|Cloud Migration is a Chance to Improve Security|
|Anne Bisagno—Thursday, May 17, 2018
When you migrate to the cloud, you aren't just changing where your business activity and data live. You're moving them into an environment that's not entirely
under your control. That means making sure your cloud vendors have adequate security — but it also means revisiting your own security controls
so you don't create new vulnerabilities that didn't exist when your data was on-premise. Gartner and other experts recommend adopting an "onion" security
strategy, which wraps concentric layers of protection around each individual workload at the data, network, computer, and user level.
|Healthcare and GDPR: What you Must Know|
|Anne Bisagno—Thursday, May 10, 2018
When the European Union's General Data Protection Regulation (GDPR) goes into effect on May 25, healthcare organizations that treat patients from any of
the 28 EU countries will need to comply with a privacy law that's even more stringent than HIPAA.
|Last Chance to Prepare for GDPR Compliance|
|Anne Bisagno—Thursday, May 03, 2018
When the European Union's General Data Protection Regulation (GDPR) goes into effect on May 25, companies doing business in the EU will face a much higher
bar for data security compliance. Here are some key requirements you need to know:
|Defending Your Cybersecurity Strategy: Show Your Work|
|Anne Bisagno—Monday, April 23, 2018
If your company experiences a data breach, you'll need to prove that you already had appropriate cybersecurity technologies in place and
demonstrate where your sensitive data was, who accessed it, and how they used and shared it. The problem is, many regulations, such as the EU's pending
General Data Protection Regulation (GDPR), require you to report a breach in weeks or even days — but it may take you a month or more to identify
a breach, never mind pull together the necessary information to report it.
|Teach Your Employees Not to Fall for Phishing Bait|
|Anne Bisagno—Monday, April 16, 2018
We use Knowbe4 for phishing awareness training because we approve of the company's approach to teaching employees how to recognize suspicious email. (After
all, you can't get phished if no one in your company takes the bait.) So we were excited to see some new information about how well security training
works and who needs it most. Knowbe4 analyzed information across 15,000 companies and discovered that training reduces the average 27% of employees
who are likely to be fooled by phishing attempts to 13% after 90 days and 2.17% after a year.
|Financial Services Firms Under Cyberattack|
|Anne Bisagno—Monday, April 09, 2018
You've probably heard the old joke about why criminals rob banks: because that's where the money is. It's not so funny if you work in the financial services
sector. Security breaches at financial services firms have tripled in the last five years, making the industry cybercriminals' top target, according
to Accenture. The consulting firm's latest "Cost of Cyber Crime" study also reports that the average number of breaches per financial services firm grew from 40 in 2012 to 125 in 2017 — a leap of 212%.
|Get Back to the Cybersecurity Basics|
|Anne Bisagno—Monday, April 02, 2018
It's tempting to think that new technologies like artificial intelligence will save your company from data security disasters, but you need to resist that
|Protect Sensitive Tax Information|
|Anne Bisagno—Monday, March 26, 2018
Tax time is coming — and if you didn't already have enough to think about, you should also be on the lookout for IRS-related phishing attacks. The
tax agency's Online Fraud Detection & Prevention Center reports that cybercriminals are increasingly trying to scoop up W-2 data in bulk by targeting HR professionals who handle payroll and other employee financial data.
|What Keeps CISOs Up at Night?|
|Anne Bisagno—Monday, March 19, 2018
When Chief Information Security Officers (CISOs) lie awake at night, they're most worried about how to find enough cybersecurity pros to keep up with increasing
IT security threats. Most believe they're more likely to suffer a data breach or cyberattack in 2018 than they were in 2017. And most of them expect
those breaches and attacks will stem from inadequate in-house expertise. That's the conclusion of a recent survey from the Ponemon Institute.
|New Infosec Requirements Take Effect in NY State|
|Anne Bisagno—Monday, March 12, 2018
If you're a financial services company doing business in New York state, March 1 was your deadline to file for your first annual certification with 23 NYCRR 500.
This is the state's groundbreaking cybersecurity regulation that mandates risk assessments, vulnerability assessments, penetration testing, multifactor
authentication, and end-user awareness training.