|Get Your Board On Board With Cybersecurity|
|Anne Bisagno—Monday, May 22, 2017
If you're frustrated by how little your board of directors seems to understand about cybersecurity, take heart: you're not alone.
Recent research by security firm Focal Point Data Risk shows that security pros see their job as guiding the business and preventing loss, while business
leaders think of security primarily as a way to protect company data and the corporate brand.
|Patch Your Windows Systems in March? If so, you are Safe From “WannaCry” Ransomware Attack|
|Anne Bisagno—Tuesday, May 16, 2017
The so-called Wanna Decyptor ransomware is currently moving across 74 countries in more than 45,000 attacks, including a massive takedown of several UK
|Scrub Old Devices Clean|
|Anne Bisagno—Monday, May 15, 2017
If one of your employees has upgraded a digital device lately, your sensitive corporate data could end up in the hands of whomever acquires the cast-offs.
So says a new study that found 40 percent of phones, tablets, and laptops available for resale still contained personally identifiable information (PII).
|Treat Cyber Insurers As Partners|
|Anne Bisagno—Monday, May 08, 2017
Cyber risk is the third most significant hazard to corporate health — after business interruption and market developments, but before natural disasters, regulatory changes, or even fire. That's why you need to
include risk managers, insurance brokers, and insurance carriers as partners in guarding your company's data assets.
|Cyber Security: A Board-Level Issue|
|Anne Bisagno—Monday, May 01, 2017
A new bill proposed in the Senate in March would require boards of directors at public companies to disclose their cyber security risks and competencies
to the US Securities and Exchange Commission (SEC). The Cybersecurity Disclosure Act of 2017 (S536) would require board members to detail what a company is doing to protect itself from data breaches.
|Do Your Employees Stand Up to Security Testing?|
|Anne Bisagno—Monday, April 24, 2017
Training your employees to recognize security risks works — especially when they're learning how to spot phishing attempts.
The Ponemon Institute estimates anti-phishing training delivers an astonishing 50x return on investment. But how can you be sure you're getting
that ROI? Simple: put your training to the test.
|You Can Handle the Truth (About Security Vulnerabilities)|
|Anne Bisagno—Monday, April 10, 2017
Many people are under the impression that telling a vendor about a cyber security flaw in software or a device is at best pointless and at worst a reckless
invitation for hackers to exploit it. That's why we at Xantrion were so interested in this cyber security pro's story about spotting and reporting a security problem in an IoT device — a wireless webcam that the researcher discovered he could theoretically take over and use to get live access to other webcam
owners' cameras. The vendor responded to his report in just four days and had a patch and customer alert ready to go in a month.
|New York State Beefs Up Cyber Security Regulations|
|Anne Bisagno—Monday, April 03, 2017
As the center of the US financial industry, New York State has plenty of reasons to want to protect financial institutions and their customers against
the constant threat of cyber attacks. Six months ago, it released the country's first state-mandated cyber security regulations. This month, it followed
up with a series of regulations for banks, hedge funds, insurers, and financial institutions that significantly expands the type and amount of data
they need to protect, and what they must to do to ensure that protection. In particular, the regulations require financial services firms to:
|Five Tips for Using Customer Data Responsibly|
|Anne Bisagno—Monday, March 27, 2017
The seemingly unending stream of reports about data breaches have customers more worried than ever about how online companies are using their personal
data and whether it's properly protected. The European Commission is responding by tightening consumer privacy regulations. If you have customers in
the EU, you'll need to comply regardless of where your company is based, but even if these new regulations don't affect you, it's a good idea to follow
these five practices to keep your customers' trust (and their business):
|The 3 Cs of Cybersecurity|
|Anne Bisagno—Monday, March 20, 2017
If you hope to get your non-technical employees actively engaged in helping the company fend off cyber threats, you can't talk to them in technical terms.
Lance Spitzner, a board member of the National Cyber Security Alliance, suggests framing the issue with these three Cs: