Data breaches are events where certain confidential information is accessed without proper authorization. this goes further by having copies of that data distributed. The average data breach in 2020 caused roughly 3.92 million (USD) in damages. The core concept of a data breach is the fact that data confidentiality has been compromised. Data breaches can happen for a myriad of reasons. First off, breaches occur due to malicious actors that target vulnerabilities present in our...

Security Posture A lot of the time we like to think that adding a new tool or creating a new policy will start to cover our bases and make us less vulnerable. While that can be true in a lot of cases, we often tend to overlook system interaction changes and a plethora of other holistic variables. A key thing to keep in mind is our security posture. Security posture is the way we structure...

We covered “Email Phishing” last week, and a threat that is commonly found in conjuncture with Email phishing is “Ransomware”. Ransomware is a type of malware that is designed to encrypt data on an infected machine and deny access to it. Most of the time it has a “ransom” to be paid to decrypt it, hence the name. A lot of the protections from being infected fall long the lines of not falling for email...

This article is the start of a series of articles concerning “Common Cyber Threats” that affect organizations today. We’ll go over how these threats work, what types of threats there are, and some common ways to spot and mitigate damage from these threat types. Today we’ll start with Email Phishing. When people think of cyberattacks, they often imagine complicated code, a flurry of green text streaming down a screen, and a nefarious masked individual with...

Photo by Philipp Katzenberger on Unsplash What is “Endpoint Security“ While the concept of “Endpoint Security” is simple, its execution and operation aren’t. What exactly is “Enpoint Security” and what is an “Endpoint Security Solution“ Endpoint security is the concept of security measures placed at each “endpoint” or device accessing an enterprise network. This can include desktops, laptops, phones, and even internal servers. Traditionally this would include things like: Anti-virus (AV), Endpoint protection platforms (EPP), and Endpoint detection...

Zoom jumped from 10 million meeting participants per day (December 2019) to over 200 million daily meeting participants (March 2020). This has led to an unprecedented amount of attention being pointed at Zoom, be it from general public use or from those looking to exploit potential chinks in Zoom’s platform. That attention quickly evolved into a couple of security-based exploits. Instances of “Zoom bombing”, where a private link and/or password is shared and mass joined...

Remote working is becoming necessary in this quickly changing business climate. As we move our workforce from within our offices to within their living room, the security foundations we’ve established to protect our infrastructure and data at the office must also migrate with remote working. The movement has been rapid. Only a few businesses were prepared for the shift. As we establish effective security policies and practices for future operations, we must remain vigilant. This...

There are many types of exploits cyber criminals can use for various nefarious purposes. These exploits are vastly different in terms of how they work but the one common denominator between them is they all exploit vulnerable systems within the technology we use every day. Some exploits can be defined by the intended purpose of the attacks (Such as Denial of Service attacks” while others are defined by the unique software and online vulnerabilities they...

Not all cyber security risks come from malware, viruses, or software vulnerabilities. One of the most grievous risks is a bit more obvious. Keeping passwords on post-it notes or in notepad files might be one of the most easy to recognize vulnerabilities you could discuss in a cyber security setting. Yet studies show it is a constant issue among most businesses and organizations. It’s even suggested the problem gets worse when corporations implement password policies....

FIVE STEPS TO COMPLIANCEby: Michael Hall, Chief Information Security Officer Despite different industries being required to follow differently named guidelines, there’s a pretty good overlap for those information security items that IT really needs to worry about.Although there will be some personal information that may not fall under any compliance standards, from an IT perspective, it’s safe to assume that any and all customer, employee or other personal information needs to be protected from breach,...