Data security and privacy

Secure data storage, data loss prevention and encryption are must-have components of any enterprise security strategy, especially as data threats and breaches become increasingly common. Get advice on these topics, along with the latest data security strategies, data backup and recovery info, and more.

Top Stories

Feature 12 Mar 2025
Cyber Trust Mark explained: Everything you need to know

The Cyber Trust Mark has been put in place to encourage manufacturers to improve IoT security and provide consumers with more information on the security of their devices. Continue Reading
By
- Rosa Heaton, Content Manager
Feature 06 Mar 2025
How to create a data security policy, with template

When it comes to data security, the devil is in the details. One critical detail organizations shouldn't overlook is a succinct yet detailed data security policy. Continue Reading
By
- Paul Kirvan

Tip 28 Jul 2022
How to prevent a data breach: 10 best practices and tactics

When it comes to data breach prevention, the stakes are high. While it's impossible to eliminate the risk, organizations can minimize it by following these best practices. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Feature 28 Jul 2022
How to develop a data breach response plan: 5 steps

A data breach response plan outlines how a business will react to a breach. Follow these five steps, and use our free template to develop your organization's plan. Continue Reading
By
- Rob Shapland
News 28 Jul 2022
AWS adds anti-malware and PII visibility to storage

New tools unveiled by AWS at re:Inforce 2022 add new anti-malware capabilities to AWS block storage and a way to find personally identifiable information with S3 object storage. Continue Reading
By
- Tim McCarthy, News Writer
Feature 28 Jul 2022
How to secure data at rest, in use and in motion

With internal and external cyber threats on the rise, check out these tips to best protect and secure data at rest, in use and in motion. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 27 Jul 2022
Deepfake technology risky but intriguing for enterprises

Enterprises can generate synthetic data sets with the technology. It is useful in broadcast and for advertising. However, its privacy and political implications can be dangerous. Continue Reading
By
- Esther Shittu, News Writer
Definition 27 Jul 2022
data breach

A data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed or disclosed in an unauthorized fashion. Continue Reading
By
- Andrew Froehlich, West Gate Networks
- Katie Terrell Hanna
- Kevin Ferguson
Tip 22 Jul 2022
Top 10 enterprise data security best practices

To protect your organization's data and prevent its misuse, incorporate these 10 data security best practices into your enterprise data security strategy. Continue Reading
By
- Charles Kolodgy, Security Mindsets
Answer 22 Jul 2022
Symmetric vs. asymmetric encryption: What's the difference?

Explore the differences between symmetric vs. asymmetric encryption, including how they work and common algorithms, as well as their pros and cons. Continue Reading
By
- Michael Cobb
Definition 20 Jul 2022
data compliance

Data compliance is a process that identifies the applicable governance for data protection, security, storage and other activities and establishes policies, procedures and protocols ensuring data is fully protected from unauthorized access and use, malware and other cybersecurity threats. Continue Reading
By
- Paul Kirvan
Definition 19 Jul 2022
Information Technology Amendment Act 2008 (IT Act 2008)

The Information Technology Amendment Act 2008 (IT Act 2008) is a substantial addition to India's Information Technology Act 2000. Continue Reading
By
- Katie Terrell Hanna
Tip 18 Jul 2022
Key factors to achieve data security in cloud computing

Enterprises face a variety of data security concerns when deploying assets to the cloud. But there are some guidelines you can follow to make sure your assets are protected. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 15 Jul 2022
Cryptocurrency mixer activity reaches new heights in 2022

Chainalysis observed a stark uptick in April that led to a steady decline in May and June, but illicit addresses and DeFi platforms have kept mixers busy so far this year. Continue Reading
By
- Arielle Waldman, News Writer
Podcast 15 Jul 2022
Risk & Repeat: Ransomware in 2022 so far

This podcast episode discusses ransomware in 2022, including an apparent decrease in attacks, the evolution of cybercrime operations and the lack of visibility into the threat. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Jul 2022
Cryptocurrency crash triggers crisis for dark web exchanges

Cybersixgill says dark web exchanges that help cybercriminals launder their funds are facing a crisis as users are cashing out amid a cryptocurrency price crash. Continue Reading
By
- Shaun Nichols
Tip 14 Jul 2022
SecOps vs. CloudSecOps: What does a CloudSecOps team do?

