Archive for the ‘Data Security’ Category

As Governments across the globe introduce new and/or improved data privacy regulations, organizations must ensure that they have the necessary tools in place to demonstrate their compliance efforts to the relevant supervisory authorities. Due to various reasons, such as the increased adoption of cloud services and the increase in the number of employees working remotely, IT environments have become increasingly more distributed, which has led to a change in the … Read more

Cyber-attacks that involve lateral movement and privilege escalation can take months or even years to unfold, and it can take just as long for security teams to find out about them, by which time, a significant amount of damage may have already been caused. It’s important that we understand exactly what lateral movement and privilege escalation are so that we can better defend against them. What is Lateral Movement and … Read more

As a consequence of the ongoing health crisis, educational institutions were required to make provisions that would allow both teachers and students to work from home. However, as with many other organizations, the abrupt shift came with a plethora of data security challenges for schools. Why Data Security is Important for Schools According to a recent report by Microsoft Security Intelligence, the education sector had the highest number of malware … Read more

It’s getting to the point where companies across the globe are struggling to justify installing, managing, and maintaining their own IT infrastructure. Cloud computing offers increased flexibility with regards to storage space and bandwidth, which helps to cut costs as companies can use cloud services on a pay-per-use basis. Cloud computing allows employees and stakeholders to communicate and collaborate on projects from practically anywhere in the world. Cloud service providers … Read more

On May 7, 2021, a cybercriminal group forced Colonial Pipeline, the largest pipeline system for refined oil products in the United States, to shut down their operations. The group locked down Colonial Pipeline’s computer systems and stole over 100 GB of corporate data. The FBI have identified the group as the DarkSide ransomware group, according to a recent post by the New York Times. There is evidence that the group … Read more

As organizations across the globe continue to grapple with Covid-19 and the abrupt shift from a predominantly office-based working environment to a predominantly remote working environment, the question of how to effectively navigate insider risk has become a hot topic. NOTE: I will use the terms “insider risk” and “insider threat” interchangeably. Even though some consider an insider threat to be a subset of insider risk, they still essentially refer … Read more

As you probably already know, Microsoft Office 365 enables employees (and other relevant stakeholders) to effortlessly collaborate on projects, and allows them to collectively share, edit and comment on documents in a harmonized manner. As they say, with great power comes great responsibility, but of course, this is not something we can count on. The reality is that employees are often unaware of who they sharing documents with, and whether … Read more

Despite significant improvements in cloud security in recent years, IT professionals are still cautious about storing and processing sensitive data in the cloud. We still hear of security breaches caused by misconfigured storage containers, insecure interfaces and APIs, user account hijacking, and more. The lack of visibility, combined with the ability for employees to easily share data with people outside of the organization makes security professionals nervous. At the end … Read more

PHI is not the twenty-first letter of the Greek alphabet, nor is it a ratio defined by geometric construction. In this context, PHI stands for “Protected Health Information”, and includes any health information, in any form, that can be used to identify an individual, in some way. It is important to understand that, even though information such as names, telephone numbers, and birthdates are not unique identifiers, they are said … Read more

In March 2021, The Department for Digital, Culture, Media, and Sport (DCMS) published its sixth annual survey of UK businesses, charities, and educational institutions as part of the National Cyber Security Programme. The Cyber Security Breaches Survey 2021, as it is called, highlighted a number of important issues relating to the way companies have been securing their systems and data during the ongoing pandemic. Perhaps the most notable (and somewhat … Read more