Michelle Drolet

Failing to take basic security precautions with website passwords puts your data at risk Do you remember back in 2012 when LinkedIn was hacked? Around 6.5 million user passwords were posted on a Russian blog. There was a mandatory password reset for affected users, and LinkedIn released a statement advising people to enable two-step verification and use stronger passwords. Four years later, and the passwords of 117 million accounts were compromised. Worryingly, this came to light only when afalse

Make sure the Internet of Things isn’t a route for hackers to get into your home or workplace As more and more Internet-connected devices find their way into our homes and businesses, it’s important to remember that they represent a security risk. The Internet of Things (IoT) is growing rapidly, and in the rush for convenience, our privacy and safety is often an afterthought. Leaving them unsecured is the digital equivalent of leaving the back door unlocked. There are 5.5 million new thingsfalse

Higher education institutions are a prime target for cybercriminals, and IT needs resources to prevent attacks and provide a proper level of security No industry or sector is immune to data breaches, but some are targeted more often than others. Education came ahead of government, retail and financial sectors, and it was second only to healthcare on Trend Micro’s list of the most-breached industries. With more than 500 security breaches across 320 higher education institutions since 2005,false

Your company's data is its crown jewels, and you must protect it all times. CIS Controls 13, 14 and 15 will help you. Earlier we delved into disaster recovery and network security. Now it’s time to take a look at Critical Security Controls 13, 14 and 15, which cover data protection and access control. The Critical Security Controls are best practices devised by the Center for Internet Security (CIS), a nonprofit dedicated to improving cybersecurity in the public and private sectors. A company’sfalse

We will be attending, sponsoring and hosting the following InfoSec events this Spring / Summer. Join us!

10. Backup files every night. If you can access yesterday's files, then there is no need to pay to unlock them today.

Is your organization safe from all these connected devices? Wearables are rapidly invading the workplace in much the same way that smartphones did. Fitness trackers, smartwatches, head-mounted displays and other new form factors are beginning to capture the public imagination. Sales of wearable electronic devices topped 232 million in 2015, and Gartner forecasts they’ll rise 18.4% this year, when another 274.6 million devices are sold.

How security researchers and programmers hunt software bugs for cash rewards The business of bug hunting is a potentially lucrative one for both seasoned security researchers and amateurs with an interest in hacking. It’s an area that’s gaining legitimacy thanks to official bug bounty programs and hacking contests, but there’s still a seedy underbelly that unscrupulous bounty hunters can take advantage of if they successfully identify a vulnerability. The average cost of a data breach is $3.8false

Watch out for April Fools scamming on Friday by Kevin Frey Annually, businesses and organizations often put up jokes or pranks for April Fools’ Day. Google, Starbucks, Amazon, etc. are frequent participants. E.g. Last year, Amazon revamped their site to look their old, original 1999 version... and Google (known for multiples) turned its "Maps" app into the classic arcade game "Pac-Man." However, it is important to remember to think twice before clicking on things you receive on email or see onfalse

Complacency in addressing known vulnerabilities puts users at risk If you have even a passing interest in security vulnerabilities, there’s no chance that you missed the news about the DROWN vulnerability. It’s one of the biggest vulnerabilities to hit since Heartbleed, potentially impacting a third of all HTTPS websites. By exploiting the obsolete SSLv2 protocol, this flaw makes it possible for an attacker to eavesdrop on a TLS session. Because we use SSL and TLS encryption to shop, sendfalse