Now, more than ever, organizations need to build controls, monitor and enact security response activities for the cloud. This is where the CloudSecOps team comes into play. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 14 Jul 2022
How AI governance and data privacy go hand in hand

Given instances where AI compromise data privacy and security, it's imperative that organizations understand both AI and data privacy can coexist in their AI governance frameworks. Continue Reading
By
- Kashyap Kompella, RPA2AI Research
News 13 Jul 2022
Researcher develops Hive ransomware decryption tool

Despite being only a year old, Hive ransomware has grown into a prominent ransomware-as-a-service operator. The decryptor tackles Hive's newer, better-encrypted version. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 13 Jul 2022
Supreme Court justices doxxed on dark web

Five conservative Supreme Court justices were reportedly doxxed by threat actors that claim to have obtained credit card numbers, addresses and other information. Continue Reading
By
- Shaun Nichols
Tip 11 Jul 2022
How end-to-end encryption supports secure team collaboration

End-to-end encryption provides secure collaboration but limits certain productivity features. Learn how end-to-end encryption fits in a team collaboration security strategy. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Feature 08 Jul 2022
Top 7 types of data security technology

These seven types of data security technologies -- from encryption to masking -- will better protect customer and enterprise data from inappropriate and unauthorized access and use. Continue Reading
By
- Kyle Johnson, Technology Editor
News 07 Jul 2022
Early detection crucial in stopping BEC scams

Cofense Intelligence studied hundreds of business email compromise attacks and found that most scams attempt to establish trust with targeted employees over multiple emails. Continue Reading
By
- Shaun Nichols
News 07 Jul 2022
Public sector still facing ransomware attacks amid decline

While ransomware activity has reportedly decreased worldwide in recent months, several public sector organizations in the U.S. suffered attacks in June. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
Definition 06 Jul 2022
blended threat

A blended threat is an exploit that combines elements of multiple types of malware and usually employs various attack vectors to increase the severity of damage and the speed of contagion. Continue Reading
By
- Kinza Yasar, Technical Writer
News 05 Jul 2022
Ransomware in 2022: Evolving threats, slow progress

Experts say trends involving new forms of leverage, increasing numbers of affiliates and the evolving cyber insurance market are shaping the ransomware landscape in 2022. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 28 Jun 2022
Cisco Talos techniques uncover ransomware sites on dark web

One of the three techniques Cisco Talos used to de-anonymize ransomware dark web sites is to match TLS certificate serial numbers from dark web leak sites to the clear web. Continue Reading
By
- Alexander Culafi, Senior News Writer
Guest Post 23 Jun 2022
3 threats dirty data poses to the enterprise

The Information Security Forum predicted dirty data will pose three threats to the enterprise. Learn about these threats, and get tips on how to protect your organization from them. Continue Reading
By
- Steve Durbin
News 22 Jun 2022
Kaspersky unveils unknown APT actor 'ToddyCat'

The origin of 'ToddyCat' is unknown. However, Kaspersky said the APT actor carries similarities with a number of Chinese-speaking threat groups. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 22 Jun 2022
Publicly disclosed U.S. ransomware attacks database

Each day SearchSecurity looks for every publicly available instance of a ransomware attack in the U.S. and compiles this data into a list to keep readers updated on recent threats. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
News 20 Jun 2022
Cleveland BSides takes heat for Chris Hadnagy appearance

The Cleveland BSides security conference is experiencing turmoil after booking a 'surprise' keynote speaker who was recently barred from DEF CON for misconduct. Continue Reading
By
- Shaun Nichols
News 20 Jun 2022
Paige Thompson found guilty in 2019 Capital One data breach

The former Amazon engineer who hacked AWS and gained access to sensitive data belonging to Capital One customers has been convicted. Continue Reading
By
- Arielle Waldman, News Writer
News 20 Jun 2022
Healthcare breaches on the rise in 2022

According to U.S. government data, the number of healthcare breaches in the first five months of 2022 has nearly doubled from the same period last year. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
News 17 Jun 2022
Hertzbleed disclosure raises questions for Intel

