Data security and privacy

Secure data storage, data loss prevention and encryption are must-have components of any enterprise security strategy, especially as data threats and breaches become increasingly common. Get advice on these topics, along with the latest data security strategies, data backup and recovery info, and more.

Top Stories

News 20 Mar 2023
FBI arrests suspected BreachForums owner in New York

The BreachForums arrest occurred days after DC Health Link's data went up for sale on the dark web message board, though the affidavit did not cite the breach in the arrest. Continue Reading
Tip 16 Mar 2023
How to approach data loss prevention in virtual servers

As security risks evolve, organizations are turning to data loss prevention tools and methods to combat external and internal risks. Learn how to get started with DLP. Continue Reading

Feature 02 Feb 2022

A day in the life of a cybersecurity manager

The role of a cybersecurity leader is often misunderstood. Experience a day in the life of a cybersecurity manager with this breakdown of a security leader's typical schedule. Continue Reading
Feature 02 Feb 2022

Top cybersecurity leadership challenges and how to solve them

Security isn't always a top business priority. This creates challenges for the cybersecurity managers and teams that hope to integrate security into their company's agenda. Continue Reading
News 02 Feb 2022

SolarMarker malware spread through advanced SEO poisoning

Sophos discovered SolarMarker malware was being distributed through fake SEO-focused topics in Google Groups, as well as malicious PDF files. Continue Reading
Feature 31 Jan 2022

How to prepare for malicious insider threats

Stopping malicious insider threats is just as important as preventing external ones. Uncover what to look for and strategies to prevent insider threats before they cause damage. Continue Reading
Feature 31 Jan 2022

Include defensive security in your cybersecurity strategy

Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help. Continue Reading
News 31 Jan 2022

Emsisoft releases DeadBolt ransomware decryption tool

Emsisoft's DeadBolt ransomware decryption tool fixes broken decryptor keys issued by threat actors, and works only if the victim has paid the ransom and received a key. Continue Reading
Tip 31 Jan 2022

8 best practices for blockchain security

In a world of decentralized record-keeping, remember all emerging technologies come with their own security risks. Follow these eight best practices to minimize the risk. Continue Reading
Tip 28 Jan 2022

Protect APIs against attacks with this security testing guide

API security cannot be overlooked. Learn how security testing can detect API vulnerabilities and weaknesses before attackers can take advantage of them. Continue Reading
Podcast 28 Jan 2022

Risk & Repeat: The complicated world of Monero

This Risk & Repeat podcast episode looks at the state of Monero, a privacy-focused cryptocurrency, as well as recent cyber attacks against crypto exchanges. Continue Reading
Feature 28 Jan 2022

4 data privacy predictions for 2022 and beyond

Data privacy will continue to heat up in 2022. From regulations to staffing to collaboration, will these data privacy predictions come to fruition in the next 12 months and beyond? Continue Reading
News 26 Jan 2022

DeadBolt ransomware targeting QNAP NAS storage devices

In addition to DeadBolt, QNAP NAS users have had to deal with multiple types of ransomware in recent months, including Qlocker and eCh0raix. Continue Reading
Tip 26 Jan 2022

Integrating zero-trust practices into private 5G networks

One of the first steps in deploying a technology is protecting it from potential security threats. Learn how to secure a private 5G network with zero-trust security practices. Continue Reading
News 24 Jan 2022

Monero and the complicated world of privacy coins

Monero is known for being one of the most common cryptocurrencies seen in illicit transactions, but its development community paints a different picture of the privacy coin. Continue Reading
Tip 21 Jan 2022

How to start implementing passwordless authentication today

Everyone is tired of passwords, but a truly passwordless world isn't quite there yet. Learn what options companies currently have to implement passwordless authentication. Continue Reading
Guest Post 21 Jan 2022

5 infosec predictions for 2022

If the predictions are correct, 2022 will be another groundbreaking year for information security. Have a look at the security forecast for the next 12 months. Continue Reading
News 18 Jan 2022

Ransomware actors increasingly demand payment in Monero

Though Bitcoin is still the cryptocurrency standard in ransomware payment demands, Monero has gained prominence due to its more private, less traceable technology. Continue Reading
News 18 Jan 2022

Police seize VPN host allegedly facilitating ransomware

VPNLab is accused of facilitating cybercrime including ransomware and malware distribution, and its services were allegedly advertised on the dark web. Continue Reading
Guest Post 13 Jan 2022

Is ransomware as a service going out of style?

Increased government pressure has backed many ransomware gangs into a corner, in turn forcing attackers to replace the ransomware-as-a-service model with a smash-and-grab approach. Continue Reading
News 12 Jan 2022

New RAT campaign abusing AWS, Azure cloud services

Cisco Talos discovered threat actors taking advantage of public cloud services to spread remote administration tools such as NanoCore, NetWire and AsyncRAT. Continue Reading
Guest Post 11 Jan 2022

Endpoint security is nothing without human operators

The growing threat landscape has made endpoint security more important than ever. Deploying an endpoint security platform without the proper staff, however, is simply not enough. Continue Reading
Tip 10 Jan 2022

Allowlisting vs. blocklisting: Benefits and challenges

Allowlisting and blocklisting are key components of access control. Learn the benefits and challenges of each approach and why a combination of the two is often the best strategy. Continue Reading
Tip 10 Jan 2022

