Articles

CYBERSECURITY AND COMPLIANCE

Should you Trust Password Managers?

A good password is a critical part of protecting your data. So, when LastPass, a popular password manager solution, announced that its third-party cloud-based storage service had been breached, allowing an unknown attacker to gain access to backups containing customer data including password vaults, a lot of people got nervous.  The bad news is that those customer password vaults are in…

4 Critical Questions to Ask Your IT Security Company

According to a recent RSM report, 40% of midsized companies outsource IT services to obtain cost-effective expertise and keep current with rapidly changing technology and threats. The critical issue these companies face is determining which IT outsourcing company to trust, since the report also found that many mid-market companies are worried about a cyberattack on a supplier. As an industry…

Why Endpoint Detection and Response (EDR) Instead of Anti-Virus Software?

Security remains one of the biggest concerns and most challenging responsibilities facing small and medium-sized businesses (SMBs) today. In 2021, there was a 300% increase in ransomware attacks with over 50% reaching small businesses. To address this challenge, Microsoft is investing in security solutions purposefully designed to help protect them.  Microsoft Defender for Business is a new endpoint security solution…

Ensure your Life Science Company Survives Investor Due Diligence

By Robert Thomas, Audit Senior Manager, WithumSmith+Brown, PC and Christian Kelly, IT Auditor, Xantrion Inc.  Congratulations! Your pharmaceutical, biologic, or medical device startup has developed a promising product, and you’re ready to raise a Series B round of funding. Read on to learn what experts Rob Thomas and Christian Kelly recommend to make it easier to pursue and obtain that…

The Do’s and Don’ts of Preventing MFA Spamming Attacks

Multi-factor authentication (MFA) is a great way to add an extra layer of security to network access. But it’s not foolproof – as Cisco, Microsoft, and Uber all learned recently when cybercriminals breached their network using a technique known as MFA spamming.  Also known as MFA bombing and MFA fatigue, this ploy is used by an attacker who has acquired…

Cybercriminals Like to go Phishing, Don’t Fall for the Bait

Phishing is when criminals use fake emails, social media posts or direct messages with the goal of luring you to click on a bad link or download a malicious attachment. If you click on a phishing link or file, you can hand over your personal information to the cybercriminals. A phishing scheme can also install malware onto your device. No need…

Ransomware Protection: Guaranteed

Last year’s headline-grabbing ransomware attacks on the Colonial Pipeline and meatpacking company JBS show how vital it is to remain vigilant in your efforts to protect yourself from ransomware. For several days, the attacks shut down one of the most vital oil pipelines in the US and disrupted the global meat supply chain. They also cost each company millions of…

Is Penetration Testing Worth the Investment?

1. What is penetration testing and why is it important? A penetration test identifies how a cybercriminal might successfully get into your network and systems in order to steal your data and compromise your operations. Many companies are required to provide the results of a penetration test to regulators or insurers every year, but even without an external requirement, a…

Why Xantrion Uses Microsoft

When you hire Xantrion as your managed security service provider (MSSP), you’re trusting our ability to protect your business-critical infrastructure and data – and the technology partners we choose to help us do that.   Microsoft is one of our most trusted partners. In fact, we have so much confidence in their approach to zero trust security that we’ve made…

Vulnerability Scanning: What It Is And What It Does

By Rapid Fire Tools Nearly every industry and government IT security standard around the world, including the NIST Cybersecurity Framework, the Center for Internet Security (CIS 20), Australia’s Essential 8, the Department of Defense’s CMMC and PCI requires vulnerability scanning. This almost universal requirement for network vulnerability scanning stems from its core function of identifying weaknesses in computers and networks…

My Cyber Liability Insurance Premium Just Doubled, Now What?

Why is the average cost of cyber liability insurance starting to double from one year to the next, and what can you do about it?  In the past, getting a high-quality, affordable policy was as simple as providing your revenue and some basic information about your cyber security controls. Today, you must fill out a detailed annual questionnaire about your…

QR Codes in the Time of Cybercrime

By Javvaad Malik, Co-founder, Security B-Sides London and security awareness advocate for KnowBe4 QR codes have been around for many years. While they were adopted for certain niche uses, they never did quite reach their full potential. They are a bit like Rick Astley in that regard, really popular for one song, but well after the boat had sailed. Do…

3 Reasons to Make Data Privacy your New Year’s Resolution

By Jodi Daniels, Founder & CEO of Red Clover Advisors Our favorite time of the year is finally here—and yes, we know the winter holidays have already come and gone. But as much we may love warming up with a cup of hot cocoa (topped off with unreasonable amounts of marshmallows, please!), there’s one day that holds a special place…

