The General Data Protection Regulation, known as GDPR, is the European Union’s (EU) privacy regulations will take effect May 25th.
This legislature is significant in that it is some of the broadest restrictions on how businesses protect individual’s data—both keeping data private and secure from breaches, in addition to increased measures of how businesses will be held accountable.
The EU is instituting GDPR to protect the data and privacy of anyone living in the EU (citizen or not). It doesn’t protect EU citizens living outside of the EU.
Since several of our clients have asked about GDPR, I thought I’d walk through some of the basics in case you either work within the EU or handle data relating to EU citizens. Here are some of the top headlines from the EU’s GDPR legislation:
continue reading
At this point, many in business are fully aware of the target on their backs. This target placed on backs of businesses—sometimes targeting CEOs, CFOs, and other key roles in organizations, or even targeting entire business networks—from cybercriminals looking to use and exploit sensitive information on your network for financial gain.
The issue with many business networks is they continue to rely on legacy infrastructure, are inadequately staffed for their IT security—either internally or outsourced—and are consumed with too many insider threats from unsuspecting users, all making a difficult security threat landscape even more threatening.
Some of the biggest threats to business security lie within your infrastructure itself. This includes devices on your network that either have outdated operating systems and platforms, all of which can easily compromise your ENTIRE network (and ALL of your data).
continue reading
In some cases, running the latest updates may not necessarily mean that you’re automatically protected from data breaches and data vulnerabilities associated with a specific patch. In recent weeks, a number of security experts have identified two major vulnerabilities found in many modern processors that can exploit access to memory that should remain private, ultimately allowing them to steal your business data (think credentials, email and sensitive data).
Microsoft has already released a patch to mitigate effects of these two vulnerabilities—and many hardware manufacturers are starting to follow suit by rolling out firmware updates to address their security flaws related to processor vulnerabilities. The big problem with these security issues is that they are difficult to completely fix and it can be difficult to tell if your computer has been completely protected against attacks directed at these security issues.
continue reading
One question that keeps popping up is “how do I know if my antivirus is working?” That question is not always clear cut. What I mean here is that antivirus is just one tool meant to help keeping your business safe.
There is no one all end all for business security—I wish I could just download a piece of software on every user machine and server and say “you’re 100% safe”. But the reality of our current cybersecurity landscape is that antivirus is just one of the many tools in your cybersecurity arsenal aimed at keeping your business safe.
In addition to antivirus, you need to make sure your patches are regularly updated, your team understands the current phishing attacks targeting businesses (in some instances, there are very targeted attacks on specific business verticals), you have ‘smart firewalls’ in place, a comprehensive and tested backup solution, backup disaster recovery and an IT Support team that can help your users navigate resolving their issues so that they don’t seek their own unsafe resolution paths (the list goes on!).
continue reading
The latest attacks are costing organizations even more money to recover from ransomware. Will you be the next big victim?
With ransomware attacks hitting governments, hospitals and business small and large in 2018, there is no sign of a shortage of case studies for cyber security experts. One recent attack—which I’m sure you’ve heard about by now—has shown just how costly ransomware can be.
I don’t simply mean the cost of paying the ransom note! While some folks may think ‘pay the ransom and be done with it’ may be the easiest solution to re-mediating a ransomware attack, it’s simply not that simple. While ransom notes have gone up in costs in the last year—the current $50,000 price tag is not even the tip of the iceberg when it comes to costs associated with an attack.
In that big Samsam attack in late March on the city of Atlanta, Georgia I alluded to above, city officials are still figuring out how to cap its security spending. To-date, the city has shelled out over 3 MILLION dollars in contracts to recover from its devastating ransom attack on March 22, 2018. To-date, there is yet a comprehensive resolution to completely re-mediating the effects from the attack.
continue reading
I know that even the thought of a ransom attack on your business leaves a deep burning ulcer-like feeling in the pit of your stomach. We’ve been seeing so many ransom attacks hit businesses, governments, hospitals, you name it—that we’re all tired of seeing the recurring headlines of who was last hit by malicious software encrypting ALL of your critical business files.
But one question that likely won’t surface until you’re actually hit by ransomware is “should I just pay the ransom and be done with this?”
This is a huge question in and of itself. On the one hand, if the criminals kept to their word (usually they do about 75% of the time) you and your team could be back working relatively quickly (typically it takes about a week or so—depending on the size of your network—for a hacker to decrypt all of your files).
continue reading
