Data security and privacy
Secure data storage, data loss prevention and encryption are must-have components of any enterprise security strategy, especially as data threats and breaches become increasingly common. Get advice on these topics, along with the latest data security strategies, data backup and recovery info, and more.
Top Stories
-
Tip
12 Jul 2024
Why does data privacy matter in marketing?
Marketers frequently use customer data for their strategies. They must properly secure that information, so they comply with privacy laws and customers trust the business. Continue Reading
-
News
12 Jul 2024
AT&T breach affects 'nearly all' customers' call, text records
Fallout from the attacks on Snowflake customers continues as AT&T is the latest victim organization to disclose a data breach stemming from a compromised cloud instance. Continue Reading
-
News
27 Apr 2022
Sophos: 66% of organizations hit by ransomware in 2021
Forty-four percent of organizations surveyed by Sophos said they used multiple approaches to recover data following a ransomware attack, including paying ransoms and using backups. Continue Reading
-
Tip
27 Apr 2022
Best practices for creating an insider threat program
A thorough insider threat program includes plan preparation, threat assessment, and plan review and renewal. Learn how to implement this three-step model to protect your company. Continue Reading
-
Opinion
26 Apr 2022
Data security requires DLP platform convergence
Cloud adoption, combined with an anytime, anyplace, any device workforce requires a converged data loss prevention platform to secure data -- not point products with DLP features. Continue Reading
-
News
25 Apr 2022
T-Mobile breached in apparent Lapsus$ attack
Lapsus$'s alleged theft of T-Mobile source code is in line with its previous activity; the cybercrime group previously stole code from Microsoft and Samsung. Continue Reading
-
News
20 Apr 2022
Kaspersky releases decryptor for Yanluowang ransomware
Kaspersky is offering users and admins a tool to decrypt data that had been locked away by the emerging Yanluowang ransomware gang, which was first revealed in December. Continue Reading
-
Tip
19 Apr 2022
Why companies should make ERP security a top priority
Whether your ERP system is on premises or in the cloud, it's still vulnerable, and you need to take the right measures to secure it. Here's advice on how to do just that. Continue Reading
-
News
18 Apr 2022
Pegasus spyware discovered on U.K. government networks
Citizen Lab confirmed it spotted the notorious spyware running on systems within the U.K. prime minister's office, and it believes the United Arab Emirates is to blame. Continue Reading
-
Feature
14 Apr 2022
Study attests: Cloud apps, remote users add to data loss
A study from ESG found many customers attribute data loss and compliance troubles to the race to put apps in the cloud and accommodate remote workers amid the pandemic. Continue Reading
-
News
12 Apr 2022
Law enforcement takedowns continue with RaidForums seizure
The hacker forum, which used to sell and purchase sensitive information including login credentials, has been dismantled, and its alleged founder was arrested and indicted. Continue Reading
-
Tip
11 Apr 2022
6 enterprise secure file transfer best practices
Employees can share files with the click of a button -- but don't let the efficiency fool you. Use these secure file transfer best practices to avoid exposing confidential data. Continue Reading
-
News
08 Apr 2022
Fin7 hacker sentenced to 5 years in prison
A Ukrainian man has been sentenced to five years in prison after being convicted as one of the primary hackers behind the notorious Fin7 financial malware ring. Continue Reading
-
Definition
08 Apr 2022
contextual marketing
Contextual marketing is an online marketing strategy model in which people are served with targeted advertising based on their search terms or their recent browsing behavior. Continue Reading
-
Tip
07 Apr 2022
Pen testing guide: Types, steps, methodologies and frameworks
Penetration testing helps organizations find security vulnerabilities before hackers do. Uncover details about pen testing steps, methodologies, frameworks and standards. Continue Reading
-
News
05 Apr 2022
German authorities behead dark web Hydra Market
Police in Germany raided facilities hosting the infamous Hydra Market site as part of an international effort to crack down on dark web forums and marketplaces. Continue Reading
-
News
04 Apr 2022
Cryptocurrency companies targeted in Mailchimp breach
Cryptocurrency wallet maker Trezor revealed phishing attacks against its customers that stemmed from a breach at Mailchimp, which the email marketing firm later confirmed. Continue Reading
-
News
01 Apr 2022
CrowdStrike finds 'logging inaccuracies' in Microsoft 365
CrowdStrike says Microsoft's cloud offering may not be accurately taking logs of user sign-ins, and that could pose a threat to protecting networks and investigating attacks. Continue Reading
-
Feature
31 Mar 2022
The importance of HR's role in cybersecurity
HR teams must keep security top of mind when hiring and onboarding employees and enforcing data privacy policies. Get advice on the procedures and mechanisms to do so. Continue Reading
-
Feature
31 Mar 2022
Why CISOs need to understand the business
While CISOs need technical skills, business skills help them push their team's agenda and get the support and funding they need to protect their company. Continue Reading
-
News
30 Mar 2022
Lack of competition is driving federal budget antitrust hike
In Biden's proposed budget, the FTC would gain an additional $139 million, while the DOJ's antitrust division would see an $88 million increase. Continue Reading
-
Tip
29 Mar 2022
Why is document version control important?
