CISA

CISA: The Risk of MFA Without Improving Password Security

The recent CISA Alert AA22-074A describes how Russian state-sponsored cyber actors gained access to a US NGO using compromised credentials and a flaw in default MFA protocols. This alert may help cybersecurity professionals understand that MFA alone is insufficient and the importance of securing each authentication layer. What happened, exactly?As early as May 2021, the FBI observed Russian state-sponsored cyber …

data privacy day

Data Privacy Day: Five Defensive Strategies for Businesses

Data Privacy Day is a chance for businesses to engage with their customers and clients in a way that builds trust, inspires customer loyalty, and enhances the business’s reputation.  When an organization demonstrates that they care about protecting consumers’ privacy–they are in effect letting clients know that their information, data, and choices are safe with the business.   In 2022, this …

password tips

MSPs and MSSPs: 6 Password Management Tips

The majority of users, whether new employees or CEOs, don’t realize that even if their password meets complexity requirements, it doesn’t mean it’s secure. In fact, many common password policies are overdue for an update, as for several years now cybercriminals have been taking advantage of these password policy weaknesses. These issues are compounded by password reuse—a very common user …

password security

The Latest Password Security Methods

Password authentication isn’t going anywhere anytime soon. It’s part of our culture, users and employees are accustomed to it, and many systems depend on the “what you know” layer. Newer technologies like biometrics might work in certain situations, but they won’t replace passwords altogether anytime soon. In our series on password security, we’ve talked about some worrying trends, the myths …

healthcare organization

Healthcare Industry: Cybersecurity Vulnerabilities and How to Treat Them

A Portal to Danger With the pandemic in 2020, it’s safe to say that healthcare changed forever. While many hospitals and care facilities had previously been distant to overhaul their telehealth services, the need for locked-down health facilities quickly shifted priorities. Patient portals rapidly became more common as they serve as a way for patients to communicate with providers, receive …

CISA

CISA Adds Single-Factor Authentication to List of Bad Practices

One Layer Isn’t Enough The Cybersecurity and Infrastructure Security Agency (CISA) in the United States recently announced adding single-factor authentication to their list of Bad Practices.  CISA’s Bad Practices list contains a collection of exceptionally risky cybersecurity practices. Although intended for all industries, the practices listed are considered especially dangerous in organizations that support critical infrastructure or National Critical Functions (NCF).  …

password based security myths

Busting the Myths Surrounding Password-Based Security

People have been relying on password-based security for millennia. The Roman military reportedly used what they called “watchwords” to identify soldiers on patrol. Exclusive groups and guilds used secret passwords to prove membership. The phrase “open sesame” protected hidden treasure in the story of Ali Baba and the Forty Thieves. In more recent times, the world’s first computer passwords were installed …

healthcare

Employee Password Security in the Healthcare Sector

The healthcare industry sector is increasingly the target of cybercriminals. According to the Health Insurance Portability and Accountability Act (HIPAA) Journal, over the past eleven years (2009-2020) there have been more than 3,705 healthcare data breaches impacting more than 268 million medical records. Why is this happening, and what can we do to address it? The Culprits Weak and Compromised …

Cybersecure

Cultivating a Cybersecure Culture at Work is Everyone’s Responsibility

Businesses often say that their people are their greatest asset. When it comes to cybersecurity, this statement is truer than you might think. A constantly shifting threat landscape means cybersecurity best practices should be on everyone’s mind, not just your CTO or CISO. When employees of all areas, from new hires to the executive suite, are equipped to understand and …