Hertzbleed, a family of new side-channel attacks, was first reported to Intel in the third quarter of 2021, and it's unclear why it was kept under embargo for so long. Continue Reading
By
- Alexander Culafi, Senior News Writer
Podcast 16 Jun 2022
Risk & Repeat: Recapping RSA Conference 2022

This Risk & Repeat episode discusses RSA Conference 2022 and major themes, such as the evolving ransomware landscape and the government's strategy to address nation-state threats. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 16 Jun 2022
How hackers use AI and machine learning to target enterprises

AI benefits security teams and cybercriminals alike. Learn how hackers use AI and machine learning to target enterprises, and get tips on preventing AI-focused cyber attacks. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 15 Jun 2022
Alphv ransomware gang ups pressure with new extortion scheme

The ransomware operators this week launched a website for victims' employees and customers to search for any stolen personal information following an attack. Continue Reading
By
- Arielle Waldman, News Writer
Tip 14 Jun 2022
3 steps for CDOs to ensure data sovereignty in the cloud

Data sovereignty regulations, combined with a tsunami of data growth and increased cloud usage, have created a perfect storm that chief data officers must manage. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
Feature 10 Jun 2022
3 types of PKI certificates and their use cases

Public key infrastructure helps authenticate senders via cryptography and digital certificates. Learn about three types of PKI certificates and their use cases. Continue Reading
By
- Isabella Harford, TechTarget
News 02 Jun 2022
May ransomware attacks strike municipal governments, IT firms

A major agriculture machinery vendor as well as a handful of other private companies and municipal governments were the targets of ransomware attacks in May. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
News 01 Jun 2022
Hackers ransom 1,200 exposed Elasticsearch databases

An extensive extortion operation didn't need exploits or vulnerabilities to take over more than 1,200 Elasticsearch databases and demand bitcoin payments, according to Secureworks. Continue Reading
By
- Shaun Nichols
News 01 Jun 2022
Forescout proof-of-concept ransomware attack affects IoT, OT

Forescout's proof of concept showed how an attacker could use an IoT camera to gain access to an enterprise's IT network and then shut down operational technology hardware. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 26 May 2022
Twitter fined $150M for misusing 2FA data

The DOJ and FTC said the social media company misused consumers' personal data for advertisement purposes, from which it gained benefit. Continue Reading
By
- Arielle Waldman, News Writer
News 24 May 2022
Verizon DBIR: Ransomware dominated threat landscape in 2021

Though ransomware became an increasingly large threat to enterprises last year, Verizon's Data Breach Investigations Report found the model may not be as profitable as expected. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 23 May 2022
ESG analysts discuss how to manage compliance, data privacy

ESG analysts offer three recommendations for effective data governance: good C-level and IT leadership, visibility into cloud infrastructure and understanding cloud architecture. Continue Reading
By
- Christophe Bertrand
- Vinny Choinski, Senior Analyst
News 23 May 2022
AdvIntel: Conti rebranding as several new ransomware groups

According to AdvIntel's research, the Conti ransomware group's attack on the Costa Rican government was part of a rebranding effort, as the gang's ransom payments had dried up. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 20 May 2022
How to counter insider threats in the software supply chain

Insider threats extend beyond employees within your company to include people working at partners and third parties. Learn about these insider threats in the software supply chain. Continue Reading
By
- Will Kelly
News 18 May 2022
Axie Infinity hack highlights DPRK cryptocurrency heists

The $620 million hack of developer Sky Mavis earlier this year is only the latest in a long line of cryptocurrency platform attacks conducted by North Korean nation-state actors. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 17 May 2022
6 key steps to develop a data governance strategy

Data governance shouldn't be built around technology, but the other way around. Existing infrastructure, executive support, data literacy, metrics and proper tools are essential. Continue Reading
By
- Donald Farmer, TreeHive Strategy
News 17 May 2022
Cardiologist charged with creating Thanos, Jigsaw ransomware

Moises Luis Zagala Gonzalez, 55, faces up to five years in prison for each of the two charges connected to his alleged role in creating Thanos and Jigsaw ransomware. Continue Reading
By
- Alexander Culafi, Senior News Writer
Guest Post 17 May 2022
5 steps to ensure a successful access management strategy

