The Complete Guide to Ransomware [Updated for 2022] Download eBook
Archive for the ‘Data Security’ Category

With security and compliance demands increasing daily, the need for organisations to increase their auditing, monitoring and alerting capabilities across there IT environments has followed suit. In a study we recently conducted, we found that 6 in 10 mid to large sized organisations are still using Native Auditing as their primary auditing method. Although we’ve definitely been seeing a change in this mindset. Out of these 6, at least half … Read more

Introduction 2017 has been a year full of high profile data breaches and this week, global accounting firm Deloitte has joined the list of those affected (reports the Guardian). If you don’t know who Deloitte are, all you need to really know is that they reportedly turned over a record $37bn in revenue last year. They also provide auditing, tax consulting and high-end cybersecurity advice to some of the world’s … Read more

One specific concept we’ve been talking about a lot recently here at Lepide is the Principle of Least Privilege (PoLP). The principle of least privilege is the process of ensuring a ‘user should only be able to access the information and resources he or she requires for legitimate reasons’. Opportunity Knocks… It’s such an important concept to understand. When we analyse the root causes of data leakage incidents, there are … Read more

With the advent of the new European Data Protection Regulation, all companies globally are required to adhere to the law if they are storing or processing personal information of any European Union citizens. This means that US companies doing business with European countries in theory must adhere to the law. If they do not the potential penalties are €20M, or 4% of the previous year’s gross global turnover, whichever is … Read more

Here at Lepide we brand ourselves as an IT security and compliance vendor, which raises a really interesting question as to what IT security really is. Sure, while we have always offered solutions that enable users to audit, monitor and alert when potential security threats arise, you could arguably say that visibility does not necessary equal security. Just because someone knows about a potential issue does not in itself equate … Read more

Back in May, the “WannaCry” virus started hitting computer systems across the globe. Spread via a simple E-mail phishing scam, the virus exploited a Microsoft vulnerability to hijack victims’ computers, locking and encrypting data so that it became impossible to access with a key. The cyber attack crippled massively sensitive servers worldwide, bringing amongst others, the UK’s NHS, FedEx and Germany’s rail systems to a grinding halt. All in all, … Read more

To put it simply, in order to protect your sensitive data, you need to know exactly what data you are trying to protect. Data classification allows you to categorise information based on how sensitive certain data items are by injecting metadata into documents, emails, etc. This information can be used to alert users about the degree of sensitivity associated with the data they are handling. This is akin to putting … Read more

Most of today’s malware could be stopped by following basic security best practices. But despite this, organizations either choose convenience over security or don’t enforce their own security policies. In a least privilege environment, users only have the rights required to carry out their job responsibilities. That’s a bit of an unhelpful definition because you could argue that many users need administrative privileges to fulfil their duties as a lot … Read more

The UK Government has announced a new data protection bill that is designed replace the forthcoming EU GDPR. The bill is essentially an update to the existing Data Protection Act (DPA), that was introduced in 1998. Why has the Government decided to make these changes? As of the 25th of May, 2018, the EU General Data Protection Regulation (GDPR) will come into effect, which sets out to “harmonize data privacy … Read more

SIEM (Security Information & Event Management) software is designed to assist organisations in detecting and reporting suspicious activity within their environment. SIEM solutions aggregate data in real-time from multiple sources within an IT environment and present the information via a single dashboard. SIEM solutions are useful; however, they also have many drawbacks. SIEM solutions can be complex Collecting the data and organising it into anything that you can derive real … Read more