Experts Corner

Can SMBs Do Something to Prevent Ransomware? (Yes!) - Part 2

Last year Locky, NotPetya and WannaCry ransomware savaged Internet users, with billions of dollars lost, data destroyed, worldwide shipping disrupted, and reputations damaged. Even though they are the most hacked businesses on the Internet, many SMBs do not have proper cybersecurity protections in place. In part 2 of this two-part series, Dave Moore, founder of Internet Safety Group, walks the reader through a well-crafted response plan and reviews of the top backup programs.

3 Strategies for Overcoming Security Burnout

With the problematic talent shortage in security, organizations are consistently operating understaffed and team members are forced to pick up the slack, which results in job fatigue and stress. Eric Sheridan, Chief Scientist at WhiteHat Security, offers three strategies for overcoming security burnout.

Can SMBs Do Something to Prevent Ransomware? (Yes!) - Part 1

Last year Locky, NotPetya and WannaCry ransomware savaged Internet users, with billions of dollars lost, data destroyed, worldwide shipping disrupted, and reputations damaged. Even though they are the most hacked businesses on the Internet, many SMBs do not have proper cybersecurity protections in place. In part 1 of this two-part series, Dave Moore, founder of Internet Safety Group, explains why and how SMBs need to make Internet safety training a top priority.

Productivity or Cybersecurity? Now You Can Have Both

When it comes to protecting end-user devices, many enterprises see two choices: either lock down devices and limit what users can access, or prioritize productivity and take some chances with security. Tal Zamir shows why this either/or proposition is untenable for CISOs, IT and end-users, and how a new software-defined endpoint approach is enabling enterprises to deliver completely secure and totally unrestricted user experience.

The Impact Of The GDPR On Employees: The Payroll Process

With the GDPR now in effect, businesses across Europe are adjusting to a new regulatory environment. David McLeod of activpayroll examines the GDPR's impact on the payroll landscape, and how employers might boost their compliance performance.

Employees Need Trust, Not Toys

When Remotive.io founder Rodolphe Dutel tweeted “Tech companies must offer trust, not toys, to attract and retain talent,” it went viral. Rather than offering toys – ping pong tables, beer fridges, etc. – to lure in more candidates, Rodolphe outlines what organizations should offer instead to attract the best talent, and why.

Building Cybersecure Culture through an Age-Old Technique: Apprenticeships

With an alarming talent gap in the industry, cybersecurity can no longer be thought of as a technical problem with a technical solution; it must be treated as a critical business concern. Charles Eaton of CompTIA discusses how apprenticeships can supply companies with a more predictable, sustainable pipeline of applicants, while providing new cybersecurity workers with necessary experience, education and mentorship.

6 Reasons Why SIEMs Aren’t a Security Analytics Tool

Given all the vendor- and analyst-speak in the security space, it’s become difficult for organizations to know the difference between Security Information and Event Management (SIEM) and security analytics. Here are 6 ways to tell a SIEM from a security analytics product.

Learn About Cryptomining – The Latest Most Popular Cyberattack

Criminal cryptomining has replaced ransomware as the leading type of cyber attack in 2018. While not all cryptomining is criminal in nature, this new type of cyber attack has gained momentum and popularity as a result of its success. Lastline’s director of threat intelligence, Andy Norton, explains the popular criminal techniques used to mine cryptocurrencies — and what lies ahead for cryptomining.

We’re All in This Together – Why You Should Champion National Cyber Security Awareness Month

With data breaches on the rise and personal information ending up in the hands of cyber criminals, we are no longer questioning whether a breach will occur, but when the breach will occur. Marija Atanasova, Sr. Content Strategist for the IT Security community at BrightTALK, interviewed Karen Creasey of NCSAM to learn how to get the most out of National Cyber Security Awareness Month (October).

California’s ‘SB-327 Information Privacy: Connected Devices’ Bill Could Be The First To Establish IoT Regulation

If signed by Governor Brown on September 30th, California’s "SB-327 Information privacy: connected devices” bill – the first to establish regulation around IoT – will require connected devices sold or offered for sale in California to have “reasonable security features appropriate to the nature of the device”. Although the bill is a good start, Aaron Guzman, Head of Automotive & IoT at Aon, outlines what an even better approach might be.

Five Things To Consider When Evaluating Security Solutions

As more security technology companies emerge, consolidate and disappear, CISOs are struggling to understand which products are really worth their investment. Absolute’s Director of Security Strategy Josh Mayfield shares how CISOs can cut through the product marketing jargon and break down the five questions every CISO should ask a potential security vendor.

Avoiding The Common Pitfalls Of SMB Security

There are a few common misconceptions that prevent small- and medium-sized businesses (SMBs) from pursuing a strong security posture. It is important for both the businesses and the security industry to understand the reality of the situation. Megan Roddie, security analyst with Recon InfoSec, explains how to avoid the most common mistakes of SMB security.

How to Measure the ROI of Cybersecurity Investments

Regularly measuring the effectiveness of cybersecurity efforts is challenging but essential to avoid security incidents. The ROI of security investments should be based on how much loss the organization could avoid due to the investment. In this article, Netwrix CEO Steve Dickson covers a combination of quantitative and qualitative methods to evaluate the return on security investments (ROSI).

Rethinking Modern-Day DDoS Attacks And Their Risk

Some of the most popular DDoS mitigation tools are also the least effective. Many enterprise organizations have been lulled into a false sense of security, literally, and are ill-prepared to defend against modern DDoS attacks, primarily because they don’t fully understand the extent of the risk. Tom Bienkowski of NETSCOUT Arbor explains those risks and suggests defenses.

Let’s Pretend You've Been Breached. Now What?

Every business falls victim to cyberattacks sooner or later. Are you prepared for when the inevitable breach happens? If not, your business and your career could be in jeopardy. This article highlights nine key criteria that should be part of every cyber-breach preparation plan.

Blockchain Systems Need Mature Disclosure Policies

Decentralized systems based on technologies such as Blockchain must take into consideration the safety of the security researcher and provide the means to report vulnerabilities anonymously. And because flaws are inevitable, companies working in this space must have a mature, responsible disclosure policy.

If It Seems Even A Little Bit Fishy, It’s Probably Phishy. Simple Tips To Avoid Phishing And Phone Scams.

As information and network security tools become more advanced, many bad actors find that it’s easier to trick humans than to keep modifying their exploit kits so they can bypass or undermine cybersecurity software. President of TeamViewer Americas Finn Faldi provides tips and insights on how to avoid common phishing and phone scams.

Security Is Hard. Arguing For It Doesn’t Have To Be.

Aside from securing information, a security leader’s job is also about convincing people to provide the resources needed to keep data secure, but without the skills of rhetoric, what is said is often rejected. Here are five steps of persuasion that will help you clearly communicate and effectively advise to gain the support and resources you need.

Legalized Sports Betting, Player Experience And Fraud Prevention

As new players are welcomed into the sports betting ring with the recent law changes, fraudsters will attempt to take advantage. New entrants to the online sports betting world in the U.S. must come to terms with a core challenge facing nearly every digital business: how to ensure an exceptional user experience while also preventing fraudulent activity.