Getting to Zero: What You Need to Know About Zero-Trust Architecture

It may seem strange to talk about cybersecurity in terms of “zero trust.” After all, if you can’t trust your systems and applications, why are you using them? But the term actually refers to a cybersecurity best practice that applies the basic concept “Never trust, always verify.”  Under the zero-trust security model, no user is trusted with full access to…

2021 Cybersecurity and Threat Preparedness Annual Study

Based on a survey conducted by ResearchCorp.org and sponsored by Xantrion, see how organizations responded when asked how confident they are about the effectiveness of their security measures and see how your company is doing in comparison to those surveyed.

Identity and Access Management Best Practices: The Key to Cloud and Mobile Security

When we talk about data security, we’re basically talking about two things: making sure information and applications are available to people who are authorized to use them, and keeping everyone else away. Identity management, also known as identity and access management, is key to our ability to do that. Identity management is the process of defining who you are and what you’re…

Three Basic Security Blunders That Many SMBs Are Still Making

In the past decade, the number of known malware programs has risen from 65 million to 1.1 billion. The ways in which cybercriminals deploy the malware have also increased in number and sophistication.  While advanced security technologies are available to defend against these cyberthreats, many can be thwarted with basic security practices. However, research is showing that many small and mid-sized…

Beware This New Phishing Line: The Fake LinkedIn Profile

Just when you think you and your employees have learned how to recognize and avoid a social engineering attack, the criminals have come up with another way to trick you out of your cash and your sensitive data: the fake LinkedIn profile. 

2020 Cybersecurity and Threat Preparedness Annual Study

Based on a survey conducted by ResearchCorp.org and sponsored by Xantrion, see how organizations responded when asked how confident they are about the effectiveness of their security measures and see how your company is doing in comparison to those surveyed.

Watch Out for This Direct Deposit Scam

Most companies use direct deposit to pay their employees. In the United States, for example, more than 80% of workers have their paychecks deposited directly into their personal bank accounts. This practice is providing many opportunities for cybercriminals to perpetuate their latest scam — trying to get businesses to deposit employee paychecks into their accounts. Variations of the Direct Deposit…

Articles

CYBERSECURITY AND COMPLIANCE

Should you Trust Password Managers?

A good password is a critical part of protecting your data. So, when LastPass, a popular password manager solution, announced that its third-party cloud-based storage service had been breached, allowing an unknown attacker to gain access to backups containing customer data including password vaults, a lot of people got nervous.  The bad news is that those customer password vaults are in…

4 Critical Questions to Ask Your IT Security Company

According to a recent RSM report, 40% of midsized companies outsource IT services to obtain cost-effective expertise and keep current with rapidly changing technology and threats. The critical issue these companies face is determining which IT outsourcing company to trust, since the report also found that many mid-market companies are worried about a cyberattack on a supplier. As an industry…

Why Endpoint Detection and Response (EDR) Instead of Anti-Virus Software?

Security remains one of the biggest concerns and most challenging responsibilities facing small and medium-sized businesses (SMBs) today. In 2021, there was a 300% increase in ransomware attacks with over 50% reaching small businesses. To address this challenge, Microsoft is investing in security solutions purposefully designed to help protect them.  Microsoft Defender for Business is a new endpoint security solution…

Ensure your Life Science Company Survives Investor Due Diligence

By Robert Thomas, Audit Senior Manager, WithumSmith+Brown, PC and Christian Kelly, IT Auditor, Xantrion Inc.  Congratulations! Your pharmaceutical, biologic, or medical device startup has developed a promising product, and you’re ready to raise a Series B round of funding. Read on to learn what experts Rob Thomas and Christian Kelly recommend to make it easier to pursue and obtain that…

Strategic, Reliable, and Secure. Learn more about our services.

The Do’s and Don’ts of Preventing MFA Spamming Attacks

Multi-factor authentication (MFA) is a great way to add an extra layer of security to network access. But it’s not foolproof – as Cisco, Microsoft, and Uber all learned recently when cybercriminals breached their network using a technique known as MFA spamming.  Also known as MFA bombing and MFA fatigue, this ploy is used by an attacker who has acquired…

Cybercriminals Like to go Phishing, Don’t Fall for the Bait

Phishing is when criminals use fake emails, social media posts or direct messages with the goal of luring you to click on a bad link or download a malicious attachment. If you click on a phishing link or file, you can hand over your personal information to the cybercriminals. A phishing scheme can also install malware onto your device. No need…

Ransomware Protection: Guaranteed

Last year’s headline-grabbing ransomware attacks on the Colonial Pipeline and meatpacking company JBS show how vital it is to remain vigilant in your efforts to protect yourself from ransomware. For several days, the attacks shut down one of the most vital oil pipelines in the US and disrupted the global meat supply chain. They also cost each company millions of…

Is Penetration Testing Worth the Investment?

