Towerwall's InfoSec Blog
Content Type
- Enterprise (299)
- cannabis (258)
- cybersecurity (134)
- Information Security (124)
- Compliance (104)
- Data Security (100)
- ransomware (99)
- Security (98)
- Security Threat (91)
- Phishing (90)
- cybercriminals (84)
- security policy (84)
- malware (79)
- information security tips (74)
- security software (71)
- Compliance & Privacy (70)
- Data Breach (70)
- Application Security (69)
- Security Program (67)
- Security Regulations (67)
- network security (66)
- Mobile Security (63)
- Security Services (60)
- Hackers (59)
- Cloud Security (55)
- Security Alert (55)
- penetration testing (55)
- GDPR (51)
- COVID-19 (50)
- HIPAA (50)
- PCI (46)
- security research (45)
- Data Privacy (44)
- cyber-attack (44)
- Security Partners (41)
- Events (37)
- Big Data (30)
- Mobile Apps (30)
- Mobile Devices (29)
- Mobile Protection (24)
- Business Continuity (22)
- credit card security (22)
- Fractional Chief Information Security Officer (CIS (19)
- Webinar (19)
- Information Security Summit (18)
- Michelle Drolet (18)
- Social Engineering (18)
- Worcester Business Journal (18)
- BYOD (16)
- financial security (16)
- Sophos (15)
- Towerwall (15)
- threat landscape (15)
- vCISO (15)
- cloud services (14)
- endpoint security system (14)
- Internet of Things (13)
- passwords (13)
- vulnerability management (13)
- CCPA (12)
- 10 Things I Know (11)
- Web Browser (11)
- Gap Assessment (10)
- Virtual CISO (10)
- cannabis compliance (10)
- Assessment (9)
- Web Application Firewall (9)
- web server (9)
- web users (9)
- CISO (8)
- T-Mobile (8)
- cannabis security (8)
- iPhone (8)
- General Data Protection Regulation (GDPR) (7)
- Government Compliance Regulations (7)
- MassBay Community College (7)
- SnoopWall (7)
- Tablets (7)
- Web Storage (7)
- phishing attacks (7)
- software updates (7)
- BrightTalk (6)
- IoT security (6)
- Microsoft (6)
- meetup (6)
- Android (5)
- Apple (5)
- Encryption (5)
- Equifax (5)
- European General Data Protection Regulation (GDPR) (5)
- IT Infrastructure (5)
- InfoSec at Your Services (5)
- InfoSec at Your Services Meetup (5)
- IoT (5)
- Armis (4)
- Coronavirus (4)
- Forbes Technology Council (4)
- ID Theft (4)
- Mac (4)
- NIST (4)
- NetworkWorld (4)
- OWASP (4)
- Varonis (4)
- email scam (4)
- iOS (4)
- 2016 Outstanding Women in Business (3)
- AT&T (3)
- Becker College (3)
- Breach Response (3)
- California Consumer Privacy Act (CCPA) (3)
- CannaCare (3)
- Cryptolocker (3)
- Cybersecurity Framework (3)
- DROWN (3)
- GRC (3)
- Heartbleed (3)
- ISSA (3)
- ISSA New England (3)
- Linkedin (3)
- Massachusetts (3)
- Middlesex Savings Bank (3)
- Penetration Tests (3)
- Third-party Vendor (3)
- Verizon (3)
- Wireless (3)
- Yahoo (3)
- Zero Trust (3)
- artificial intelligence (3)
- cybercrime (3)
- iOS update (3)
- internal emails (3)
- medical marijuana (3)
- software systems (3)
- #WBJITFORUM (2)
- #summitbuzz19 (2)
- 4E Methodology (2)
- AMG (2)
- AlienVault (2)
- Allegro MicroSystems (2)
- Amazon (2)
- Banking Cannabis (2)
- Bluetooth (2)
- Boston (2)
- Botnet (2)
- Breach Prevention (2)
- Budget (2)
- CDW (2)
- CEO (2)
- Cache (2)
- Candy Alexander (2)
- Center for Internet Security (CIS) (2)
- Community Involvement (2)
- CryptoWall v3 (2)
- Cyber Security (2)
- Cyber Security Career Lifecycle ( CSCL ) (2)
- CyberSN (2)
- Darktrace Ltd (2)
- Data breaches (2)
