Data security and privacy

Secure data storage, data loss prevention and encryption are must-have components of any enterprise security strategy, especially as data threats and breaches become increasingly common. Get advice on these topics, along with the latest data security strategies, data backup and recovery info, and more.

Top Stories

News 20 Mar 2023
FBI arrests suspected BreachForums owner in New York

The BreachForums arrest occurred days after DC Health Link's data went up for sale on the dark web message board, though the affidavit did not cite the breach in the arrest. Continue Reading
Tip 16 Mar 2023
How to approach data loss prevention in virtual servers

As security risks evolve, organizations are turning to data loss prevention tools and methods to combat external and internal risks. Learn how to get started with DLP. Continue Reading

Tip 14 Jun 2022

3 steps for CDOs to ensure data sovereignty in the cloud

Data sovereignty regulations, combined with a tsunami of data growth and increased cloud usage, have created a perfect storm that chief data officers must manage. Continue Reading
Feature 10 Jun 2022

3 types of PKI certificates and their use cases

Public key infrastructure helps authenticate senders via cryptography and digital certificates. Learn about three types of PKI certificates and their use cases. Continue Reading
News 02 Jun 2022

May ransomware attacks strike municipal governments, IT firms

A major agriculture machinery vendor as well as a handful of other private companies and municipal governments were the targets of ransomware attacks in May. Continue Reading
News 01 Jun 2022

Hackers ransom 1,200 exposed Elasticsearch databases

An extensive extortion operation didn't need exploits or vulnerabilities to take over more than 1,200 Elasticsearch databases and demand bitcoin payments, according to Secureworks. Continue Reading
News 01 Jun 2022

Forescout proof-of-concept ransomware attack affects IoT, OT

Forescout's proof of concept showed how an attacker could use an IoT camera to gain access to an enterprise's IT network and then shut down operational technology hardware. Continue Reading
News 26 May 2022

Twitter fined $150M for misusing 2FA data

The DOJ and FTC said the social media company misused consumers' personal data for advertisement purposes, from which it gained benefit. Continue Reading
Feature 24 May 2022

Why using ransomware negotiation services is worth a try

If stakeholders decide to pay ransomware demands, using a ransomware negotiation service could improve the situation's outcome and lower the payout. Continue Reading
News 24 May 2022

Verizon DBIR: Ransomware dominated threat landscape in 2021

Though ransomware became an increasingly large threat to enterprises last year, Verizon's Data Breach Investigations Report found the model may not be as profitable as expected. Continue Reading
Opinion 23 May 2022

ESG analysts discuss how to manage compliance, data privacy

ESG analysts offer three recommendations for effective data governance: good C-level and IT leadership, visibility into cloud infrastructure and understanding cloud architecture. Continue Reading
News 23 May 2022

AdvIntel: Conti rebranding as several new ransomware groups

According to AdvIntel's research, the Conti ransomware group's attack on the Costa Rican government was part of a rebranding effort, as the gang's ransom payments had dried up. Continue Reading
Tip 20 May 2022

How to counter insider threats in the software supply chain

Insider threats extend beyond employees within your company to include people working at partners and third parties. Learn about these insider threats in the software supply chain. Continue Reading
News 18 May 2022

Axie Infinity hack highlights DPRK cryptocurrency heists

The $620 million hack of developer Sky Mavis earlier this year is only the latest in a long line of cryptocurrency platform attacks conducted by North Korean nation-state actors. Continue Reading
Tip 17 May 2022

6 key steps to develop a data governance strategy

Data governance shouldn't be built around technology, but the other way around. Existing infrastructure, executive support, data literacy, metrics and proper tools are essential. Continue Reading
News 17 May 2022

Cardiologist charged with creating Thanos, Jigsaw ransomware

Moises Luis Zagala Gonzalez, 55, faces up to five years in prison for each of the two charges connected to his alleged role in creating Thanos and Jigsaw ransomware. Continue Reading
Guest Post 17 May 2022

5 steps to ensure a successful access management strategy

Access management is top of mind for organizations, especially in the hybrid workspace. Follow these five steps to create an access management strategy that benefits all users. Continue Reading
Tip 13 May 2022

7 best practices for successful data governance programs

A comprehensive, companywide data governance program strengthens data infrastructure, improves compliance initiatives, supports strategic intelligence and boosts customer loyalty. Continue Reading
News 12 May 2022

