Forget about vampires, ghouls and zombies. You were much more likely to receive a fright this year from something lurking in your e-mail. There were the usual crop of Trojan horses and phishing expeditions, and as the surprising list points out, some of the scares go all the way up to White House and the FBI.
An intruder could eavesdrop on sensitive data sent across the Internet, manipulate the DNS address that redirects traffic from trusted sites to malicious ones, and possibly even infect other routers automatically. Chen says he informed Time Warner’s security department of the hole; they responded that they were aware of the problem but couldn’t do anything about it.An intruder could eavesdrop on sensitive data sent across the Internet, manipulate the... more
The first major hurdle that must be addressed to ensure information security and privacy policies are implemented and managed properly is that of upper management support. Beyond upper management buy-in, there are six other critical factors that will determine whether or not security policies are effective.The first major hurdle that must be addressed to ensure information security and... more
The seeming inconsistency between the perception of being immune from data breach risks with the rapid growth in data breach incidents, led us to think about whether organizations can actually quantify their level of breach risk. We were somewhat surprised that there is not much available to organizations to help them in scoring their vulnerability.The seeming inconsistency between the perception of being immune from data breach... more
How SaaS Cuts The High Costs of Web Access and SSO By 80% with On Demand Identity
This whitepaper explains:
* How identity services eliminates all capital outlays for hardware, software and infrastructure, expenses for support and staffing
* You can reduce the costs of training and integration to reduce identity lifecycle costs by more than 80% from enterprise identity softwareHow SaaS Cuts The High Costs of Web Access and SSO By 80% with On Demand Identity... more
If you own the business, you own the strategy and execution and you can not outsource accountability. Be careful about falling for the siren song of technology – it is there to support your business, not define it.If you own the business, you own the strategy and execution and you can not outsource... more
Companies are requiring huge amounts of personal information for quarantine events, and not only about workers, but also family members and non-family individuals who share the same living quarters. What kind of information is your company requiring for quarantines?Companies are requiring huge amounts of personal information for quarantine events,... more
Here is a scam that is particularly difficult threat to spot. Note the use of a Hallmark email address, Hallmark Logo and the template that was probably lifted from an authentic e-card. What’s the dead give-away that this is scam? Note the fact that the link has an “.exe” which is an “execute” command that will probably run some kind of nasty malware.Here is a scam that is particularly difficult threat to spot. Note the use of a... more
One of the penalties of having a well published email address is that I receive dozens of phishing emails, scam letters, and other nefarious material en masse daily. Most of these are the typical inheritance, lottery, and sweepstakes scams - but then there are the ones that at first glance may seem legitimate. Take for instance the following email I received over the holiday weekend...One of the penalties of having a well published email address is that I receive dozens... more
It is possible that, if such policies exist and were created specifically for HIPAA compliance, your organization is viewing this policy noncompliance as being a HIPAA infraction because of the HIPAA requirements to have security/privacy policies and enforce them.It is possible that, if such policies exist and were created specifically for HIPAA... more
QSA’s (auditors) policing the PCI-DSS (credit card data security standards) need to adjust their mindset when auditing virtualized card processing infrastructure…QSA’s (auditors) policing the PCI-DSS (credit card data security standards) need to... more
Safety online is a controversial issue, one that is debated to death with little results that the average person can use without an advanced IT qualification. Here are my four simple rules for improving internet safety:Safety online is a controversial issue, one that is debated to death with little... more
Currently, people rely on obscurity to keep their data safe. But with progressively more intelligent search engines available that can churn through vast amounts of data and make sense of it – even your email – security is something that needs to be addressed.Currently, people rely on obscurity to keep their data safe. But with progressively... more
In recent years, the number of reported data breaches at healthcare organizations has soared, despite laws requiring the groups to protect patient information. In May, a hacker stole more than 500,000 patient records from a state-run database that tracks drug prescriptions in Virginia — and then demanded a ransom to return the information.In recent years, the number of reported data breaches at healthcare organizations has... more
Any business, of any size, in any industry, in any location, is a possible target for PII theft and cybercrime if they possess any type of employee, customer or other consumer PII. Most businesses have PII. All businesses with PII need to make sure they provide due diligence to protect that PII.Any business, of any size, in any industry, in any location, is a possible target for... more
Spoiler alert: There isn’t an effective identity theft protection product. Typically, a company claiming to be an identity theft protection company will provide one or all of these services; access to credit reports, credit monitoring, and database monitoring. Unfortunately, these services cause security problems themselves.Spoiler alert: There isn’t an effective identity theft protection product.... more
Identity theft is “America’s fastest growing problem” according to a statement made by the Federal Bureau of Investigation. The Federal Trade Commission (FTC) estimates 10 million Americans are affected each year. Knowing how to protect yourself is vitally important to avoid becoming a victim. The following are arenas where thieves prey:Identity theft is “America’s fastest growing problem” according to a statement... more
Your email is as firmly established as an identity as a credit report- it contains details of your finances, address history, and birthday just as a credit report would. Your address book may reveal your mother’s maiden name, and a compromise of the account could easily reveal your tax information or social security number. A compromise of this account could be devastating.Your email is as firmly established as an identity as a credit report- it contains... more
We have seen a huge increase in job scams over the last few days targeting people making use of classified advertisement sites to look for employment. How do you separate the legitimate job offer from the scam? Here are some quick and easy checks you can do:We have seen a huge increase in job scams over the last few days targeting people... more
While the word “encrypt” does not occur even once within the ARRA, the guidance that the Department of Health and Human Services (HHS) provides for complying with the HITECH Act portion of the ARRA is full of encryption direction.While the word “encrypt” does not occur even once within the ARRA, the guidance... more