- Educate (2)
- Endpoint Protection (2)
- Establish (2)
- FBI (2)
- Facebook (2)
- Firefox (2)
- Fortinet (2)
- Framingham (2)
- Gary Miliefsky (2)
- General Data Protection Regulation (2)
- Gmail (2)
- Hack (2)
- ISACA (2)
- ISO 27001/2 (2)
- Incident Response Plan (2)
- Information Security Summit 2016 (2)
- Information Security Summit 2017 (2)
- Information Systems Security Association (ISSA) (2)
- Intercept X (2)
- Internet Explorer (2)
- Linux (2)
- Michael Lyons (2)
- Office (2)
- Open Web Application Security Project (OWASP) (2)
- Outlook (2)
- PhishMe (2)
- Qnext/FileFlex (2)
- RSA (2)
- Regulated Industries (2)
- Remote Workforce (2)
- Risk Management (2)
- SOX (2)
- SSL (2)
- Secure Development Life Cycle Plan (SDLC) (2)
- Security Awareness Training Program (2)
- Security BSides Boston 2016 (2)
- Shockwave. Internet Explorer (2)
- Smart Device (2)
- Smart Home (2)
- Smartphone (2)
- Sophos Intercept X (2)
- Training (2)
- Twinstate (2)
- Twitter (2)
- Wearables (2)
- Windows (2)
- bot-infected (2)
- cisco (2)
- cybersecurity trends (2)
- edge-cloud architecture (2)
- employee (2)
- endpoint detection (2)
- hackings (2)
- infected computer (2)
- infected phone (2)
- malwarebytes (2)
- medical cannabis (2)
- password (2)
- password protection (2)
- scammers (2)
- spear phishing (2)
- third party applications (2)
- two-factor authentification (2)
- vulnerability scanning (2)
- #brainbabe (1)
- #summitbuzz18 (1)
- 20 Critical Security Controls (1)
- 2017 Community Leadership Breakfast (1)
- 2017 Power 30 Solution Providers (1)
- 2018 (1)
- 2019 (1)
- 3D Printing (1)
- AOL (1)
- APT (1)
- AT&T Alien Labs Open Threat Exchange (OTX) (1)
- ATM (1)
- Ad Threats (1)
- Add-ons (1)
- Advanced Threat Detection (1)
- Alien Vault (1)
- Anti-Phishing Working Group (APWG) (1)
- Apple Pay (1)
- Appliance Analysts (1)
- Application Software Security (1)
- April Fools (1)
- BSides Boston (1)
- Bash (1)
- Big Switch (1)
- Breach Response Plan (1)
- Bro (1)
- Bugcrowd (1)
- CES (1)
- CFO (1)
- CIA (1)
- CIO (1)
- CIS Controls (1)
- CIS Controls 16 (1)
- CIS Controls 17 (1)
- CNBC (1)
- COSO Cube (1)
- CPEs (1)
- CRNtv (1)
- CSF (1)
- CTO (1)
- CYBER (1)
- Cash (1)
- Channel Partners (1)
- Chief Security Officer (1)
- China hack (1)
- Chrome (1)
- Clickbait (1)
- Community Leadership (1)
- Compliance and Regulations (1)
- Conference (1)
- Conficker (1)
- Consumer Privacy Rights and Enforcement Act (1)
- Cookies (1)
- Corporate Security (1)
- Counterintelligence Program (1)
- CreditDonkey (1)
- Crisis Response Plan (1)
- Critical Security Controls (CSC) (1)
- CryptoWall (1)
- Cumberland County College's 2017 Business Leaders' (1)
- Cyber Defense Magazine (1)
- Cyber Resilience (1)
- Cyber Security Leader 2016 (1)
- Cyber Security Leader for 2016 (1)
- Cyber Security education (1)
- Cyberattack (1)
- DDoS attacks (1)
- DOM (1)
- DPO (1)
- DRIDEX botnet (1)
- DROWN vulnerability (1)
- Dark Reading (1)
- Darkode (1)
- Data Loss Prevention (DLP) (1)
- Data Protection Officer (1)
- Deidre Diamond (1)
- Democratic Party (1)
- Department of Consumer Affairs (1)
- DevOps (1)
- Diana Kelley (1)
- Dr. David Podell (1)
- Drug Policy Alliance (1)
- EDR (1)
- EMV credit cards (1)
- ETag (1)
- EU Data Protection (1)
- EU legislation (1)
- Enforce (1)
- Entrepreneurship (1)
- European Data Protection Board (EDPB) (1)
- European Union (1)
