Data security and privacy

Secure data storage, data loss prevention and encryption are must-have components of any enterprise security strategy, especially as data threats and breaches become increasingly common. Get advice on these topics, along with the latest data security strategies, data backup and recovery info, and more.

Top Stories

Feature 12 Mar 2025
Cyber Trust Mark explained: Everything you need to know

The Cyber Trust Mark has been put in place to encourage manufacturers to improve IoT security and provide consumers with more information on the security of their devices. Continue Reading
By
- Rosa Heaton, Content Manager
Feature 06 Mar 2025
How to create a data security policy, with template

When it comes to data security, the devil is in the details. One critical detail organizations shouldn't overlook is a succinct yet detailed data security policy. Continue Reading
By
- Paul Kirvan

News 13 Feb 2024
Proofpoint: 'Hundreds' of Azure accounts compromised

Proofpoint researchers found that the attackers manipulated the MFA of compromised accounts, registering their own methods to maintain persistent access. Continue Reading
By
- Rob Wright, Senior News Director
Feature 13 Feb 2024
Ransomware preparedness kicks off 2024 summit series

BrightTALK commenced the new year with ransomware readiness, giving viewers workable tips to prevent and recover from a devastating attack. Check out some highlights here. Continue Reading
By
- Alicia Landsberg, Senior Managing Editor
Tip 12 Feb 2024
Top metaverse cybersecurity challenges: How to address them

As the metaverse takes shape, companies must consider a slew of new cybersecurity challenges and how to deal with them. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
Definition 09 Feb 2024
mobile security (wireless security)

Mobile security, also known as wireless security, refers to the measures taken to protect smartphones, tablets, laptops, smartwatches and other portable computing devices and the networks they connect to, from threats and vulnerabilities associated with wireless computing. Continue Reading
By
- Kinza Yasar, Technical Writer
- Brien Posey
- Ivy Wigmore
News 08 Feb 2024
NCC Group records the most ransomware victims ever in 2023

Enterprises faced an alarming number of ransomware attacks as gangs targeted supply chains and took advantage of zero-day vulnerabilities and organizations' patching struggles. Continue Reading
By
- Arielle Waldman, News Writer
News 07 Feb 2024
Chainalysis: 2023 a 'watershed' year for ransomware

Chainalysis said ransomware payments ballooned to reach $1.1 billion in 2023, marking a complete reversal from the decline in ransomware payments seen the year prior. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 07 Feb 2024
encryption

Encryption is the method by which information is converted into secret code that hides the information's true meaning. Continue Reading
By
- Robert Sheldon
- Peter Loshin, Former Senior Technology Editor
- Michael Cobb
News 06 Feb 2024
Google: Spyware vendors are driving zero-day exploitation

Google's Threat Analysis Group urged further government action against commercial surveillance vendors that let customers abuse spyware products with impunity. Continue Reading
By
- Arielle Waldman, News Writer
News 05 Feb 2024
AnyDesk hacked, details unclear

Of the hack, AnyDesk said it found 'no evidence that any end-user devices have been affected.' But researchers said they saw AnyDesk customer credentials for sale on the dark web. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 02 Feb 2024
communications security (COMSEC)

Communications security (COMSEC) is the prevention of unauthorized access to telecommunications traffic or to any written information that is transmitted or transferred. Continue Reading
By
- Paul Kirvan
- Ben Cole, Executive Editor
News 01 Feb 2024
CISA deputy director touts progress, anti-ransomware efforts

In this Q&A, CISA Deputy Director Nitin Natarajan shares his thoughts on scaling up to meet high demand, the agency's new initiative to address ransomware and more. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 31 Jan 2024
security operations center (SOC)

A security operations center (SOC) is a command center facility in which a team of information technology (IT) professionals with expertise in information security (infosec) monitors, analyzes and protects an organization from cyberattacks. Continue Reading
By
- Paul Kirvan
- Sarah Lewis
News 30 Jan 2024
Corvus: 2023 was a 'record-breaking' ransomware year

The insurance company analyzed claims data and ransomware gangs' data leak sites, which suggests as many as 7,600 organizations across the globe were attacked in 2023. Continue Reading
By
- Arielle Waldman, News Writer
Feature 30 Jan 2024
Security executives slam Microsoft over latest breach

Criticisms about Microsoft's breach include the lack of multifactor authentication on the targeted account and the company's approach to disclosing information about the attack. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 29 Jan 2024
Citizen Lab details ongoing battle against spyware vendors

At the SANS Cyber Threat Intelligence Summit, Citizen Lab researcher Bill Marczak discusses spyware proliferation from commercial vendors such as NSO Group, Cytrox and Quadream. Continue Reading
By
- Arielle Waldman, News Writer
Tip 29 Jan 2024
What is attack surface management and why is it necessary?