Iranian APT Cobalt Mirage launching ransomware attacks

Secureworks researchers said a new Iranian state-sponsored threat group is melding government and financial interests by targeting U.S. organizations with ransomware attacks. Continue Reading
Tip 12 May 2022

3 ways to apply security by design in the cloud

Applying security-by-design principles to the cloud may not seem straightforward, but there are several ways to do so. These three areas are a good place to start. Continue Reading
News 12 May 2022

Vendors, governments make ransomware decryptors more common

Ransomware decryption tools are increasingly common today, thanks to cybersecurity vendors and law enforcement agencies working on cracking past and present ransomware threats. Continue Reading
Answer 12 May 2022

Zero trust vs. zero-knowledge proof: What's the difference?

Zero-knowledge proofs can help companies implement a zero-trust framework. Learn about the two concepts and how they come together to better secure networks. Continue Reading
Answer 09 May 2022

What are some tips for storage of sensitive data?

Loss or theft of sensitive data can lead to legal, compliance and business consequences. Be sure to take proper precautions to securely store that data. Continue Reading
News 09 May 2022

Victims of Horizon Actuarial data breach exceed 1M

Five months after the data breach was discovered, the number of Horizon Actuarial Services customers and individuals affected by the attack has climbed significantly. Continue Reading
News 09 May 2022

US offers $10M bounty for Conti ransomware information

The bounty follows a recent Conti ransomware attack that Costa Rica suffered in April. The country's new president, Rodrigo Chaves, declared a national emergency Sunday. Continue Reading
Tip 09 May 2022

The top secure software development frameworks

Keeping security top of mind when developing software is paramount. Learn how to incorporate security into the SDLC with the top secure software development frameworks. Continue Reading
News 06 May 2022

Cryptocurrency mixer sanctioned over Lazarus Group ties

North Korea's Lazarus Group is accused of stealing more than $600 million in the Axie Infinity hack and laundering a chunk through the Blender.io mixing service. Continue Reading
News 04 May 2022

Coveware: Double-extortion ransomware attacks fell in Q1

Coveware said double-extortion ransomware may be replaced with 'big shame ransomware,' in which an attacker threatens to leak sensitive data without encrypting it. Continue Reading
Feature 03 May 2022

Cyber-war gaming: A cybersecurity tabletop exercise

Based off military war games, cyber-war gaming examines a company's security posture. Learn how it works, the readiness needed, who should be involved and more. Continue Reading
Feature 02 May 2022

Do phishing simulations work? Sometimes

Phishing simulations are becoming increasingly popular to pinpoint which employees fall victim to scams, but their effectiveness and morality have been called into question. Continue Reading
News 28 Apr 2022

Check Point: Ransomware attacks lasted 9.9 days in 2021

Check Point Research and Kovrr found ransomware attack victims paid out 89% of the ransom demand on average in 2019. The figure dropped to 27% in 2020 before rising to 49% in 2021. Continue Reading
Tip 28 Apr 2022

How enterprises can ensure NVMe security in 2.0

Today's world demands airtight security more than ever. Key NVMe security features, such as namespaces, the Lockdown command and TLS in NVMe over TCP, keep data safe. Continue Reading
News 28 Apr 2022

Phishing attacks benefiting from shady SEO practices

Cybercriminals running phishing operations are now making use of SEO specialists that break Google's rules to get themselves placed above legitimate search results to lure victims. Continue Reading
News 27 Apr 2022

Sophos: 66% of organizations hit by ransomware in 2021

Forty-four percent of organizations surveyed by Sophos said they used multiple approaches to recover data following a ransomware attack, including paying ransoms and using backups. Continue Reading
Tip 27 Apr 2022

Best practices for creating an insider threat program

A thorough insider threat program includes plan preparation, threat assessment, and plan review and renewal. Learn how to implement this three-step model to protect your company. Continue Reading
Opinion 26 Apr 2022

Data security requires DLP platform convergence

Cloud adoption, combined with an anytime, anyplace, any device workforce requires a converged data loss prevention platform to secure data -- not point products with DLP features. Continue Reading
News 25 Apr 2022