1. What is penetration testing and why is it important? A penetration test identifies how a cybercriminal might successfully get into your network and systems in order to steal your data and compromise your operations. Many companies are required to provide the results of a penetration test to regulators or insurers every year, but even without an external requirement, a…

Why Xantrion Uses Microsoft

When you hire Xantrion as your managed security service provider (MSSP), you’re trusting our ability to protect your business-critical infrastructure and data – and the technology partners we choose to help us do that.   Microsoft is one of our most trusted partners. In fact, we have so much confidence in their approach to zero trust security that we’ve made…

Vulnerability Scanning: What It Is And What It Does

By Rapid Fire Tools Nearly every industry and government IT security standard around the world, including the NIST Cybersecurity Framework, the Center for Internet Security (CIS 20), Australia’s Essential 8, the Department of Defense’s CMMC and PCI requires vulnerability scanning. This almost universal requirement for network vulnerability scanning stems from its core function of identifying weaknesses in computers and networks…

My Cyber Liability Insurance Premium Just Doubled, Now What?

Why is the average cost of cyber liability insurance starting to double from one year to the next, and what can you do about it?  In the past, getting a high-quality, affordable policy was as simple as providing your revenue and some basic information about your cyber security controls. Today, you must fill out a detailed annual questionnaire about your…

QR Codes in the Time of Cybercrime

By Javvaad Malik, Co-founder, Security B-Sides London and security awareness advocate for KnowBe4 QR codes have been around for many years. While they were adopted for certain niche uses, they never did quite reach their full potential. They are a bit like Rick Astley in that regard, really popular for one song, but well after the boat had sailed. Do…

3 Reasons to Make Data Privacy your New Year’s Resolution

By Jodi Daniels, Founder & CEO of Red Clover Advisors Our favorite time of the year is finally here—and yes, we know the winter holidays have already come and gone. But as much we may love warming up with a cup of hot cocoa (topped off with unreasonable amounts of marshmallows, please!), there’s one day that holds a special place…

Getting to Zero: What You Need to Know About Zero-Trust Architecture

It may seem strange to talk about cybersecurity in terms of “zero trust.” After all, if you can’t trust your systems and applications, why are you using them? But the term actually refers to a cybersecurity best practice that applies the basic concept “Never trust, always verify.”  Under the zero-trust security model, no user is trusted with full access to…

2021 Cybersecurity and Threat Preparedness Annual Study

Based on a survey conducted by ResearchCorp.org and sponsored by Xantrion, see how organizations responded when asked how confident they are about the effectiveness of their security measures and see how your company is doing in comparison to those surveyed.

Identity and Access Management Best Practices: The Key to Cloud and Mobile Security

When we talk about data security, we’re basically talking about two things: making sure information and applications are available to people who are authorized to use them, and keeping everyone else away. Identity management, also known as identity and access management, is key to our ability to do that. Identity management is the process of defining who you are and what you’re…

Three Basic Security Blunders That Many SMBs Are Still Making

In the past decade, the number of known malware programs has risen from 65 million to 1.1 billion. The ways in which cybercriminals deploy the malware have also increased in number and sophistication.  While advanced security technologies are available to defend against these cyberthreats, many can be thwarted with basic security practices. However, research is showing that many small and mid-sized…

Beware This New Phishing Line: The Fake LinkedIn Profile

Just when you think you and your employees have learned how to recognize and avoid a social engineering attack, the criminals have come up with another way to trick you out of your cash and your sensitive data: the fake LinkedIn profile. 

2020 Cybersecurity and Threat Preparedness Annual Study

Based on a survey conducted by ResearchCorp.org and sponsored by Xantrion, see how organizations responded when asked how confident they are about the effectiveness of their security measures and see how your company is doing in comparison to those surveyed.

Watch Out for This Direct Deposit Scam

Most companies use direct deposit to pay their employees. In the United States, for example, more than 80% of workers have their paychecks deposited directly into their personal bank accounts. This practice is providing many opportunities for cybercriminals to perpetuate their latest scam — trying to get businesses to deposit employee paychecks into their accounts. Variations of the Direct Deposit…
Menu