Although best practices have changed, many organizations lack a suitable versioning strategy. Proper document version control can improve collaboration and fact-checking. Continue Reading
-
Guest Post
28 Mar 2022
The benefits and challenges of SBOMs
While software bills of material present new challenges for security teams, they offer the benefits of improved visibility, transparency and security. Continue Reading
-
Tip
25 Mar 2022
Review Microsoft Defender for endpoint security pros and cons
Microsoft wants to make Defender the only endpoint security product companies need, but does the good outweigh the bad? Read up on its features and pitfalls. Continue Reading
-
Podcast
25 Mar 2022
Risk & Repeat: Lapsus$ highlights poor breach disclosures
This Risk & Repeat podcast episode examines two high-profile breaches by emerging threat group Lapsus$ and how Microsoft and Okta responded to these attacks. Continue Reading
-
Tip
24 Mar 2022
How to overcome GDPR compliance challenges
As GDPR fines and penalties increase, organizations must prioritize compliance to avoid financial and reputational damages. Learn about the top challenges and their solutions. Continue Reading
-
News
24 Mar 2022
Okta provides new details on Lapsus$ attack
The authentication provider shed new light on how a customer service agent at subcontractor Sitel was hacked and then used to obtain data on hundreds of Okta clients. Continue Reading
-
News
23 Mar 2022
Lawsuit claims Kronos breach exposed data for 'millions'
A class-action lawsuit was filed against Ultimate Kronos Group for alleged negligence regarding a ransomware attack and private cloud breach in December. Continue Reading
-
News
23 Mar 2022
Microsoft confirms breach, attributes attack to Lapsus$
Microsoft disclosed it had been breached by emerging threat group Lapsus$ toward the end of a threat intelligence post dedicated to the extortion gang and its tactics. Continue Reading
-
News
22 Mar 2022
Lapsus$ hacking group hit authentication vendor Okta
Authentication vendor Okta is the latest tech giant to be named as a victim of the prolific Lapsus$ crew, through key details about the attack remain in dispute. Continue Reading
-
Tip
22 Mar 2022
Will Google kill third-party cookies?
The end of third-party cookies has been on the horizon for years. For marketers, this termination means finding new strategies and alternatives to third-party data. Continue Reading
-
News
21 Mar 2022
Cryptocurrency companies impacted by HubSpot breach
A compromised employee account at HubSpot led to the breach of several companies' customers in the cryptocurrency industry. Continue Reading
-
News
16 Mar 2022
FTC accuses CafePress of covering up 2019 data breach
The proposed FTC settlement would require CafePress' former owner to pay $500,000 in compensation to customers who were victimized in the company's 2019 data breach. Continue Reading
-
Tip
16 Mar 2022
10 key elements to follow data compliance regulations
Data privacy laws are changing around the world on a constant basis. These 10 elements can help keep organizations up to speed with data compliance regulations. Continue Reading
-
News
16 Mar 2022
Biden signs law on reporting critical infrastructure cyber attacks
President Joe Biden signed a law that requires critical infrastructure entities to report cyber attacks within 72 hours and report ransom payments in 24 hours. Continue Reading
-
News
15 Mar 2022
Container vulnerability opens door for supply chain attacks
A CRI-O container engine vulnerability could allow attackers to bypass security controls and take over a host system, according to CrowdStrike researchers. Continue Reading
-
Tip
15 Mar 2022
How endpoint encryption works in a data security strategy
Companies should use encryption to keep data on endpoints protected should an attacker successfully get hold of a device or breach enterprise security measures. Continue Reading
-
News
15 Mar 2022
Infosec news cycles: How quickly do they fade?