Access management is top of mind for organizations, especially in the hybrid workspace. Follow these five steps to create an access management strategy that benefits all users. Continue Reading
By
- Michael Kelley
Tip 13 May 2022
7 best practices for successful data governance programs

A comprehensive, companywide data governance program strengthens data infrastructure, improves compliance initiatives, supports strategic intelligence and boosts customer loyalty. Continue Reading
By
- Donald Farmer, TreeHive Strategy
News 12 May 2022
Iranian APT Cobalt Mirage launching ransomware attacks

Secureworks researchers said a new Iranian state-sponsored threat group is melding government and financial interests by targeting U.S. organizations with ransomware attacks. Continue Reading
By
- Shaun Nichols
Tip 12 May 2022
3 ways to apply security by design in the cloud

Applying security-by-design principles to the cloud may not seem straightforward, but there are several ways to do so. These three areas are a good place to start. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 12 May 2022
Vendors, governments make ransomware decryptors more common

Ransomware decryption tools are increasingly common today, thanks to cybersecurity vendors and law enforcement agencies working on cracking past and present ransomware threats. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
Answer 12 May 2022
Zero trust vs. zero-knowledge proof: What's the difference?

Zero-knowledge proofs can help companies implement a zero-trust framework. Learn about the two concepts and how they come together to better secure networks. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Answer 09 May 2022
What are some tips for storage of sensitive data?

Loss or theft of sensitive data can lead to legal, compliance and business consequences. Be sure to take proper precautions to securely store that data. Continue Reading
By
- Paul Kirvan
News 09 May 2022
Victims of Horizon Actuarial data breach exceed 1M

Five months after the data breach was discovered, the number of Horizon Actuarial Services customers and individuals affected by the attack has climbed significantly. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
News 09 May 2022
US offers $10M bounty for Conti ransomware information

The bounty follows a recent Conti ransomware attack that Costa Rica suffered in April. The country's new president, Rodrigo Chaves, declared a national emergency Sunday. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 09 May 2022
The top secure software development frameworks

Keeping security top of mind when developing software is paramount. Learn how to incorporate security into the SDLC with the top secure software development frameworks. Continue Reading
By
- Paul Kirvan
News 06 May 2022
Cryptocurrency mixer sanctioned over Lazarus Group ties

North Korea's Lazarus Group is accused of stealing more than $600 million in the Axie Infinity hack and laundering a chunk through the Blender.io mixing service. Continue Reading
By
- Shaun Nichols
News 04 May 2022
Coveware: Double-extortion ransomware attacks fell in Q1

Coveware said double-extortion ransomware may be replaced with 'big shame ransomware,' in which an attacker threatens to leak sensitive data without encrypting it. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 03 May 2022
Cyber-war gaming: A cybersecurity tabletop exercise

Based off military war games, cyber-war gaming examines a company's security posture. Learn how it works, the readiness needed, who should be involved and more. Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 02 May 2022
Do phishing simulations work? Sometimes

Phishing simulations are becoming increasingly popular to pinpoint which employees fall victim to scams, but their effectiveness and morality have been called into question. Continue Reading
By
- Isabella Harford, TechTarget
News 28 Apr 2022
Check Point: Ransomware attacks lasted 9.9 days in 2021

Check Point Research and Kovrr found ransomware attack victims paid out 89% of the ransom demand on average in 2019. The figure dropped to 27% in 2020 before rising to 49% in 2021. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 28 Apr 2022
How enterprises can ensure NVMe security in 2.0

Today's world demands airtight security more than ever. Key NVMe security features, such as namespaces, the Lockdown command and TLS in NVMe over TCP, keep data safe. Continue Reading
By
- Dave Raffo
News 28 Apr 2022
Phishing attacks benefiting from shady SEO practices

Cybercriminals running phishing operations are now making use of SEO specialists that break Google's rules to get themselves placed above legitimate search results to lure victims. Continue Reading
By
- Shaun Nichols
News 27 Apr 2022
Sophos: 66% of organizations hit by ransomware in 2021