- Evaluate (1)
- FCC (1)
- FISMA (1)
- FREAK (1)
- FTG (1)
- Fingerprinting (1)
- Flash Cookies (1)
- Forbes (1)
- Foundation for MetroWest (1)
- Fox 25 (1)
- Framework (1)
- Free Security Tools (1)
- GDPR Fines (1)
- GHOST (1)
- GNU Bash Remote Code Execution Vulnerability (1)
- Gartner (1)
- General Data Protection Legislation (GDPR) (1)
- Gift Cards (1)
- Gigamon (1)
- Google (1)
- Google Wallet (1)
- GovConnection (1)
- HTML (1)
- HTTP (1)
- HTTPS (1)
- Have I Been Pwned? (1)
- Health Insurance Portability & Accountability (1)
- Hidden URLs (1)
- IAST (1)
- IBM (1)
- IE (1)
- ISSA International Awards (1)
- ISSA International Conference (1)
- ISSA New England Chapter Meeting (1)
- IT Support (1)
- IT Systems (1)
- IT departments (1)
- Imperva (1)
- Imperva Scuba Database Vulnerability Scanner (1)
- Incident Response and Management (1)
- InfoSec at your Service (1)
- Information Security Summit Scholarship (1)
- Information Systems Security Association (1)
- Infraguard (1)
- Interwork (1)
- Intrusion Detection Systems (1)
- Iowa Voting App (1)
- Java (1)
- Jeffrey Davis (1)
- Juniper (1)
- Juniper Netwroks (1)
- KISSmetrics (1)
- Kali Linux (1)
- Kismet (1)
- Kmart (1)
- KnowBe4 Phish-prone (1)
- KnowBe4 RanSim (1)
- Known vulnerabilities (1)
- KrebsonSecurity (1)
- LSO (1)
- Legal weed (1)
- LogRhythem (1)
- LogRhythm NetMon Freemium (1)
- MJ Freeway (1)
- MaaS (1)
- Mac OSX (1)
- Malicious software (1)
- Malvertising (1)
- Mark Zuckerberg’ (1)
- Mary Shia (1)
- Mass Bay Community College (1)
- Mass Department of Public Health (1)
- MassBay (1)
- MetroWest (1)
- Microsoft NERD (1)
- Misconfigurations (1)
- Multi-Stage Attacks (1)
- NFC (1)
- NIST Cybersecurity Framework (1)
- NIST Cybersecurity Framework (CSF) (1)
- NIST framework (1)
- Nadir Izrael (1)
- National Initiative for Cybersecurity Education (N (1)
- National Institute of Standards and Technology (NI (1)
- National Security Agency (NSA) (1)
- Near-Term ROI (1)
- Nigerian prince (1)
- OSSEC (1)
- Offensive Security (1)
- Open DLP (1)
- Open Source (1)
- Outstanding Women in Business (1)
- PIE (1)
- Patch (1)
- PayPal (1)
- Pcysys (1)
- PenTera (1)
- Penalties (1)
- Pinterest (1)
- Ponemon Institute (1)
- Ponemon Institute Data Breach (1)
- Portables (1)
- Pot Compliance (1)
- Private Browsing (1)
- Pseudonymization (1)
- Public Wi-Fi (1)
- Pwn2Own (1)
- Qualys (1)
- Qualys Cloud Platform Community Edition (1)
- Quizzes (1)
- RFID credit cards (1)
- Radio Entrepreneurs (1)
- Ransomware Protection (1)
- Red Team Exercises (1)
- Risk Management Strategy And Program (1)
- Romance Scams (1)
- SHA1 (1)
- SHI (1)
- SIMDA botnet (1)
- SPAM (1)
- SQL injection (1)
- SSLv2 (1)
- SSLv2 server (1)
- Safari (1)
- SamSam attack (1)
- Scams (1)
- Scholarship (1)
- Science and Technology Tagged With: cannabis compl (1)
- Secure Building (1)
- Securonix (1)
- Settings (1)
- Shellshock. Bash bug (1)
- Shortened URLs (1)
- Silicon Review (1)
- Smith & Wesson (1)
- Snort (1)
- Social Media (1)
- Social Phishing (1)
- Social Security Number (1)
- Sony (1)
- Sophos Intercept X for Mobile (1)
- Sophos SafeGuard Encryption 8 (1)
- Sophos XG Firewall Home Edition (1)
- Spear phishing emails (1)
- Special Publication 800-53 (1)
- Starbucks (1)
- State regulations (1)
- Stealthbits (1)
- Subject Access Request (SAR) (1)
- SuperCom (1)
- Syria (1)
- TCG (1)
