Cybersecurity

Government contractors will soon need to obtain CMMC certification, but there are currently just a few C3PAO accreditors that can confer it. Tony Bai, federal practice lead at A-LIGN, emphasizes companies shouldn't panic due to the logistical bottleneck. They can...

As organizations claw their way back from the global pandemic, every penny has to be justified. But the threat of a cyberattack is too important to ignore. Implementing an integrated security architecture can help your infosec team consolidate functions and...

While organizations around the world are coming to terms with ransomware, a new cyberthreat is growing in popularity. Extortionware  attacks can affect both organizations and individuals, and may continue to pose a risk long after defenses have been breached.

SolarWinds is regarded as the widest-reaching cyber espionage operation against the United States government to date. Dan Verton discusses what we know so far and actions other businesses and organizations should consider in an effort to mitigate the effects of...

Organizations often think about cyber defenses in terms of hardware upgrades, software updates and cybersecurity tools. Boards want something tangible when they allocate resources, but the truth is that people are by far a company's weakest link. Hacking complex systems...

Spring has sprung, which means it’s time to get your data house in order. As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, deleted as appropriate.  Join Onna, Georgia Pacific, and Sanofi and watch...

A new administration in the White House is always synonymous with change. In the aftermath of four years of active deregulation; however, it’s likely to be a whole new world for legal and compliance teams. As the Biden administration moves...

Towerwall’s Michelle Drolet discusses the two threads of SOC 2 compliance (types 1 and 2), outlines the Trust Services Criteria, and details the benefits of adhering to these standards. While Service Organization Control (SOC) 2 compliance isn’t mandatory, it can...

Email phishing is at its highest level in three years, and one of the latest lines of attack capitalizes on the strict rules of GDPR, targeting executives and public-facing emails at businesses. Valimail’s Seth Blank examines how to protect your...

On Data Privacy Day, Kroll’s Alan Brill and Brian Lapidus share recommendations for companies who have fallen victim to ransomware attacks, emphasizing the importance of reporting a breach promptly and how to investigate an attack under the assumption that data...

LMG Security’s Madison Iler discusses how to structure a vendor risk management program (and where to spend your time) and shares common missteps that can reduce program effectiveness. As evidenced by the recent far-reaching SolarWinds breach, supply chain attacks represent...

As unpleasant an option as it is, victims of ransomware attacks often just pay up in order to recover sensitive data. Nutter’s Seth Berman and James Gately offer an alternative. Ransomware attacks hit suddenly and without apparent warning. One morning,...