T-Mobile breached in apparent Lapsus$ attack

Lapsus$'s alleged theft of T-Mobile source code is in line with its previous activity; the cybercrime group previously stole code from Microsoft and Samsung. Continue Reading
Feature 22 Apr 2022

10 cybersecurity tips for business travelers

Don't put your sensitive information at risk when you travel. Learn how to take a few extra precautions with these cybersecurity tips. Continue Reading
News 20 Apr 2022

Kaspersky releases decryptor for Yanluowang ransomware

Kaspersky is offering users and admins a tool to decrypt data that had been locked away by the emerging Yanluowang ransomware gang, which was first revealed in December. Continue Reading
Tip 19 Apr 2022

Why companies should make ERP security a top priority

Whether your ERP system is on premises or in the cloud, it's still vulnerable, and you need to take the right measures to secure it. Here's advice on how to do just that. Continue Reading
News 18 Apr 2022

Pegasus spyware discovered on U.K. government networks

Citizen Lab confirmed it spotted the notorious spyware running on systems within the U.K. prime minister's office, and it believes the United Arab Emirates is to blame. Continue Reading
Feature 14 Apr 2022

Study attests: Cloud apps, remote users add to data loss

A study from ESG found many customers attribute data loss and compliance troubles to the race to put apps in the cloud and accommodate remote workers amid the pandemic. Continue Reading
News 12 Apr 2022

Law enforcement takedowns continue with RaidForums seizure

The hacker forum, which used to sell and purchase sensitive information including login credentials, has been dismantled, and its alleged founder was arrested and indicted. Continue Reading
Tip 11 Apr 2022

6 enterprise secure file transfer best practices

Employees can share files with the click of a button -- but don't let the efficiency fool you. Use these secure file transfer best practices to avoid exposing confidential data. Continue Reading
Tip 11 Apr 2022

What is cybersecurity mesh and how can it help you?

The concept of cybersecurity mesh could help solve and simplify issues created by multi-cloud deployments and the increase in remote work environments. Continue Reading
News 08 Apr 2022

Fin7 hacker sentenced to 5 years in prison

A Ukrainian man has been sentenced to five years in prison after being convicted as one of the primary hackers behind the notorious Fin7 financial malware ring. Continue Reading
Tip 07 Apr 2022

Pen testing guide: Types, steps, methodologies and frameworks

Penetration testing helps organizations find security vulnerabilities before hackers do. Uncover details about pen testing steps, methodologies, frameworks and standards. Continue Reading
News 05 Apr 2022

German authorities behead dark web Hydra Market

Police in Germany raided facilities hosting the infamous Hydra Market site as part of an international effort to crack down on dark web forums and marketplaces. Continue Reading
News 04 Apr 2022

Cryptocurrency companies targeted in Mailchimp breach

Cryptocurrency wallet maker Trezor revealed phishing attacks against its customers that stemmed from a breach at Mailchimp, which the email marketing firm later confirmed. Continue Reading
News 01 Apr 2022

CrowdStrike finds 'logging inaccuracies' in Microsoft 365

CrowdStrike says Microsoft's cloud offering may not be accurately taking logs of user sign-ins, and that could pose a threat to protecting networks and investigating attacks. Continue Reading
Feature 31 Mar 2022

The importance of HR's role in cybersecurity

HR teams must keep security top of mind when hiring and onboarding employees and enforcing data privacy policies. Get advice on the procedures and mechanisms to do so. Continue Reading
Feature 31 Mar 2022

Why CISOs need to understand the business

While CISOs need technical skills, business skills help them push their team's agenda and get the support and funding they need to protect their company. Continue Reading
News 30 Mar 2022

Lack of competition is driving federal budget antitrust hike

In Biden's proposed budget, the FTC would gain an additional $139 million, while the DOJ's antitrust division would see an $88 million increase. Continue Reading
Tip 29 Mar 2022

Why is document version control important?