Forty-four percent of organizations surveyed by Sophos said they used multiple approaches to recover data following a ransomware attack, including paying ransoms and using backups. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 27 Apr 2022
Best practices for creating an insider threat program

A thorough insider threat program includes plan preparation, threat assessment, and plan review and renewal. Learn how to implement this three-step model to protect your company. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
Opinion 26 Apr 2022
Data security requires DLP platform convergence

Cloud adoption, combined with an anytime, anyplace, any device workforce requires a converged data loss prevention platform to secure data -- not point products with DLP features. Continue Reading
By
- Jack Poller
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 25 Apr 2022
T-Mobile breached in apparent Lapsus$ attack

Lapsus$'s alleged theft of T-Mobile source code is in line with its previous activity; the cybercrime group previously stole code from Microsoft and Samsung. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 20 Apr 2022
Kaspersky releases decryptor for Yanluowang ransomware

Kaspersky is offering users and admins a tool to decrypt data that had been locked away by the emerging Yanluowang ransomware gang, which was first revealed in December. Continue Reading
By
- Shaun Nichols
News 18 Apr 2022
Pegasus spyware discovered on U.K. government networks

Citizen Lab confirmed it spotted the notorious spyware running on systems within the U.K. prime minister's office, and it believes the United Arab Emirates is to blame. Continue Reading
By
- Shaun Nichols
Feature 14 Apr 2022
Study attests: Cloud apps, remote users add to data loss

A study from ESG found many customers attribute data loss and compliance troubles to the race to put apps in the cloud and accommodate remote workers amid the pandemic. Continue Reading
By
- Margie Semilof, TechTarget
News 12 Apr 2022
Law enforcement takedowns continue with RaidForums seizure

The hacker forum, which used to sell and purchase sensitive information including login credentials, has been dismantled, and its alleged founder was arrested and indicted. Continue Reading
By
- Arielle Waldman, News Writer
Tip 11 Apr 2022
6 enterprise secure file transfer best practices

Employees can share files with the click of a button -- but don't let the efficiency fool you. Use these secure file transfer best practices to avoid exposing confidential data. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 08 Apr 2022
Fin7 hacker sentenced to 5 years in prison

A Ukrainian man has been sentenced to five years in prison after being convicted as one of the primary hackers behind the notorious Fin7 financial malware ring. Continue Reading
By
- Shaun Nichols
Definition 08 Apr 2022
contextual marketing

Contextual marketing is an online marketing strategy model in which people are served with targeted advertising based on their search terms or their recent browsing behavior. Continue Reading
By
- Katie Terrell Hanna
Tip 07 Apr 2022
Pen testing guide: Types, steps, methodologies and frameworks

Penetration testing helps organizations find security vulnerabilities before hackers do. Uncover details about pen testing steps, methodologies, frameworks and standards. Continue Reading
By
- Paul Kirvan
News 05 Apr 2022
German authorities behead dark web Hydra Market

Police in Germany raided facilities hosting the infamous Hydra Market site as part of an international effort to crack down on dark web forums and marketplaces. Continue Reading
By
- Shaun Nichols
News 04 Apr 2022
Cryptocurrency companies targeted in Mailchimp breach

Cryptocurrency wallet maker Trezor revealed phishing attacks against its customers that stemmed from a breach at Mailchimp, which the email marketing firm later confirmed. Continue Reading
By
- Arielle Waldman, News Writer
News 01 Apr 2022
CrowdStrike finds 'logging inaccuracies' in Microsoft 365

CrowdStrike says Microsoft's cloud offering may not be accurately taking logs of user sign-ins, and that could pose a threat to protecting networks and investigating attacks. Continue Reading
By
- Shaun Nichols
Feature 31 Mar 2022
The importance of HR's role in cybersecurity

HR teams must keep security top of mind when hiring and onboarding employees and enforcing data privacy policies. Get advice on the procedures and mechanisms to do so. Continue Reading
By
- Isabella Harford, TechTarget
- Packt Publishing
Feature 31 Mar 2022
Why CISOs need to understand the business

While CISOs need technical skills, business skills help them push their team's agenda and get the support and funding they need to protect their company. Continue Reading
By
- Isabella Harford, TechTarget
News 30 Mar 2022
Lack of competition is driving federal budget antitrust hike

In Biden's proposed budget, the FTC would gain an additional $139 million, while the DOJ's antitrust division would see an $88 million increase. Continue Reading
By
- Makenzie Holland, Senior News Writer
Tip 29 Mar 2022
Why is document version control important?

