Leveraging Knowledge to Manage Your Data Risks
The Cybersecurity and Infrastructure Security Agency (CISA) recently issued guidance on protecting the security of organizations’ social media accounts to reduce the risk of unauthorized access to those accounts.
The guidance, entitled The Capacity Enhancement Guide (CEG): Social Media Account Protection, provides tips for organizations to protect social media accounts from malicious cyber actors. CISA…
Following Ubiquiti’s security incident and its subsequent recommendation to change your router password and enable multi-factor authentication, and the fact that it is widely reported that using default passwords on routers while working from home is a security risk, we thought it would be helpful to remind you to change your router password sooner rather…
You probably heard about the recent hack of Twitter accounts that took place on July 15, 2020. The hackers took over several prominent Twitter accounts, which resulted in a scam that netted over $118,000 in bitcoin for the hackers. One of the most startling things about the cyberattack was that it was led by a…
Secureworks issues an annual Incident Response Report that is very helpful in obtaining information on what types of incidents are occurring in order to become more resistant to threats. The 2020 IR Report was recently issued, and it contained some conclusions that made sense, while others were surprising.
The Report, entitled Pandemic-Driven Change: The Effect …
I came across an article last week that indicated there was a successful attack on Microsoft’s Office 365 and Google’s G Suite environments that was able to bypass multi-factor authentication (MFA). However, after reading the article it was immediately clear the attack leveraged an old protocol, IMAP (Internet Message Access Protocol), which does not support…
I am speaking at a conference in one of my favorite cities (okay, it’s Chicago) and I was having dinner at the bar when the patron next to me asked me what I do for a living. I am a friendly sort of person and like to meet new people, so I told her what…
On March 1, 2018, the one year transition period within which banks, insurance companies, and other financial services institutions and licensees regulated by the New York Department of Financial Services (“Covered Entities”) must have implemented a cybersecurity program ends. By March 1, the Covered Entities must be in compliance with the following requirements:
23 NYCRR…
Every morning we sit down at our computers and provide our credentials to the network; user name and password. Because it has become such a ubiquitous part of modern life, we have a user name and password to everything, we even have password management applications. This system of challenge and response is designed to prove…