Although best practices have changed, many organizations lack a suitable versioning strategy. Proper document version control can improve collaboration and fact-checking. Continue Reading
Guest Post 28 Mar 2022

The benefits and challenges of SBOMs

While software bills of material present new challenges for security teams, they offer the benefits of improved visibility, transparency and security. Continue Reading
Tip 25 Mar 2022

Review Microsoft Defender for endpoint security pros and cons

Microsoft wants to make Defender the only endpoint security product companies need, but does the good outweigh the bad? Read up on its features and pitfalls. Continue Reading
Podcast 25 Mar 2022

Risk & Repeat: Lapsus$ highlights poor breach disclosures

This Risk & Repeat podcast episode examines two high-profile breaches by emerging threat group Lapsus$ and how Microsoft and Okta responded to these attacks. Continue Reading
Tip 24 Mar 2022

How to overcome GDPR compliance challenges

As GDPR fines and penalties increase, organizations must prioritize compliance to avoid financial and reputational damages. Learn about the top challenges and their solutions. Continue Reading
News 24 Mar 2022

Okta provides new details on Lapsus$ attack

The authentication provider shed new light on how a customer service agent at subcontractor Sitel was hacked and then used to obtain data on hundreds of Okta clients. Continue Reading
News 23 Mar 2022

Lawsuit claims Kronos breach exposed data for 'millions'

A class-action lawsuit was filed against Ultimate Kronos Group for alleged negligence regarding a ransomware attack and private cloud breach in December. Continue Reading
News 23 Mar 2022

Microsoft confirms breach, attributes attack to Lapsus$

Microsoft disclosed it had been breached by emerging threat group Lapsus$ toward the end of a threat intelligence post dedicated to the extortion gang and its tactics. Continue Reading
News 22 Mar 2022

Lapsus$ hacking group hit authentication vendor Okta

Authentication vendor Okta is the latest tech giant to be named as a victim of the prolific Lapsus$ crew, through key details about the attack remain in dispute. Continue Reading
Tip 22 Mar 2022

Will Google kill third-party cookies?

The end of third-party cookies has been on the horizon for years. For marketers, this termination means finding new strategies and alternatives to third-party data. Continue Reading
News 21 Mar 2022

Cryptocurrency companies impacted by HubSpot breach

A compromised employee account at HubSpot led to the breach of several companies' customers in the cryptocurrency industry. Continue Reading
News 16 Mar 2022

FTC accuses CafePress of covering up 2019 data breach

The proposed FTC settlement would require CafePress' former owner to pay $500,000 in compensation to customers who were victimized in the company's 2019 data breach. Continue Reading
Tip 16 Mar 2022

10 key elements to follow data compliance regulations

Data privacy laws are changing around the world on a constant basis. These 10 elements can help keep organizations up to speed with data compliance regulations. Continue Reading
News 16 Mar 2022

Biden signs law on reporting critical infrastructure cyber attacks

President Joe Biden signed a law that requires critical infrastructure entities to report cyber attacks within 72 hours and report ransom payments in 24 hours. Continue Reading
News 15 Mar 2022

Container vulnerability opens door for supply chain attacks

A CRI-O container engine vulnerability could allow attackers to bypass security controls and take over a host system, according to CrowdStrike researchers. Continue Reading
Tip 15 Mar 2022

How endpoint encryption works in a data security strategy

Companies should use encryption to keep data on endpoints protected should an attacker successfully get hold of a device or breach enterprise security measures. Continue Reading
News 15 Mar 2022

Infosec news cycles: How quickly do they fade?

Google Trends spikes, on average, lasted a few weeks for major infosec news events like SolarWinds, Log4Shell and the Colonial Pipeline ransomware attack. Continue Reading
Tip 11 Mar 2022

How to write an information security policy, plus templates

Infosec policies are key to any enterprise security program. Read up on types of security policies and how to write one, and download free templates to start the drafting process. Continue Reading
Guest Post 11 Mar 2022

How to build a security champions program

Security champions are key to promoting and creating a security-first company. Learn how to build a security champions program using these four steps. Continue Reading
Feature 10 Mar 2022

6 potential enterprise security risks with NFC technology

Some NFC risks include payment processing fraud, eavesdropping and replay attacks. Continue Reading
News 09 Mar 2022

Researchers disclose new Spectre V2 vulnerabilities

The Spectre class of data disclosure vulnerabilities is once again at the security forefront after researchers discovered a new variant of the side-channel attack. Continue Reading
Tip 09 Mar 2022

How to check and verify file integrity

Organizations planning content migrations should verify file integrity and ensure files weren't corrupted in the move. File validation can keep critical data secure. Continue Reading
News 07 Mar 2022