Google Trends spikes, on average, lasted a few weeks for major infosec news events like SolarWinds, Log4Shell and the Colonial Pipeline ransomware attack. Continue Reading
-
Tip
11 Mar 2022
How to write an information security policy, plus templates
Infosec policies are key to any enterprise security program. Read up on types of security policies and how to write one, and download free templates to start the drafting process. Continue Reading
-
Guest Post
11 Mar 2022
How to build a security champions program
Security champions are key to promoting and creating a security-first company. Learn how to build a security champions program using these four steps. Continue Reading
-
Feature
10 Mar 2022
6 potential enterprise security risks with NFC technology
Some NFC risks include payment processing fraud, eavesdropping and replay attacks. Continue Reading
-
News
09 Mar 2022
Researchers disclose new Spectre V2 vulnerabilities
The Spectre class of data disclosure vulnerabilities is once again at the security forefront after researchers discovered a new variant of the side-channel attack. Continue Reading
-
Tip
09 Mar 2022
How to check and verify file integrity
Organizations planning content migrations should verify file integrity and ensure files weren't corrupted in the move. File validation can keep critical data secure. Continue Reading
-
News
07 Mar 2022
Samsung breached, Nvidia hackers claim responsibility
Samsung said Galaxy device source code was stolen, but no employee or customer personal information was taken by the attackers, who appear to be with the Lapsus$ ransomware group. Continue Reading
-
News
04 Mar 2022
Hackers using stolen Nvidia certificates to sign malware
The recent breach of Nvidia's corporate network has resulted in the posting of valid software certificates that are now being used to spread malware in the wild. Continue Reading
-
Feature
04 Mar 2022
Use digital identity proofing to verify account creation
Validating users during account creation with identity proofing helps prevent data breaches but isn't without challenges. Discover how it works and concerns to address. Continue Reading
-
Podcast
04 Mar 2022
Risk & Repeat: Conti ransomware gang gets breached
This Risk & Repeat podcast episode covers the massive Conti leaks, including the data that was published and what it reveals about the infamous ransomware gang. Continue Reading
-
News
04 Mar 2022
February ransomware attacks hit major enterprises
Enterprises, colleges and municipalities in the U.S. continued to be hit by ransomware as publicly reported attacks for February piled up. Continue Reading
-
Feature
03 Mar 2022
How to stop malicious or accidental privileged insider attacks
How many permissions or privileges a user has will affect how big of an insider threat they are. Discover the issues surrounding privileged users and how to curtail these threats. Continue Reading
-
Definition
02 Mar 2022
Hypertext Transfer Protocol Secure (HTTPS)
Hypertext Transfer Protocol Secure (HTTPS) is a protocol that secures communication and data transfer between a user's web browser and a website. Continue Reading
-
News
01 Mar 2022
Conti ransomware source code, documentation leaked
The Conti ransomware gang's primary Bitcoin address, found in the leak, showed the crime outfit has taken in over $2 billion in cryptocurrency since 2017. Continue Reading
-
News
28 Feb 2022
Conti ransomware gang backs Russia, threatens U.S.
The Conti ransomware gang announced last week that they were in 'full support' of Russia and would retaliate if the West attacked Russian critical infrastructure. Continue Reading
-
Feature
28 Feb 2022
Tips for creating a cybersecurity resume
Resumes help candidates leave an impression on potential employers. But did you know one resume often isn't enough? Learn this and other tips for creating a cybersecurity resume. Continue Reading
-
Feature
28 Feb 2022
How to manage imposter syndrome in cybersecurity
The imposter syndrome phenomenon is readily apparent in cybersecurity. Learn how to manage it, along with mishaps to avoid during the job hunt and other career advice. Continue Reading
-
Feature
28 Feb 2022
Implement API rate limiting to reduce attack surfaces
Rate limiting can help developers prevent APIs from being overwhelmed with requests, thus preventing denial-of-service attacks. Learn how to implement rate limiting here. Continue Reading
-
Feature
28 Feb 2022
API security methods developers should use
Developers can reduce the attack surface by implementing security early in the API development process and knowing methods to secure older APIs that can't be deprecated. Continue Reading
-
Tip
25 Feb 2022
Privacy-enhancing technology types and use cases
Data is key to companies' success, but maintaining its privacy and ensuring regulatory compliance is difficult. Learn about privacy-enhancing technologies that keep data protected. Continue Reading
-
News
24 Feb 2022
New data wiper malware hits Ukraine targets
HermeticWiper is similar to another data-wiping malware known as WhisperGate, which was used in cyber attacks against Ukraine last month. Both used ransomware as an apparent decoy. Continue Reading
-
News
24 Feb 2022
New tech, same threats for Web 3.0
