Archive for the ‘Data Security’ Category

Data breaches are inevitable. If your organization stores sensitive data, then it’s likely you will experience a data breach at some point. The longer this data breach goes unnoticed, the more damaging it is likely to be to the reputation, bottom line and processes of your organization. If you’re serious about protecting data, then you need to know what a data breach is and be able to spot the signs … Read more

Credential stuffing is a type of cyber-attack where cyber-criminals steal login credentials from one system and try to use them to gain access to user accounts on another. This is only possible because people have a tendency to re-use login credentials on multiple websites and applications. Credential stuffing is becoming increasingly more popular, largely due to how simple and effective it is. In fact, there are software programs that novice … Read more

The GDPR has been in effect for a long time now, and the most significant change to European Union (EU) privacy law in two decades has made some serious waves. The GDPR was designed to replace the Data Protection Directive (DPD) that came into force in 1995 when web technology was nowhere near as advanced as it is today. The GDPR applies to all organizations handling the data of EU … Read more

In simple terms, data breaches can be defined as incidents where data (particularly sensitive, protected or confidential data) has been accessed, shared or otherwise exposed in an unauthorized way. The actual type of data involved in a breach might vary depending on the organization and the data they process. Many compliance regulations differ on what they define a data breach worthy of notification to actually be. For example, if you’re … Read more

In February of 2019, Gartner published their list of the top 10 security projects for 2019 – a list of security projects that security and risk management leaders need to consider implementing in order to reduce risk and achieve compliance. As organizations grow and become more complex, the prospect of introducing new security projects whilst maintaining existing ones can be daunting. Brian Reed, Senior Director Analyst at Garner, suggests that … Read more

2019 is set for being the worst year on record for data breaches, with as many as 3,813 breaches reported so far. As a result, businesses can no longer cross their fingers and hope that they won’t fall victim to a breach, as the chances are, they will. Businesses who are responsible for the personally identifiable information of consumers will be likely subject to a major compliance regulation (such as … Read more

From a security point of view, it is always recommended to use special service accounts to run application services instead of system accounts. The reason being, if a service account is compromised, the losses will be limited compared to a system account. However, any data breach (big or small) is a threat to IT security and when they can be so easily avoided what’s the point of relaxing security? The … Read more

Data Access Governance (DAG) is a broad term that refers to way we govern access to our data, if you haven’t already figured that out. Data Access Governance involves carrying out risk assessments, implementing privacy policies, discovering and classifying sensitive data, setting up access controls, and monitoring access to critical assets. It also involves analyzing inbound and outbound network traffic, security awareness training, and keeping up to date with the … Read more

For those that don’t know, an Amazon S3 bucket is a Simple Storage Service (S3), that is offered by Amazon Web Services (AWS) – the most popular cloud service in the world. S3 buckets are used by a number of high-profile service providers such as Netflix, Tumblr, and Reddit. They enable people to store large amounts of data at a relatively low cost, provide “99.99% availability”, and are generally easy … Read more

Back in 2017, the New York State Department of Financial Services (NYSDFS) brought forward a cybersecurity regulation aimed at the financial industry. The GDPR-like regulation includes incredibly strict requirements for reporting data breaches and limiting data retention. There are a few commonalities with the NYDFS Cybersecurity Regulation and other well-known regulations, including controls for data security, risk assessment processes, security policy documentation and the appointment of a CISO. The objective … Read more