Samsung breached, Nvidia hackers claim responsibility

Samsung said Galaxy device source code was stolen, but no employee or customer personal information was taken by the attackers, who appear to be with the Lapsus$ ransomware group. Continue Reading
News 04 Mar 2022

Hackers using stolen Nvidia certificates to sign malware

The recent breach of Nvidia's corporate network has resulted in the posting of valid software certificates that are now being used to spread malware in the wild. Continue Reading
Feature 04 Mar 2022

Use digital identity proofing to verify account creation

Validating users during account creation with identity proofing helps prevent data breaches but isn't without challenges. Discover how it works and concerns to address. Continue Reading
Podcast 04 Mar 2022

Risk & Repeat: Conti ransomware gang gets breached

This Risk & Repeat podcast episode covers the massive Conti leaks, including the data that was published and what it reveals about the infamous ransomware gang. Continue Reading
News 04 Mar 2022

February ransomware attacks hit major enterprises

Enterprises, colleges and municipalities in the U.S. continued to be hit by ransomware as publicly reported attacks for February piled up. Continue Reading
Feature 03 Mar 2022

How to stop malicious or accidental privileged insider attacks

How many permissions or privileges a user has will affect how big of an insider threat they are. Discover the issues surrounding privileged users and how to curtail these threats. Continue Reading
News 01 Mar 2022

Conti ransomware source code, documentation leaked

The Conti ransomware gang's primary Bitcoin address, found in the leak, showed the crime outfit has taken in over $2 billion in cryptocurrency since 2017. Continue Reading
News 28 Feb 2022

Conti ransomware gang backs Russia, threatens U.S.

The Conti ransomware gang announced last week that they were in 'full support' of Russia and would retaliate if the West attacked Russian critical infrastructure. Continue Reading
Feature 28 Feb 2022

Tips for creating a cybersecurity resume

Resumes help candidates leave an impression on potential employers. But did you know one resume often isn't enough? Learn this and other tips for creating a cybersecurity resume. Continue Reading
Feature 28 Feb 2022

How to manage imposter syndrome in cybersecurity

The imposter syndrome phenomenon is readily apparent in cybersecurity. Learn how to manage it, along with mishaps to avoid during the job hunt and other career advice. Continue Reading
Feature 28 Feb 2022

Implement API rate limiting to reduce attack surfaces

Rate limiting can help developers prevent APIs from being overwhelmed with requests, thus preventing denial-of-service attacks. Learn how to implement rate limiting here. Continue Reading
Feature 28 Feb 2022

API security methods developers should use

Developers can reduce the attack surface by implementing security early in the API development process and knowing methods to secure older APIs that can't be deprecated. Continue Reading
Tip 25 Feb 2022

Privacy-enhancing technology types and use cases

Data is key to companies' success, but maintaining its privacy and ensuring regulatory compliance is difficult. Learn about privacy-enhancing technologies that keep data protected. Continue Reading
News 24 Feb 2022

New data wiper malware hits Ukraine targets

HermeticWiper is similar to another data-wiping malware known as WhisperGate, which was used in cyber attacks against Ukraine last month. Both used ransomware as an apparent decoy. Continue Reading
News 24 Feb 2022

New tech, same threats for Web 3.0

Emerging technologies are prone to old-school social engineering attacks and credential-swiping techniques, according to Cisco Talos researchers who analyzed the new platforms. Continue Reading
Tip 23 Feb 2022

How to use PKI to secure remote network access

Public key infrastructure is a more secure option than password-based or multifactor authentication. Learn how those benefits can extend to remote employees and access. Continue Reading
News 16 Feb 2022

Kronos attack fallout continues with data breach disclosures

Employees at both public and private sector organizations had their data compromised during a December ransomware attack on Kronos that also took down payroll systems. Continue Reading
News 15 Feb 2022

Biometric technology like facial recognition is here to stay

Despite resistance, government agencies and private companies continue to use the technology. A key issue is whether people are informed about how their information will be used. Continue Reading
Tip 15 Feb 2022

Why companies need cybersecurity and cyber resilience

Companies need cybersecurity and cyber-resilience plans to not only protect against attacks, but also mitigate damage in the aftermath of a successful one. Continue Reading
Opinion 14 Feb 2022

