cybercriminals deploy the malware have also increased in number and sophistication.  While advanced security technologies are available to defend against these cyberthreats, many can be thwarted with basic security practices. However, research is showing that many small and mid-sized…

The US Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are warning businesses about a voice phishing (vishing) scam that targets employees working from home. Cybercriminals are using this scam to steal virtual private network (VPN) login credentials, which they use to access company networks and steal data or money. By understanding how this VPN vishing scam works,…

Just when you think you and your employees have learned how to recognize and avoid a social engineering attack, the criminals have come up with another way to trick you out of your cash and your sensitive data: the fake LinkedIn profile. 

Based on a survey conducted by ResearchCorp.org and sponsored by Xantrion, see how organizations responded when asked how confident they are about the effectiveness of their security measures and see how your company is doing in comparison to those surveyed.

Most companies use direct deposit to pay their employees. In the United States, for example, more than 80% of workers have their paychecks deposited directly into their personal bank accounts. This practice is providing many opportunities for cybercriminals to perpetuate their latest scam — trying to get businesses to deposit employee paychecks into their accounts. Variations of the Direct Deposit…

BYOD (bring your own device) refers to the practice of employees using their personal devices—such as smartphones, laptops, PCs, tablets, and other gear—on the job for the sake of convenience and comfort.

The California Consumer Privacy Act is designed to educate and protect California consumers about personal information that is being collected and sold, primarily by large, California companies.

Cybercriminals commonly use compromised passwords in cyberattacks. For example, in ransomware attacks, compromised passwords have now surpassed phishing scams as the No. 1 way to gain access to the systems in which the ransomware is planted, according to F-Secure’s “Attack Landscape H1 2019” report. And compromised passwords is No. 2 on hackers’ list of tools to use to gain access…

Only 66% of working adults correctly answered the question “What is phishing” in 2019 Proofpoint survey. This means one-third of adults do not know that phishing is a form of fraud in which cybercriminals try to scam people into providing sensitive information (e.g., login credentials, account information) or performing an action (e.g., clicking a link, opening an email attachment) in…

Xantrion’s cybersecurity program takes a risk based approach to preventing, detecting and recovering from a potential ransomware attack. We provide multilayered protections which consider the various methods criminals might use to penetrate a client’s network and protect against each of these attack vectors.  We monitor client systems so that, should compromise occur, it can be quickly detected and shut down. Even…

The number is eye-opening: 83% of companies believe that employee errors have put sensitive business and customer data at risk of exposure, according to a study by Egress. More than 1,000 security professionals at US-based companies participated in this study. The study also identified the technologies that most often involved in this type of accidental data leak. Email services provided…

Cryptojacking might not seem as dangerous as ransomware or data breaches since cybercriminals are stealing a computer’s processing power rather than money or data. However, companies that dismiss this threat might be putting their businesses at risk. Cryptojacking malware is becoming increasingly sophisticated, which could spell trouble for companies unprepared for it. The Changing Face of Cryptojacking Cryptojacking was born…

If you’re like most businesses, you have a variety of third-parties that you rely on to support your core business functions. And in many cases, they have the ability to connect to your network. By providing them remote access, you are effectively increasing your potential attack surface for cybercriminals to exploit. So what happens if their systems aren’t secure? They…

Shadow IT is any technology used by employees that your IT department doesn’t know about. That would never happen to us, you may say — but you’re probably wrong. According to Gartner, most companies hugely underestimate how much shadow IT their employees are using. And that’s a big problem, because what you don’t know about, you can’t secure. Outsourcing your…

Phishing is one of the biggest security threats to Xantrion’s clients right now. Small and midsize businesses are low-hanging fruit for attackers because they have more worth stealing than an individual, but fewer security safeguards than a larger business. What’s more, phishing attempts, or social engineering attacks, are becoming more frequent and more sophisticated. The harder they are to spot,…

Cybersecurity used to be primarily a concern for IT departments at large companies to tackle through technology — but that’s no longer true. Today, even small and midsized companies need to worry about the ramifications and repercussions of cybercrime. Cybercriminals are increasingly sophisticated, relentless, highly skilled, and well-funded. Their exploits are often targeted, automated, and even sponsored by nation-states with…