Securing Data Through Password Management

Basic RGB

A Q&A with Darren Guccione, Keeper Security
All too often data breaches arise from insufficient employee passwords—yet improving password security is an easy fix for most organizations to make. Darren Guccione, CEO and cofounder of Keeper Security, which offers password management software as a service, says that companies should be using the technology at their disposal to guard against cyber risk.

Continue Reading

Intrusion Detection Systems: What You Don’t Know Will Hurt You

A Q&A with Joseph Loomis of CyberSponse
The fact is, most companies that have suffered a breach failed to detect the intrusion as it was occurring, and only made aware after the damage was done. A Intrusion Detection System (IDS) with organized and correlated data can be an invaluable solution for incident response—but only if the system is installed and managed correctly. I spoke with Joseph Loomis of CyberSponse about some of the issues around IDS and how companies can use them more effectively.

Continue Reading

Recent Developments in Canadian Privacy and Cybersecurity Law

Q&A with Alex Cameron
In Canada, litigation and regulatory activity regarding privacy and data breaches have increased dramatically. I spoke with Alex Cameron of Fasken Martineau, a leading attorney in this area in Canada, about the factors contributing to the increasing risk and potential liability for organizations doing business in Canada. With the recent landmark changes to Canadian privacy law, discussed here, including mandatory breach notification, record keeping for all breaches, and fines, the trends identified below are sure to continue.

Continue Reading

Adopting EMV: The Word from Ponemon

EMVmediumA Q&A with Michael Bruemmer of Experian Data Breach Resolution
The deadline for merchants transitioning to the EMV payment system looms: Organizations are expected to adopt the technology by October. I spoke to Michael Bruemmer of Experian Data Breach Resolution about a recently released Ponemon Institute study documenting industry attitudes toward this shift.

Continue Reading

Protecting Against Data Loss with Backup Services

A Q&A with Zeb Ahmed of iland
While most companies seem to understand that preparation is necessary for worst case scenarios, there’s often confusion about what backup services can and can’t do, says Zeb Ahmed of iland. I asked Zeb about the differences between backup and disaster recovery and how organizations can determine which service they might need.

Continue Reading

Ransomware: A Law Enforcement Perspective

Ransomware medA Q&A with Benjamin Stone of the FBI
It’s becoming an increasingly common story: Cyber perpetrators lock systems down with malware and then demand payment to release them. I asked Benjamin Stone, Supervisory Special Agent of the FBI’s Cyber Criminal Squad in Philadelphia, about ransomware and current conditions for cyber criminal activity.

Continue Reading

Protecting Industrial Control Systems

A Q&A with Joe Weiss of Applied Control Solutions
The security of industrial control systems is increasingly vulnerable to cyber-attack and the stakes for failure are extremely high, yet there’s little public understanding and media coverage about these very real risks. I talked to Joe Weiss of Applied Control Solutions about why industrial control systems should be the most important frontier in cyber security and what organizations can do to protect against this growing threat.

Continue Reading

Data Breach Events: A Plaintiff Perspective

Email Computer Key For Emailing Or ContactingA Q&A with John Yanchunis of Morgan & Morgan
The legal landscape around data loss is rapidly evolving, and with major events such as the Anthem breach changing the game on a daily basis, it can be a challenge to keep up with the courts’ current thinking. I spoke with plaintiff attorney John Yanchunis of Morgan & Morgan about some of the most recent developments he’s observed.

Continue Reading

Data Security Risks in Higher Education

A Q&A with John Sileo, Sileo Group
Data security and privacy are a growing concern among educational institutions, with some 727 breaches taking place in higher education from 2005-2014, according to the Privacy Rights Clearinghouse. I spoke with John Sileo of The Sileo Group about the reasons this space has become particularly vulnerable to data loss.

Continue Reading

Digging Into the President’s Data Breach Notification Bill

Personal Data & Protection ActA Q&A with Dominic Paluzzi McDonald Hopkins
In late January 2015, the White House introduced the Personal Data Notification and Protection Act (PDNPA), a data breach notification bill, intended to improve national cybersecurity. I asked attorney and breach coach Dominic Paluzzi of McDonald Hopkins about how this bill differs from the existing laws and its potential implications for risk managers.

Continue Reading

No more posts.