The Federal Trade Commission has launched a new website to help smaller companies stay on top of cybersecurity. 
Read more »

Companies spent more than $18 billion on cybersecurity in 2016 — but data breaches hit an all-time high anyway. What's the problem? Simple: we're not using employees as the critical line of defense they can be.  
Read more »

Target's price tag for its infamous 2013 data breach keeps getting higher. Last month, it agreed to pay $18.5 million to 47 states and the District of Columbia, implement specific security controls, put a cybersecurity governance framework in place, and adhere to certain audit and reporting guidelines. And that's on top of the $202 million it's already spent on legal fees and other costs since the attack. Experts say that the settlement is a signal that companies will continue to be on the hook for massive financial penalties if they suffer data breaches. 
Read more »

CEOs, are you using "shadow IT" — applications and programs your IT department hasn't approved? You're not alone. A new report says 75% of CEOs do just that, even though 91% acknowledge it could put their company at risk. 
Read more »

Technology, the law, and the threat environment are changing so fast that achieving and maintaining regulatory compliance gets more complex and challenging by the day. If your employees are doing an end run around compliance processes using shadow IT, that only compounds the problem. 
Read more »

We've talked before about how SMBs are low-hanging fruit for cybercriminals: they have more to steal than individuals and weaker defenses than large companies. Unfortunately, that's more true than ever. 
Read more »

Beware of a new type of phishing attack that's tricking recipients into granting ongoing access to their email accounts. Most recently seen on May 3 in the form of a fake Google Doc app, the new credential phishing technique bypasses all the typical red flags like spoofed links, sign-in requests, and attached files that ordinarily warn users to be cautious. Instead, it sends users an Open Authentication permission request for a trusted and authorized application. Worse yet, changing passwords isn't enough to block the attack or kick out the attacker. 
Read more »

When you pay it and still don't get back what was stolen, which is happening more often with ransomware, at least according to a new survey of IT pros working in small and midsize businesses. 
Read more »

It should come as absolutely no surprise that financial services firms are the favorite targets of industry-specific attempts to breach data security. Why? Simple: that's where the money is. 
Read more »

The continued growth of ransomware puts business and professional services firms at particularly high risk, according to the latest global threat trends report. 
Read more »