Emerging technologies are prone to old-school social engineering attacks and credential-swiping techniques, according to Cisco Talos researchers who analyzed the new platforms. Continue Reading
-
Tip
23 Feb 2022
How to use PKI to secure remote network access
Public key infrastructure is a more secure option than password-based or multifactor authentication. Learn how those benefits can extend to remote employees and access. Continue Reading
-
News
16 Feb 2022
Kronos attack fallout continues with data breach disclosures
Employees at both public and private sector organizations had their data compromised during a December ransomware attack on Kronos that also took down payroll systems. Continue Reading
-
News
15 Feb 2022
Biometric technology like facial recognition is here to stay
Despite resistance, government agencies and private companies continue to use the technology. A key issue is whether people are informed about how their information will be used. Continue Reading
-
Opinion
14 Feb 2022
Data storage and security make a mission-critical mix
At a time of heightened cyberthreats, IT administrators should look to improve their data storage security. There are numerous proactive ways to prepare for the next attack. Continue Reading
-
News
11 Feb 2022
FBI seized Colonial Pipeline ransom from DarkSide affiliate
New research from Chainalysis claims the DarkSide ransomware affiliate involved in last year's Colonial Pipeline attack also had ties to the NetWalker ransomware operation. Continue Reading
-
News
10 Feb 2022
Why Massachusetts' data breach reports are so high
Massachusetts discloses breaches of companies that affect just a single resident, giving the commonwealth a much larger number of 2021 incidents than other states. Continue Reading
-
News
09 Feb 2022
Google: 2-step verification led to 50% fewer account hacks
Google auto-enrolled more than 150 million users into two-step verification last October and mandated two-step verification for 2 million-plus YouTube accounts. Continue Reading
-
Guest Post
09 Feb 2022
How automated certificate management helps retain IT talent
Organizations shouldn't waste their IT pros' time on unnecessary tasks -- especially during a skills shortage. Learn about the benefits of automated digital certificate management. Continue Reading
-
News
08 Feb 2022
Russia continues cybercrime offensive with SkyFraud takedown
Officials in Russia have knocked the SkyFraud credit card fraud operation offline in the latest of a string of police actions against cybercriminals in the region. Continue Reading
-
News
07 Feb 2022
Metaverse rollout brings new security risks, challenges
When companies and users decide to adapt the technologies of the coming metaverse, they will also expose themselves to a new class of security risks and vulnerabilities. Continue Reading
-
News
03 Feb 2022
Cryptocurrency platform Wormhole loses $320M after attack
After a threat actor made off with 120,000 wrapped Ethereum, Wormhole said the stolen cryptocurrency had been 'restored,' but what that means remains in question. Continue Reading
-
News
03 Feb 2022
Distrust, feuds building among ransomware groups
In an industry that operates in anonymity, trust is everything -- but recent accusations of ransomware actors working with or being law enforcement is threatening that work model. Continue Reading
-
Feature
02 Feb 2022
A day in the life of a cybersecurity manager
The role of a cybersecurity leader is often misunderstood. Experience a day in the life of a cybersecurity manager with this breakdown of a security leader's typical schedule. Continue Reading
-
Feature
02 Feb 2022
Top cybersecurity leadership challenges and how to solve them
Security isn't always a top business priority. This creates challenges for the cybersecurity managers and teams that hope to integrate security into their company's agenda. Continue Reading
-
News
02 Feb 2022
SolarMarker malware spread through advanced SEO poisoning
Sophos discovered SolarMarker malware was being distributed through fake SEO-focused topics in Google Groups, as well as malicious PDF files. Continue Reading
-
Feature
31 Jan 2022
How to prepare for malicious insider threats
Stopping malicious insider threats is just as important as preventing external ones. Uncover what to look for and strategies to prevent insider threats before they cause damage. Continue Reading
-
Feature
31 Jan 2022
Include defensive security in your cybersecurity strategy
Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help. Continue Reading
-
News
31 Jan 2022
Emsisoft releases DeadBolt ransomware decryption tool
Emsisoft's DeadBolt ransomware decryption tool fixes broken decryptor keys issued by threat actors, and works only if the victim has paid the ransom and received a key. Continue Reading
-
Tip
28 Jan 2022
Protect APIs against attacks with this security testing guide
API security cannot be overlooked. Learn how security testing can detect API vulnerabilities and weaknesses before attackers can take advantage of them. Continue Reading
-
Podcast
28 Jan 2022
Risk & Repeat: The complicated world of Monero
This Risk & Repeat podcast episode looks at the state of Monero, a privacy-focused cryptocurrency, as well as recent cyber attacks against crypto exchanges. Continue Reading
-
Feature
28 Jan 2022
4 data privacy predictions for 2022 and beyond