Attack surface management approaches security from the attacker's perspective. Learn how ASM can help better secure your organization's assets and resources. Continue Reading
By
- Michael Cobb
Tip 29 Jan 2024
Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
News 26 Jan 2024
Microsoft: Legacy account hacked by Russian APT had no MFA

Microsoft has begun notifying other organizations that have been targeted in recent attacks by Midnight Blizzard, a Russian nation-state actor also known as Cozy Bear and APT29. Continue Reading
By
- Alexander Culafi, Senior News Writer
- Rob Wright, Senior News Director
Definition 26 Jan 2024
digital forensics and incident response (DFIR)

Digital forensics and incident response (DFIR) is a combined set of cybersecurity operations that incident response teams use to detect, investigate and respond to cybersecurity events. Continue Reading
By
- Sean Michael Kerner
News 25 Jan 2024
HPE breached by Russian APT behind Microsoft hack

HPE suspects that Cozy Bear, a Russian state-sponsored threat actor also known as Midnight Blizzard and Nobelium, breached its network twice in 2020. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 24 Jan 2024
NCSC says AI will increase ransomware, cyberthreats

While other threats are likely to increase as well, the U.K.'s National Cyber Security Centre warns that threat actors will use AI to continue the influx of ransomware attacks. Continue Reading
By
- Arielle Waldman, News Writer
Definition 24 Jan 2024
encryption key management

Encryption key management is the practice of generating, organizing, protecting, storing, backing up and distributing encryption keys. Continue Reading
By
- Rahul Awati
- Ed Hannan
News 23 Jan 2024
Attacks begin on critical Atlassian Confluence vulnerability

Exploitation activity for CVE-2023-22527 marks the third time in four months that a critical Atlassian Confluence flaw has gained threat actors' attention. Continue Reading
By
- Arielle Waldman, News Writer
News 22 Jan 2024
Microsoft breached by Russian APT behind SolarWinds attack

Several email accounts belonging to Microsoft senior leadership were accessed as part of the breach, though Microsoft found 'no evidence' of customer environments being accessed. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 18 Jan 2024
CISA posts incident response guide for water utilities

In its guide, CISA urged water and wastewater sector utility operators to harden their security posture, increase information sharing and build incident response plans. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 18 Jan 2024
Chainalysis observes decrease in cryptocurrency crime in 2023

During 2023, Chainalysis tracked a decrease in the total value and volume of illicit cryptocurrency transactions. But it is unclear if the downward trend will continue. Continue Reading
By
- Arielle Waldman, News Writer
News 17 Jan 2024
Google, researchers in dispute over account hijacking attacks

Google disputes aspects of threat research that CloudSEK published last month claiming threat actors are maintaining persistence after hijacking Google user accounts. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 12 Jan 2024
How to recycle mobile phones in the enterprise

Mobile device disposal requires careful planning. IT teams must learn how to recycle mobile phones to keep e-waste out of landfills and enterprise data out of the wrong hands. Continue Reading
By
- Marius Sandbu, Sopra Steria
Tip 11 Jan 2024
How to securely recycle enterprise computers

No matter how an organization wants to retire a device when it reaches its end of life, IT must first ensure that any sensitive data on it has been properly destroyed. Continue Reading
By
- Marius Sandbu, Sopra Steria
News 10 Jan 2024
China claims it cracked Apple's AirDrop, can track senders

The flaw used by Chinese researchers to crack Apple's AirDrop encryption was reported to the company in 2019 by researchers at German university TU Darmstadt. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 09 Jan 2024
Amsterdam arrest leads to Babuk Tortilla ransomware decryptor

A joint effort by Cisco Talos, Avast and Dutch law enforcement results in an all-encompassing Babuk ransomware recovery key and the arrest of a threat actor. Continue Reading
By
- Arielle Waldman, News Writer
News 09 Jan 2024
Account hijacking, cryptocurrency scams spread on X

