Why You Need to Immediately Cut Data Access When Employees Leave

When your company parts ways with employees, are you able to immediately terminate all access to corporate data? If not, you’re opening the organization up to a very real danger.

Read More

Yes, You Should Be Concerned about Rogue Employees (and Here's Why)


In IT security, it’s often said that a company’s employees are its weakest link. As technology grows increasingly user-friendly, and the rules of digital “ownership” blur, rogue employees—those who don’t follow the standard IT security rules for one reason or another—are emerging as a significant threat to corporate security.

Read More

Identity and Access Management Terms Your C-Suite Needs to Know


Now that your C-suite understands your company’s information security program, it’s time to move further into the educational phase.

As you evaluate and prioritize the risks your organization faces, identity and access management (IAM) should become a clearer and clearer priority. To help you educate your CEO on the need for increased investment in modern IAM solutions, here is some key IAM terminology that you can use as you work to transition your company to a more modern strategy.  

Read More

Hackers and Contingent Workers Aren't Your Only Threats...


“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained, you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”—Sun Tzu

When it comes to protecting your company’s sensitive systems and data, do you truly know your enemy? Showy hacktivists, out for nothing more than a flashy outage and media attention, are the foes who most easily spring to mind, but they’re only the tip of the iceberg. The greatest threats to corporate network and data security are 1) those who seek to intrude undetected into your systems and 2) your accidentally careless and complacent employees who let them. These intruders are patient, they’re meticulous, and they’re eyeing what you have and are planning to get it, 24/7.

Read More

What Every CEO Should Know About Cybersecurity in 2017

Now that you’ve used the points outlined in the last installment of our series to discuss with your CEO how important security is to both your organization’s bottom line and your CEO’s job, it’s time to begin the process of education. There are several realities about security that your CEO must understand as you work toward a modernized security strategy that will optimally protect your organization from outside threats and inside vulnerabilities.

Read More

Phishing Campaigns Require a Proactive Approach to Security

Intruders Thrive on Complacency

When it comes to the threat landscape, nothing makes information security teams shudder more than complacent users, whether they be employees, partners, vendors, or customers. Yearly security and awareness trainings have become all the rage (rightly so), helping to check off boxes on company compliance audits. However, all too often, new users or even seasoned veterans can be caught off-guard and open the door to evildoers.  

Read More

URGENT: 97% of Top Companies Experience Data Leaks; IAM Must Be a Priority

In a recent analysis of the top 1,000 global companies, 97 percent were found to have had leaked credentials that were made publicly available on the Web. While this statistic is disturbing enough by itself, what is more troublesome is how that information is captured and made public.

Many leaked credentials come as the result of an organization suffering from a data breach, but another method that attackers are using is to steal credentials from a third-party source, similar to what happened when Spotify and Pandora were attacked. In both of these incidents, corporate emails used to sign up for accounts were either published or sold. Dating and adult websites are also common places where corporate emails are inappropriately used to create accounts, resulting in more than 300,000 corporate or government worker email addresses being exposed.

Read More

Identity and Access Management and Security Fast Facts


In past posts, we’ve talked about how evolving
business and threat landscapes have necessitated more robust, modern, and integrated Identity and Access Management (IAM) solutions. The reality for organizations today is that the weakest link in deterring security threats, such as system breaches and data theft, are employees themselves. Whether intentionally or unintentionally, employee data leaks are startlingly common and can have devastating effects on an organization.

Read More

Why Most Enterprise Password Management Policies Fail

From the massive Target data breach in 2013 to the Wendy's, UC Berkeley, IRS, and U.S. Department of Justice breaches of 2015 and 2016, today's enterprise exists in a security minefield in which a single misstep could lead to a massive breach and public blowout. As IT departments shutter and make sure to shore up their perimeter security, unfortunately, many overlook the fact that it was actually legitimate user credentials that were used in most 2016 data breaches, with some 63% being the result of weak, default, or stolen passwords, according to the new Verizon Data Breach Investigations Report (DBIR). These results drive home the point that passwords are the weakest link in the security chain and malicious intruders know it.

Read More

Beyond Compliance with Privileged Access Management


The goal of achieving compliance is to make sure that an organization is meeting minimum standards to protect sensitive data. In order to be compliant, a business needs only to meet the outlined requirements.

However, this does not mean that its systems and data are secure. Unfortunately, there are companies that treat compliance merely as a checkbox. Even when the minimum standards are met, data and accounts with elevated access are still vulnerable. Instead, achieving compliance should be viewed as the by-product of sound security practices. This starts with protecting the attacker’s most sought-after prize: privileged accounts with elevated access across the network.

Read More

Subscribe Here!