- TCG Network Services (1)
- TLS (1)
- Target (1)
- Targeted Cyberattack (1)
- Tax (1)
- TechTarget (1)
- The Hawaii Dispensary Alliance (1)
- Third Party Outsourcing (1)
- Threat Intelligence (1)
- Title II of the Communications Act (1)
- Top Computer Security Blogs 2016 (1)
- Towerwall Security Alert (1)
- Towerwall in the News (1)
- Town Hall (1)
- Trend Mico (1)
- TrendMicro (1)
- Trends to Watch for in 2018 (1)
- Trojan-like Emotet (1)
- U.S. Department of Health (1)
- UPnP (1)
- USB (1)
- USM (1)
- Unified Security Management (USM) (1)
- Uniforms (1)
- Unix (1)
- Unsecured Wi-Fi (1)
- Unstructured Data (1)
- User behavior analytics (UBA) (1)
- VPN (1)
- Veeam (1)
- Virus (1)
- Vormetric (1)
- Vulnerability Management Plan (1)
- WannaCry (1)
- Whitelist (1)
- Whitepaper (1)
- Wi-Fi (1)
- Wikipedia (1)
- Wireless Access Control (1)
- Worcester Business Journal's IT Forum (1)
- WordPress (1)
- Xerox Corporation (1)
- Year in Review (1)
- Zero-Day Protection (1)
- Zero-day malware (1)
- Zero-trust networks (1)
- application testing (1)
- appsec (1)
- ata protection officer (1)
- auditing (1)
- authentication (1)
- behavior analytics (1)
- boston voyager (1)
- botnets (1)
- boundary defense (1)
- breach (1)
- business security (1)
- canna care (1)
- case study (1)
- certificates (1)
- cloud application security (1)
- cloud phishing (1)
- continuous data protection (CDP) (1)
- cyber defense (1)
- cyberattacks (1)
- cybersecurity professionals (1)
- dark web (1)
- darwin (1)
- darwin defense (1)
- data collection (1)
- data recovery capability (1)
- data recovery plan (1)
- data storage (1)
- database systems (1)
- device management (1)
- disaster recovery (1)
- eBay (1)
- endpoint visibility (1)
- firewalls (1)
- hacking (1)
- haveibeenpwned.com (1)
- high-profile data breaches (1)
- human error encryption (1)
- identification (1)
- independent testing (1)
- ito (1)
- lingo (1)
- machine learning (1)
- military (1)
- mobile malware (1)
- multifactor authentication (MFA) (1)
- open-source software (1)
- operationalizing cybersecurity (1)
- patch management (1)
- phishing attack (1)
- point-of-sale breach (1)
- pot dispensaries (1)
- private sector (1)
- protected health information (PHI) (1)
- public sector (1)
- quid pro quo (1)
- ransomware-as-a-service (1)
- remote browser isolation (RBI) (1)
- risk tolerance (1)
- routers (1)
- sandbox (1)
- secure configurations (1)
- security assumptions (1)
- security information and event management (SIEM) (1)
- small and midsize businesses (1)
- small to medium size enterprises (SMEs) (1)
- smart TV (1)
- smart fridge (1)
- smart-connected (1)
- software bugs (1)
- spambots (1)
- switches (1)
- tED Magazine (1)
- third-party partners (1)
- third-party social media plug-ins (1)
- trends (1)
- two-factor authentication (1)
- vulnerability (1)
- web application security (1)
- white market (1)
- zero-day (1)
Debunking 5 Reasons Businesses Use to Not Invest In Computer Security
Michelle Drolet
The rise of malware seems to have passed some people by. As the ranks of cybercriminals grow and they find new ways to exploit our systems and steal our data, a lot of computer users and small-business owners have convinced themselves that it won't happen to them. Here are five common excuses that explain why some people think they don't need computer security and the reasons why they do.