One company that had its account stolen and used for cryptocurrency scams, CertiK, said it was hacked through a phishing attack from a journalist's compromised account. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 09 Jan 2024
How to fix the top 5 cybersecurity vulnerabilities

Check out how to fix five top cybersecurity vulnerabilities to prevent data loss from poor endpoint security, ineffective network monitoring, weak authentication and other issues. Continue Reading
By
- Dave Shackleford, Voodoo Security
Definition 08 Jan 2024
NIST Cybersecurity Framework

The NIST Cybersecurity Framework (CSF) provides guidance on how to manage and reduce IT infrastructure security risk. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
Feature 08 Jan 2024
How to become an incident responder: Requirements and more

Incident response is a growth area that provides career advancement options and a good salary. Here's an in-depth look at job requirements, salaries and available certifications. Continue Reading
By
- Ed Moyle, SecurityCurve
News 04 Jan 2024
December ransomware attacks disrupt healthcare organizations

Two attacks last month exposed the sensitive information of more than 3 million individuals as ransomware attacks continued to disrupt networks and expose private data. Continue Reading
By
- Arielle Waldman, News Writer
Definition 02 Jan 2024
identity theft

Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver's license numbers, to impersonate someone else. Continue Reading
By
- Ben Lutkevich, Site Editor
Definition 27 Dec 2023
email signature

An email signature -- or signature block or signature file -- is the short text that appears at the end of an email message to provide more information about the sender. Continue Reading
By
- Pat Brans, Pat Brans Associates/Grenoble Ecole de Management
News 21 Dec 2023
10 of the biggest ransomware attacks in 2023

Ransomware attacks against U.S. organizations hit record levels this year as threat actors stepped up extortion tactics and took shaming victims to new levels. Continue Reading
By
- Arielle Waldman, News Writer
Definition 21 Dec 2023
What is the CIA triad (confidentiality, integrity and availability)?

The CIA triad refers to confidentiality, integrity and availability, describing a model designed to guide policies for information security within an organization. Continue Reading
By
- Cameron Hashemi-Pour, Former Site Editor
- Wesley Chai
News 19 Dec 2023
FBI leads Alphv/BlackCat takedown, decrypts victims' data

The latest law enforcement effort to halt the surge of ransomware attacks was successful in disrupting one of the most active ransomware-as-a-service groups. Continue Reading
By
- Arielle Waldman, News Writer
Feature 14 Dec 2023
9 cybersecurity trends to watch in 2024

Analysts are sharing their cybersecurity trends and predictions for 2024. From zero-day attacks to generative AI security and increased regulations, is your organization ready? Continue Reading
By
- Kyle Johnson, Technology Editor
Tip 13 Dec 2023
12 key cybersecurity metrics and KPIs for businesses to track

IT security managers need to monitor cybersecurity efforts and make sure they're effective. These 12 metrics and KPIs will help show what's working -- and what isn't. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 13 Dec 2023
How ransomware gangs are engaging -- and using -- the media

New Sophos research shows that ransomware groups are not only attacking technical systems, but taking advantage of information systems as well to pressure victims into paying. Continue Reading
By
- Arielle Waldman, News Writer
News 05 Dec 2023
Exposed Hugging Face API tokens jeopardized GenAI models

Lasso Security discovered more than 1,600 exposed Hugging Face API tokens provided access to generative AI and large-language models contained in hundreds of repositories. Continue Reading
By
- Rob Wright, Senior News Director
News 05 Dec 2023
Ransomware ramps up against private sector in November

Ransomware disclosures and reports increased again in November, with the most disruptive and dangerous attacks occurring against healthcare organizations. Continue Reading
By
- Arielle Waldman, News Writer
Feature 01 Dec 2023
How to solve 2 MFA challenges: SIM swapping and MFA fatigue

While MFA improves account security, attacks still exploit it. Learn about two MFA challenges -- SIM swapping and MFA fatigue -- and how to mitigate them. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
Definition 30 Nov 2023
privacy policy

A privacy policy is a legal document that explains how an organization handles any customer, client or employee information gathered in its operations. Continue Reading
By
- Gavin Wright
News 30 Nov 2023
Black Basta ransomware payments exceed $100M since 2022

Insurance provider Corvus and blockchain analytics vendor Elliptic partnered to examine how much damage the Black Basta ransomware group has caused in less than two years. Continue Reading
By
- Arielle Waldman, News Writer
News 29 Nov 2023
Okta: Support system breach affected all customers