Although best practices have changed, many organizations lack a suitable versioning strategy. Proper document version control can improve collaboration and fact-checking. Continue Reading
By
- Laurence Hart, CGI Federal
Guest Post 28 Mar 2022
The benefits and challenges of SBOMs

While software bills of material present new challenges for security teams, they offer the benefits of improved visibility, transparency and security. Continue Reading
By
- Manjunath Bhat
Tip 25 Mar 2022
Review Microsoft Defender for endpoint security pros and cons

Microsoft wants to make Defender the only endpoint security product companies need, but does the good outweigh the bad? Read up on its features and pitfalls. Continue Reading
By
- Johna Till Johnson, Nemertes Research
Podcast 25 Mar 2022
Risk & Repeat: Lapsus$ highlights poor breach disclosures

This Risk & Repeat podcast episode examines two high-profile breaches by emerging threat group Lapsus$ and how Microsoft and Okta responded to these attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 24 Mar 2022
How to overcome GDPR compliance challenges

As GDPR fines and penalties increase, organizations must prioritize compliance to avoid financial and reputational damages. Learn about the top challenges and their solutions. Continue Reading
By
- Paul Kirvan
News 24 Mar 2022
Okta provides new details on Lapsus$ attack

The authentication provider shed new light on how a customer service agent at subcontractor Sitel was hacked and then used to obtain data on hundreds of Okta clients. Continue Reading
By
- Shaun Nichols
News 23 Mar 2022
Lawsuit claims Kronos breach exposed data for 'millions'

A class-action lawsuit was filed against Ultimate Kronos Group for alleged negligence regarding a ransomware attack and private cloud breach in December. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
News 23 Mar 2022
Microsoft confirms breach, attributes attack to Lapsus$

Microsoft disclosed it had been breached by emerging threat group Lapsus$ toward the end of a threat intelligence post dedicated to the extortion gang and its tactics. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 22 Mar 2022
Lapsus$ hacking group hit authentication vendor Okta

Authentication vendor Okta is the latest tech giant to be named as a victim of the prolific Lapsus$ crew, through key details about the attack remain in dispute. Continue Reading
By
- Shaun Nichols
News 21 Mar 2022
Cryptocurrency companies impacted by HubSpot breach

A compromised employee account at HubSpot led to the breach of several companies' customers in the cryptocurrency industry. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
News 16 Mar 2022
FTC accuses CafePress of covering up 2019 data breach

The proposed FTC settlement would require CafePress' former owner to pay $500,000 in compensation to customers who were victimized in the company's 2019 data breach. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 16 Mar 2022
10 key elements to follow data compliance regulations

Data privacy laws are changing around the world on a constant basis. These 10 elements can help keep organizations up to speed with data compliance regulations. Continue Reading
By
- Mary K. Pratt
News 16 Mar 2022
Biden signs law on reporting critical infrastructure cyber attacks

President Joe Biden signed a law that requires critical infrastructure entities to report cyber attacks within 72 hours and report ransom payments in 24 hours. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
News 15 Mar 2022
Container vulnerability opens door for supply chain attacks

A CRI-O container engine vulnerability could allow attackers to bypass security controls and take over a host system, according to CrowdStrike researchers. Continue Reading
By
- Shaun Nichols
Tip 15 Mar 2022
How endpoint encryption works in a data security strategy

Companies should use encryption to keep data on endpoints protected should an attacker successfully get hold of a device or breach enterprise security measures. Continue Reading
By
- Michael Cobb
News 15 Mar 2022
Infosec news cycles: How quickly do they fade?

Google Trends spikes, on average, lasted a few weeks for major infosec news events like SolarWinds, Log4Shell and the Colonial Pipeline ransomware attack. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 11 Mar 2022
How to write an information security policy, plus templates

Infosec policies are key to any enterprise security program. Read up on types of security policies and how to write one, and download free templates to start the drafting process. Continue Reading
By
- Paul Kirvan