Data storage and security make a mission-critical mix

At a time of heightened cyberthreats, IT administrators should look to improve their data storage security. There are numerous proactive ways to prepare for the next attack. Continue Reading
News 11 Feb 2022

FBI seized Colonial Pipeline ransom from DarkSide affiliate

New research from Chainalysis claims the DarkSide ransomware affiliate involved in last year's Colonial Pipeline attack also had ties to the NetWalker ransomware operation. Continue Reading
News 10 Feb 2022

Why Massachusetts' data breach reports are so high

Massachusetts discloses breaches of companies that affect just a single resident, giving the commonwealth a much larger number of 2021 incidents than other states. Continue Reading
News 09 Feb 2022

Google: 2-step verification led to 50% fewer account hacks

Google auto-enrolled more than 150 million users into two-step verification last October and mandated two-step verification for 2 million-plus YouTube accounts. Continue Reading
Guest Post 09 Feb 2022

How automated certificate management helps retain IT talent

Organizations shouldn't waste their IT pros' time on unnecessary tasks -- especially during a skills shortage. Learn about the benefits of automated digital certificate management. Continue Reading
News 08 Feb 2022

Russia continues cybercrime offensive with SkyFraud takedown

Officials in Russia have knocked the SkyFraud credit card fraud operation offline in the latest of a string of police actions against cybercriminals in the region. Continue Reading
News 07 Feb 2022

Metaverse rollout brings new security risks, challenges

When companies and users decide to adapt the technologies of the coming metaverse, they will also expose themselves to a new class of security risks and vulnerabilities. Continue Reading
News 03 Feb 2022

Cryptocurrency platform Wormhole loses $320M after attack

After a threat actor made off with 120,000 wrapped Ethereum, Wormhole said the stolen cryptocurrency had been 'restored,' but what that means remains in question. Continue Reading

1
2
3
4
5
6
7
8

Networking

How to build an SD-WAN RFP to evaluate vendors
There are key questions that belong in your SD-WAN request for proposal. Use them to better assess vendor features and ...
How network perimeters secure enterprise networks
Network perimeters serve as essential network security to block unwanted traffic. Find out how they differ from the network edge ...
5 steps to migrate from MPLS to SD-WAN
To migrate from MPLS to SD-WAN, you need a plan. Use these five steps as a guideline to avoid MPLS contract disasters, unexpected...

CIO

Tech competition with China remains top of mind for U.S.
U.S. competition with China on technology has advanced beyond legislation as the Biden administration mulls rules for limiting ...
10 key ESG and sustainability trends, ideas for companies
From consumers to employees to investors, more people are choosing companies that prioritize environmental, social and governance...
Connected product, a Bluetooth jump-rope, reflects digital shift
Crossrope faced hardware, software and marketing challenges -- along with the need to satisfy data-hungry fitness enthusiasts -- ...

Enterprise Desktop

What do the different licenses for Windows 11 come with?
Before organizations migrate to Windows 11, they must determine what the best options are for licensing. Learn about the choices ...
Top 4 unified endpoint management software vendors in 2023
UEM software is vital for helping IT manage every type of endpoint an organization uses. Explore some of the top vendors and how ...
Compare capabilities of Office 365 MDM vs. Intune
Office 365 MDM and Intune both offer the ability to manage mobile devices, but Intune provides deeper management and security. ...

Cloud Computing

Is a cloud-first strategy right for you?
A cloud-first strategy has its fair share of advantages and disadvantages. Learn how to avoid risks and build a strategy that is ...
How to use startup scripts in Google Cloud
Google Cloud lets you use startup scripts when booting VMs to improve security and reliability. Follow these steps to create your...
When to use AWS Compute Optimizer vs. Cost Explorer
AWS Compute Optimizer and Cost Explorer monitor, analyze and optimize your cloud costs. Compare the two tools to choose which is ...

ComputerWeekly.com

Goggo Network and Oxbotica team to bring autonomous deliveries to Europe
Autonomous vehicles logistics firm to introduce autonomous vehicle software developer’s operating system in its fleet of on-road ...
Anheuser-Busch InBev brews digital infrastructure with Orange
Global brewing giant partners with business services division of global telco company to help with digital transformation
Openreach hits 10 million mark for full-fibre deployment
Village in England’s smallest county sees largest network provider hit milestone as 10 millionth location for full-fibre ...

Close