Okta warned customers that they face an 'increased risk of phishing and social engineering attacks' after new details emerged from a breach that occurred earlier this year. Continue Reading
By
- Arielle Waldman, News Writer
News 28 Nov 2023
Europol, Ukraine police arrest alleged ransomware ringleader

Europol and Ukraine's National Police arrested the alleged leader of a ransomware gang last week, along with four accomplices, dismantling the cybercrime group. Continue Reading
By
- Arielle Waldman, News Writer
News 27 Nov 2023
Threat actors targeting critical OwnCloud vulnerability

Researchers observed exploitation attempts against a vulnerability affecting OwnCloud's Graph API app, highlighting threat actors' continued focus on file-sharing products. Continue Reading
By
- Arielle Waldman, News Writer
Feature 27 Nov 2023
How passwordless authentication aids identity security

Enterprise Strategy Group's Jack Poller discusses survey results on user authentication practices and explains the security benefits of passwordless methods. Continue Reading
By
- Craig Stedman, Industry Editor
News 22 Nov 2023
CISA relaunches working group on cyber insurance, ransomware

Following a hiatus, the Cybersecurity Insurance and Data Analysis Working Group will relaunch in December to determine which security measures are most effective to reduce risk. Continue Reading
By
- Arielle Waldman, News Writer
Tip 22 Nov 2023
Offline backups are a key part of a ransomware protection plan

Ransomware resilience relies not on a single tool, but on several layered protections. Offline backups are a critical layer in a ransomware protection strategy. Continue Reading
By
- Krista Case, The Futurum Group
News 21 Nov 2023
CISA, FBI warn of LockBit attacks on Citrix Bleed

The latest advisory on exploitation of the Citrix Bleed vulnerability confirmed that the LockBit ransomware group perpetrated the attack on Boeing. Continue Reading
By
- Arielle Waldman, News Writer
Tip 20 Nov 2023
15 benefits of outsourcing your cybersecurity operations

For companies battling data breaches and cyberattacks, MSSPs can offer lower costs, better reliability, broader experience, more skills and other benefits. Continue Reading
By
- Mary K. Pratt
News 16 Nov 2023
CISA, FBI issue alert for ongoing Scattered Spider activity

The government advisory follows several high-profile attacks attributed to Scattered Spider, which uses advanced social engineering techniques like SIM swapping. Continue Reading
By
- Arielle Waldman, News Writer
News 16 Nov 2023
Alphv ransomware gang claims it reported MeridianLink to SEC

MeridianLink said it recently identified a "cybersecurity incident," but the Alphv ransomware gang claims it breached the company and compromised customer data. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 16 Nov 2023
What is cyber hygiene and why is it important?

Cyber hygiene, or cybersecurity hygiene, is a set of practices individuals and organizations perform regularly to maintain the health and security of users, devices, networks and data. Continue Reading
By
- Alissa Irei, Senior Site Editor
News 15 Nov 2023
LockBit observed exploiting critical 'Citrix Bleed' flaw

The Financial Services Information Sharing and Analysis Center warned that LockBit ransomware actors are exploiting CVE-2023-4966, also known as Citrix Bleed. Continue Reading
By
- Arielle Waldman, News Writer
News 14 Nov 2023
Cryptocurrency wallets might be vulnerable to 'Randstorm' flaw

Cryptocurrency recovery company Unciphered discovered a vulnerability in a JavaScript Bitcoin library that could jeopardize private keys. Continue Reading
By
- Arielle Waldman, News Writer
News 13 Nov 2023
LockBit ransomware gang claims it leaked stolen Boeing data

Boeing confirmed that it experienced a cybersecurity incident following LockBit's claims, but the aircraft manufacturer has not directly confirmed a ransomware attack. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 08 Nov 2023
FBI: Ransomware actors hacking casinos via third parties

A new Private Industry Notification focuses on ransomware trends involving attacks against casinos as well as a callback phishing campaign perpetrated by the Luna Moth gang. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 07 Nov 2023
Microsoft, ZDI disagree over Exchange zero-day flaws

Microsoft said it had previously fixed one of the flaws and that the others did not require a patch. Trend Micro's Zero Day Initiative, however, disagreed with the software giant. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 06 Nov 2023
Ransomware continues to rise in October across all sectors

