Thinking about launching a new website? You’ll want a domain to go with that, as well as a brand spanking new email address. But here’s the thing: Before all the fun and excitement of creating a new website can begin, you first have to decide whether or not you want to host your domain, email, and website together with the same provider, or whether you want to keep them all separate.
Contrary to popular belief, small businesses don’t need to be restricted by their budgets and productive capacity - especially when it comes to security. By using the right Zero Trust approach, businesses can prevent data breaches, all while continuing to grow.
Online shopping has become an increasingly popular trend in the past few years as people find it more convenient to buy from the comfort of their homes. You can get pretty much anything and everything from online stores: groceries, clothing, jewelry, electronics and other household items. Yet, we need to consider for a moment if all these online financial transactions taking place are safe – and how can we ensure our protection from online frauds such as identity theft and phishing attacks.
Social engineering is the art of human deception. In the world of cybersecurity, it’s how to fool human beings in order to conduct cyber attacks. Some of these cyber attacks can be very expensive to your business! In fact, many of the worst cyber attacks to your organization’s network start with fooling you or one of your employees. Penetrating a network without human interaction is really tough.
First things first: It is crucial to understand the difference between Governance, Risk and Compliance (GRC) and Integrated Risk Management (IRM) because this sets the stage for long term strategic risk management and breaks down the siloed approach to risk that exists in many organizations today. It is because GRC is sometimes implemented from a compliance-driven strategy rather than a risk driven initiative.
An independent guest blogger wrote this blog. If you do a web search for “cybersecurity skills gap,” you’ll get many, many pages of results. It’s certainly a hot topic in our industry. And it’s a matter that security practitioners and human resources people often disagree on. But before I get further into the matter, it would help to know what it is we’re talking about when we use the phrase “cybersecurity skills gap.”
Implementing a risk based security program and appropriate controls against adaptive cyber threat actors can be a complex task for many organizations. With an understanding of the basic motivations that drive cyber-attacks organizations can better identify where their own assets may be at risk and thereby more efficiently and effectively address identified risks.
When it comes to building a security program, one of the most frequently overlooked areas is that of vendor management. Organizations focus significant resources on internal security, such as vulnerability scans, centralized log management, or user training, while not extending the same diligence towards their third-parties. Organizations end up trusting the security of their network and data to an unknown and untested third-party. As we all know, a chain is only as strong as its weakest link.
I was in a medical office the other day, and when the doctor came into the room, he needed to unlock his phone to contact a pharmacy. I couldn’t help but notice that his home screen had a photo of an infant. It was an adorable infant, and I asked “how old is your child?” The doctor reflexively answered, “10 months”, but then became a bit shocked, and asked me ‘how do you know I have a child?".
Up until now, some of PayPal users’ greatest fears in terms of cybersecurity were phishing scams aimed at obtaining their login credentials. In January of this year, PayPal confirmed a high-severity bug affecting the login form, with PayPal security investigator, Alex Birsan, finding a javascript file with what looked like a CSRF token and a session ID – which makes login information vulnerable to attackers.
