Data Security & Compliance Blog

Microsoft Teams is an online collaboration platform that is a part of the Office 365 suite. Microsoft Teams enables employees, executives, and other relevant stakeholders to seamlessly communicate and collaborate on projects from any location, using virtually any device. Private messages can be sent via the Chat feature, which uses OneDrive for Business to store file attachments. You can also make peer-to-peer voice and video calls using the Calls feature, … Read more

Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service. It allows employees to access data and applications, such as Office 365, Exchange Online, OneDrive, and more. An increasing number of organizations are migrating data from their on-premises AD environment to Azure AD, to take advantage of the benefits that cloud platforms provide. However, Azure AD and your on-premise implementation of Active Directory and are quite different … Read more

Phishing is a social engineering technique commonly employed by cyber-criminals to trick unsuspecting victims into downloading a malicious application or visiting a malicious website. Phishing attacks are typically carried out via email, although other mediums can be used, hence Vishing (Voice Phishing), and Smishing (SMS Phishing). In most cases, the goal of phishing is to obtain sensitive information, in some form or another, through some means or another. According to … Read more

A lot has changed since the COVID-19 pandemic arrived on our shores, including the already complex and evolving world of data security. Many more employees are now working from home, and many will continue to do so, even after the pandemic eventually subsides. Allowing employees to work from home can be beneficial for both parties, however, many companies were woefully unprepared for the security challenges that such a shift would … Read more

In January 2021, an American Health insurer by the name of Excellus agreed to pay over $5.1 million to the Office for Civil Rights (OCR) at the US Department of Health and Human Services (HHS) in a settlement after violating the Health Insurance Portability and Accountability Act (HIPAA). Excellus Data Breach The violation in question relates to a data breach that resulted in the sensitive data of over 9.3 million … Read more

Over the past fifteen years, we’ve seen a relatively consistent increase in the number of annual data breaches. We’ve also seen an increase in the number of stringent data privacy laws being introduced across the globe, and a failure to comply with these laws may result in large fines being levied against the non-compliant organization. That said, 2020 has actually seen a decrease in the number of data breaches, which … Read more

Let us start the new year with some positive news. Despite the coronavirus pandemic, the number of data breaches in 2020 fell by 52%, at least in the first six months anyway. That said, we’ve still seen a large number of high-profile cases, some of which involving billions of exposed records. Top Data Breaches of 2020 Below is a round-up of the 20 biggest data breaches we saw in 2020. … Read more

The healthcare industry continues to grapple with a myriad of security threats, ranging from insider threats to malware and DDoS attacks. Unlike other industries, healthcare is faced with a unique set of challenges. Budgetary constraints and a general lack of executive leadership have made it very difficult for service providers to stay ahead of the curve, yet a failure to do so could cost lives. Not only that, but protected … Read more

Kerberos is an authentication protocol that uses tickets to provide strong authentication for client/server applications and became the default authentication method for Windows 2000 and later versions. The Kerberos protocol uses either symmetric-key or public-key cryptography to provide secure communication with other services and applications on the network. However, as with any widely adopted authentication protocol, Kerberos has become a prime target for hackers, where the main goal is to … Read more

Organizations have a tendency to hoard large amounts of unstructured data, some of which may contain data that is confidential, such as credit card numbers, passport numbers, health-related information, and so on. When I say, “unstructured data”, I’m talking about data that doesn’t fit into a traditional relational database, with rows, columns, and keys. Such data might include Word documents, spreadsheets, and emails. As the number of data breaches continues … Read more