Ransomware disclosures and reports surged last month, leading in some cases to bankruptcy filing, prolonged business disruptions and ambulance diversions for hospitals. Continue Reading
By
- Arielle Waldman, News Writer
News 03 Nov 2023
Okta breach led to hijacked sessions for 5 customers

Okta provided a detailed timeline of the events surrounding the breach against its customer support case management systems and said five customers had sessions hijacked. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 31 Oct 2023
No patches yet for Apple iLeakage side-channel attack

Apple said it is working on more complete fixes for the iLeakage side-channel attack technique, but only one partial mitigation is currently available to macOS customers. Continue Reading
By
- Alexander Culafi, Senior News Writer
Opinion 31 Oct 2023
Collaborate with third parties to ensure enterprise security

Third-party risk is a major threat today, as evidenced in numerous recent breaches. Organizations must work with partners to ensure their data is protected properly. Continue Reading
By
- Jack Poller
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 31 Oct 2023
Dual ransomware attacks on the rise, but causes are unclear

While the FBI warned enterprises of an increase in dual ransomware attacks, infosec experts said there's insufficient data to consider the threat a trend. Continue Reading
By
- Arielle Waldman, News Writer
Definition 30 Oct 2023
ISO 27002 (International Organization for Standardization 27002)

The ISO 27002 standard is a collection of information security management guidelines that are intended to help an organization implement, maintain and improve its information security management. Continue Reading
By
- Paul Kirvan
- Ben Cole, Executive Editor
Tip 30 Oct 2023
What an email security policy is and how to build one

Companies must have an effective security policy in place to protect email from cybercriminals and employee misuse. Learn how to build one for your company. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Tip 27 Oct 2023
How to create a cybersecurity awareness training program

Cybersecurity awareness training often misses the mark, leaving employees undereducated and organizations vulnerable to attack. Here's how to succeed where too many fail. Continue Reading
By
- Alissa Irei, Senior Site Editor
- Mike Chapple, University of Notre Dame
Podcast 26 Oct 2023
Risk & Repeat: Okta under fire after support system breach

This podcast episode covers a security breach suffered by identity vendor Okta involving its customer support systems, which has sparked criticism from customers. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 26 Oct 2023
How to create a company password policy, with template

Use these guidelines and our free template to ensure your company's password policy sets the ground rules for strong and effective password creation and use. Continue Reading
By
- Paul Kirvan
Tutorial 24 Oct 2023
How to use SDelete to ensure deleted data is gone for good

When data is deleted from a disk, is it gone? One way to make sure file info is permanently erased is to use SDelete, a utility specifically tailored to remove key data. Continue Reading
By
- Damon Garn, Cogspinner Coaction
News 19 Oct 2023
CISA, NSA, FBI publish phishing guidance

In its guidance, CISA focused on two primary goals of phishing attacks: obtaining login credentials, often via social engineering, and installing malware on target systems. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 19 Oct 2023
How to build a content governance model

With a proper content governance model, organizations can improve their content marketing efforts, benefit their SEO rankings and reach larger audiences. Continue Reading
By
- Laurence Hart, CGI Federal
Tip 18 Oct 2023
The data privacy risks of third-party enterprise AI services

Using off-the-shelf enterprise AI can both increase productivity and expose internal data to third parties. Learn best practices for assessing and mitigating data privacy risk. Continue Reading
By
- Chris Tozzi
Tip 18 Oct 2023
Cybersecurity vs. cyber resilience: What's the difference?

Companies need cybersecurity and cyber-resilience strategies to protect against attacks and mitigate damage in the aftermath of a successful data breach. Continue Reading
By
- Paul Kirvan
News 17 Oct 2023
Cisco IOS XE zero-day facing mass exploitation

VulnCheck said its public scanning for CVE-2023-20198 revealed that 'thousands' of internet-facing Cisco IOS XE systems have been compromised with malicious implants. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 17 Oct 2023
Allowlisting vs. blocklisting: Benefits and challenges

Allowlisting and blocklisting are key components of access control. Learn the benefits and challenges of each approach and why a combination of the two is often the best strategy. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 16 Oct 2023
Cisco working on fix for critical IOS XE zero-day

Cisco designated the bug, CVE-2023-20198, with a CVSS score of 10 and said it was working on a patch, but advised customers to apply mitigations in the meantime. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 13 Oct 2023
Ransomware gang targets critical Progress WS_FTP Server bug

The vulnerability used in the failed ransomware attack, CVE-2023-40044, is a .NET deserialization vulnerability in Progress Software's WS_FTP Server with a CVSS score of 10. Continue Reading
By
- Alexander Culafi, Senior News Writer
Answer 13 Oct 2023
What are the most important email security protocols?