Data privacy will continue to heat up in 2022. From regulations to staffing to collaboration, will these data privacy predictions come to fruition in the next 12 months and beyond? Continue Reading
-
Definition
28 Jan 2022
quantum cryptography
Quantum cryptography is a method of encryption that uses the naturally occurring properties of quantum mechanics to secure and transmit data. Continue Reading
-
News
26 Jan 2022
DeadBolt ransomware targeting QNAP NAS storage devices
In addition to DeadBolt, QNAP NAS users have had to deal with multiple types of ransomware in recent months, including Qlocker and eCh0raix. Continue Reading
-
Tip
26 Jan 2022
Integrating zero-trust practices into private 5G networks
One of the first steps in deploying a technology is protecting it from potential security threats. Learn how to secure a private 5G network with zero-trust security practices. Continue Reading
-
Definition
25 Jan 2022
WORM (write once, read many)
In computer media, write once, read many, or WORM, is a data storage technology that allows data to be written to a storage medium a single time and prevents the data from being erased or modified. Continue Reading
-
News
24 Jan 2022
Monero and the complicated world of privacy coins
Monero is known for being one of the most common cryptocurrencies seen in illicit transactions, but its development community paints a different picture of the privacy coin. Continue Reading
-
Tip
21 Jan 2022
How to start implementing passwordless authentication today
Everyone is tired of passwords, but a truly passwordless world isn't quite there yet. Learn what options companies currently have to implement passwordless authentication. Continue Reading
-
Guest Post
21 Jan 2022
5 infosec predictions for 2022
If the predictions are correct, 2022 will be another groundbreaking year for information security. Have a look at the security forecast for the next 12 months. Continue Reading
-
Definition
19 Jan 2022
Pretty Good Privacy (PGP)
Pretty Good Privacy or PGP was a popular program used to encrypt and decrypt email over the internet, as well as authenticate messages with digital signatures and encrypted stored files. Continue Reading
- Definition 19 Jan 2022
-
News
18 Jan 2022
Ransomware actors increasingly demand payment in Monero
Though Bitcoin is still the cryptocurrency standard in ransomware payment demands, Monero has gained prominence due to its more private, less traceable technology. Continue Reading
-
News
18 Jan 2022
Police seize VPN host allegedly facilitating ransomware
VPNLab is accused of facilitating cybercrime including ransomware and malware distribution, and its services were allegedly advertised on the dark web. Continue Reading
-
Guest Post
13 Jan 2022
Is ransomware as a service going out of style?
Increased government pressure has backed many ransomware gangs into a corner, in turn forcing attackers to replace the ransomware-as-a-service model with a smash-and-grab approach. Continue Reading
-
News
12 Jan 2022
New RAT campaign abusing AWS, Azure cloud services
Cisco Talos discovered threat actors taking advantage of public cloud services to spread remote administration tools such as NanoCore, NetWire and AsyncRAT. Continue Reading
-
Definition
11 Jan 2022
Rijndael
Rijndael (pronounced rain-dahl) is an Advanced Encryption Standard (AES) algorithm. Continue Reading
-
Definition
11 Jan 2022
Public-Key Cryptography Standards (PKCS)
Public-Key Cryptography Standards (PKCS) are a set of standard protocols, numbered from 1 to 15. Continue Reading
-
Guest Post
11 Jan 2022
Endpoint security is nothing without human operators
The growing threat landscape has made endpoint security more important than ever. Deploying an endpoint security platform without the proper staff, however, is simply not enough. Continue Reading
-
Tip
10 Jan 2022
3 areas privacy and cybersecurity teams should collaborate
Organizations can get a lot of value by having their privacy and cybersecurity teams work closely together. Collaborating on compliance objectives is just one benefit. Continue Reading
-
Opinion
06 Jan 2022
IoT ethics must factor into privacy and security discussions
With the adoption of IoT devices, consumers voluntarily trade privacy for the convenience of instant connectivity. Organizations must consider the ethics of their data collection. Continue Reading
-
News
05 Jan 2022
NY AG's credential stuffing probe finds 1M exposed accounts
The threat of credential stuffing attacks prompted an investigation by the New York Attorney General, which found stolen passwords for customer accounts across 17 companies. Continue Reading
-
News
05 Jan 2022
FTC warns companies to mitigate Log4j vulnerability
In a blog post about the critical Log4Shell vulnerability, the FTC mentioned 2017's Equifax breach and the legal consequences that followed. Continue Reading
-
Feature
04 Jan 2022
Is quantum computing ready to disrupt cybersecurity?
Quantum computing isn't here yet, but now is the time for companies to start considering how it may affect their business -- both negatively and positively -- in the next decade. Continue Reading
-
Definition
04 Jan 2022
elliptical curve cryptography (ECC)
Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller and more efficient cryptographic keys. Continue Reading