2 Minute Read
Towerwall Information Security Update Vol 13.78 - 3 ways to make your Outlook.com account safer
Michelle Drolet
3 ways to make your Outlook.com account safer by John Hawes
3 Minute Read
More Devices, More Problems.
Michelle Drolet
Check out this infographic for the numbers behind BYOD.
Shellshock , The Latest Mac OSX and Linux Vulnerabilty—
Michelle Drolet
By: Solange_Desc1 Security researchers have discovered a new software bug known as the “Bash Bug” or “Shellshock,” or to those more technically “in-the-know” as GNU Bash Remote Code Execution Vulnerability (CVE-2014-6271)(link is external). This bug, more correctly termed, ‘vulnerability’, potentially allows attackers to gain control over targeted computers. The bug is present in a piece of computer software called, Bash, that is typically found on computers running an operating system calledfalse
3 Minute Read
Towerwall Application Security Alert Vol 13.73
Michelle Drolet
1.2 billion logins scooped up by CyberVor hacking crew - what you need to do Hackers have amassed a vast collection of stolen data, including 1.2 billion unique username/password pairs, by compromising over 420,000 websites using SQL injection techniques. Researchers monitored the gang for over seven months, thought to be "fewer than a dozen men in their 20s who know one another personally" based in a small city in central Russia. They found that the group, working together since at least 2011,false
2 Minute Read
10 things I know about preventing ID theft
Michelle Drolet
10. Use cash or gift cards The threat of identity theft is reduced dramatically if you don't use your credit card for all your purchases, so consider using cash or even gift cards to pay your way.
1 Minute Read
Towerwall listed among “20 Most Promising Security Consulting Companies”
Michelle Drolet
Also named to CRN’s “Women in the Channel” and “The Power 50” BOSTON – May 12, 2014 – Towerwall (www.towerwall.com), an IT security services provider for small to mid-size businesses, today announced it was selected for inclusion in a list of the 20 “Most Promising Enterprise Security Consulting Companies.” The list was compiled by the editors of CIO Review, a magazine published in Fremont, Calif. “Presently, the time is apt to identify some of the right security players in the market. Wefalse
1 Minute Read
Reminder: Please join us at the Information Security Summit 2014
Michelle Drolet
Please save the date and plan to join us for this timely forum on what you need to know about the latest security issues, threats, and technologies that will help you protect your business!
Why security professionals need to get more creative with penetration testing (and how to do it)
Michelle Drolet
Criminals are evolving with their techniques for hacking and breaching corporate assets, so security managers need to as well. Here are some ways companies are going beyond standard pen testing in order to increase awareness By Maria Korolov Security professionals have long been running penetration tests against their firewalls and other security systems to find weaknesses that need to be addressed. The Common Vulnerability Scoring System is an industry standard, but has been around for afalse
4 Minute Read
Is Blind Trust Making You Unsafe?
Michelle Drolet
Personal and business relationships rely on trust to function, but blind trust in the digital world is downright dangerous. We’re asked to trust companies all the time. We trust them with personal details and they promise to keep them safe. It’s the same story in the enterprise. One company will entrust another to backup and store data, keeping it accessible for employees, but shutting out criminals and spies. Sometimes that trust proves to be misplaced, with disastrous results. On a personalfalse
1 Minute Read