Email was designed without security considerations. Email security protocols, including SMPTS, SPF and S/MIME, add mechanisms to keep messaging safe from threats. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Tip 12 Oct 2023
5 steps to achieve a risk-based security strategy

Learn about the five steps to implement a risk-based security strategy that helps naturally deliver compliance as a consequence of an improved security posture. Continue Reading
By
- Michael Cobb
Definition 12 Oct 2023
security awareness training

Security awareness training is a strategic approach IT and security professionals take to educate employees and stakeholders on the importance of cybersecurity and data privacy. Continue Reading
By
- Kinza Yasar, Technical Writer
- Mary K. Pratt
Tip 11 Oct 2023
Top 6 password hygiene tips and best practices

Passwords enable users to access important accounts and data, making them attractive targets to attackers, too. Follow these password hygiene tips to keep your organization safe. Continue Reading
By
- Diana Kelley, SecurityCurve
News 06 Oct 2023
MGM faces $100M loss from ransomware attack

MGM's 8-K filing revealed some personal customer data was stolen during the September attack and said the company expects cyber insurance to sufficiently cover the losses. Continue Reading
By
- Arielle Waldman, News Writer
Definition 04 Oct 2023
What is ransomware? How it works and how to remove it

Ransomware is a type of malware that locks and encrypts a victim's data, files, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment. Continue Reading
By
- Sharon Shea, Executive Editor
- Alissa Irei, Senior Site Editor
Definition 04 Oct 2023
compliance as a service (CaaS)

Compliance as a service (CaaS) is a cloud service that specifies how a managed service provider (MSP) helps an organization meet its regulatory compliance mandates. Continue Reading
By
- Ben Lutkevich, Site Editor
News 03 Oct 2023
Ransomware disrupts hospitality, healthcare in September

Ransomware disclosures and reports last month were headlined by attacks on MGM Resorts and Caesars Entertainment, which proved costly to the Las Vegas hospitality giants. Continue Reading
By
- Arielle Waldman, News Writer
Tip 29 Sep 2023
5 common browser attacks and how to prevent them

Browsers are critical components of any organization, especially with the rise of web apps. Security teams and users must, therefore, know how to avoid common browser attacks. Continue Reading
By
- Ravi Das, ML Tech Inc.
News 26 Sep 2023
Clop MoveIt Transfer attacks affect over 2,000 organizations

According to research by security vendor Emsisoft, 2,095 organizations and 62,054,613 individuals have been affected by the Clop gang's attacks on MoveIt Transfer customers. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 26 Sep 2023
How SSD encryption can protect enterprise data

It's easy for an SSD to fall into the wrong hands. Encryption, which is common in SSDs, is a powerful tool to protect mission-critical and personal data. Continue Reading
By
- Jim Handy, Objective Analysis
Tip 25 Sep 2023
Are iPhones more secure than Android devices?

Apple has built a reputation for strong device security, but reputation alone can't protect corporate data. While iOS and Android differ, mobile security comes down to management. Continue Reading
By
- Michael Goad, CDW
News 22 Sep 2023
Apple issues emergency patches for 3 zero-day bugs

Apple said CVE-2023-41992, CVE-2023-41991 and CVE-2023-41993 -- all reported by Citizen Lab and Google researchers -- might have been exploited against versions of iOS before 16.7. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 21 Sep 2023
Palm scanning tech explained: Everything you need to know

Just like fingerprints, your vein patterns are unique. Now, palm scanning technology is using your veins as a new form of identification that's more secure than other biometrics. Continue Reading
By
- Amanda Hetler, Senior Editor
News 20 Sep 2023
Okta: Caesars, MGM hacked in social engineering campaign

Identity management vendor Okta had previously disclosed that four unnamed customers had fallen victim to a social engineering campaign that affected victims' MFA protections. Continue Reading
By
- Alexander Culafi, Senior News Writer
Podcast 19 Sep 2023
Risk & Repeat: MGM, Caesars casino hacks disrupt Las Vegas

This podcast episode compares the cyber attacks suffered by casino giants MGM Resorts and Caesars Entertainment in recent weeks and the fallout from them. Continue Reading
By
- Alexander Culafi, Senior News Writer