Archives: New + Now

Subscribe to New + Now RSS Feed

Use of Multifactor Authentication

This has been quite the year of O365 intrusions. The story seems to be almost identical in each security incident we investigate this year, and it goes like this: Employee receives a pop-up message from Microsoft advising employee that s/he must change his or her password for security purposes. Employee types his or her user … Continue Reading

Vendor Management

A challenging risk management project that many clients are undertaking is vendor management. Ever since the Target breach, when an HVAC vendor’s employee clicked on a phishing email that allowed an intruder to compromise Target’s system, vendor management has been an issue to be addressed by company data privacy and security teams. Vendor management is … Continue Reading

Record Retention

An ongoing and frequent request is to assist clients with record retention guidelines and migration from storing massive amounts of paper records to an electronic system. How to do this correctly cannot be fully encapsulated in a blog post, but here are a few thoughts to consider when tackling this cumbersome process. There are very … Continue Reading

Test Your Employees with Internal Phishing Campaigns

Phishing campaigns continue to be one of the most successful ways for malicious intruders to access company information, including personal information of employees and customers. Phishing emails continue to get more and more sophisticated and employees continue to fall victim to them, often putting the entire company at risk. Typical successful phishing campaigns end with … Continue Reading

Ransomware and Back-Up Plans

Ransomware continues to be an issue for all industries. The latest statistics are concerning about the increase in variants that are introduced into the web on a daily basis. It is nearly impossible for companies to combat the increase in frequency and sophistication of malware attacking networks and systems. In my experience, companies continue to … Continue Reading

Privacy and Security Employee Education Efforts

As more and more companies become victim to data loss through phishing campaigns and insider threats, and the loss of data becomes riskier, companies are struggling to address the risks through employee education efforts. Note that we call it “education” and not “training.” No one likes training, so be mindful of how you are presenting … Continue Reading

Office 365 Migration

Many companies are migrating their email systems to Microsoft Office 365 (O365). The majority of security incidents in which we have been engaged in over the past six months involve a hacker successfully phishing an employee of the company (most of the time someone who is an executive in the company) and then spoofing the … Continue Reading
LexBlog