3 areas privacy and cybersecurity teams should collaborate

Organizations can get a lot of value by having their privacy and cybersecurity teams work closely together. Collaborating on compliance objectives is just one benefit. Continue Reading
Opinion 06 Jan 2022

IoT ethics must factor into privacy and security discussions

With the adoption of IoT devices, consumers voluntarily trade privacy for the convenience of instant connectivity. Organizations must consider the ethics of their data collection. Continue Reading
News 05 Jan 2022

NY AG's credential stuffing probe finds 1M exposed accounts

The threat of credential stuffing attacks prompted an investigation by the New York Attorney General, which found stolen passwords for customer accounts across 17 companies. Continue Reading
News 05 Jan 2022

FTC warns companies to mitigate Log4j vulnerability

In a blog post about the critical Log4Shell vulnerability, the FTC mentioned 2017's Equifax breach and the legal consequences that followed. Continue Reading
Feature 04 Jan 2022

Is quantum computing ready to disrupt cybersecurity?

Quantum computing isn't here yet, but now is the time for companies to start considering how it may affect their business -- both negatively and positively -- in the next decade. Continue Reading
Tip 04 Jan 2022

7 API security testing best practices, with checklist

APIs are an increasingly common attack vector for malicious actors. Use our API security testing checklist and best practices to protect your organization and its data. Continue Reading
Feature 29 Dec 2021

Editor's picks: Top cybersecurity articles of 2021

As we call it a wrap on 2021, SearchSecurity looks at the top articles from the last 12 months and their sweeping trends, including ransomware, career planning and more. Continue Reading
Feature 28 Dec 2021

Types of cybersecurity controls and how to place them

A unilateral cybersecurity approach is ineffective in today's threat landscape. Learn why organizations should implement security controls based on the significance of each asset. Continue Reading
Feature 28 Dec 2021

Top infosec best practices, challenges and pain points

Weak infosec practices can have irrevocable consequences. Read up on infosec best practices and challenges, as well as the importance of cybersecurity controls and risk management. Continue Reading
Tip 21 Dec 2021

Cybersecurity teamwork: C-suite roles CIOs should befriend

To strengthen organizational cybersecurity, CIOs must work closely with other leaders. Learn why it's important to loop in the CEO, CFO and chief human resources officer. Continue Reading
Tip 21 Dec 2021

Fortify security with IoT data protection strategies

It's only a matter of time before attackers target IoT data. Organizations must be ready with IoT data security best practices, including data encryption and visibility. Continue Reading
News 20 Dec 2021

5 Russians charged in hacking, illegal trading scheme

A group of hackers based in Russia and tied to the GRU stand accused of breaking into companies and using confidential data to profit from illegal stock trades. Continue Reading
Tip 20 Dec 2021

Call center security best practices to protect customer data

If customers know an organization can keep their data safe, they have more positive experiences. These best practices can help establish trust and keep data safe in call centers. Continue Reading
News 20 Dec 2021

Apple v. NSO Group: How will it affect security researchers?

While the full extent of impact won't be revealed until the lawsuit concludes, negative impacts on security researchers are possible. Continue Reading
Tip 14 Dec 2021

Use these 6 user authentication types to secure networks

One layer of security that all networks and applications need is authentication. Read up on six authentication types, from 2FA to biometrics to certificates. Continue Reading
Tip 14 Dec 2021

4 API authentication methods to better protect data in transit

The API attack surface isn't always well protected. Learn about the authentication methods your company can use to secure its APIs. Continue Reading
Tip 13 Dec 2021

Why you need an email security policy and how to build one

Companies must have an effective security policy in place to keep email protected from cybercriminals and employee misuse. Learn the best route to build one for your company. Continue Reading
News 10 Dec 2021

Dark web posts shed light on Panasonic breach

A network breach at Japanese electronics giant Panasonic was possibly set up as far back as January, according to researchers who were monitoring dark web forums. Continue Reading
Guest Post 10 Dec 2021

The business benefits of data compliance

Beyond appeasing auditors and avoiding fines, data compliance offers several business benefits. Discover how data compliance can build trust and improve publicity. Continue Reading
Tip 10 Dec 2021

Cybersecurity employee training: How to build a solid plan

Cybersecurity training often misses the mark, while threats continue to grow. Succeed where others have failed by keeping training fresh, current and real. Here's how. Continue Reading
Feature 08 Dec 2021

Is a passwordless future getting closer to reality?

Industry analysts offer predictions on the future of passwordless authentication and whether we'll ever truly get rid of one of security's weakest links. Continue Reading
News 07 Dec 2021

BadgerDAO users' cryptocurrency stolen in cyber attack

Following last week's attack, BadgerDAO sent the threat actor a message, offering to 'compensate' the individual for finding a vulnerability in the company's systems. Continue Reading
News 06 Dec 2021

BitMart the latest crypto exchange to suffer cyber attack

BitMart, which describes itself as the 'most trusted crypto trading platform,' confirmed it was the victim of an attack where $150 million in assets were stolen. Continue Reading
Tip 06 Dec 2021

Top blockchain security attacks, hacks and issues

These five factors have created issues for the blockchain security landscape. Learn more about blockchain hacks and attacks and how they will affect the future of Web3. Continue Reading
Tip 03 Dec 2021

Top 3 information security strategy essentials CIOs need

Cybersecurity is more important than ever before as hackers get more aggressive and vulnerabilities grow. Learn how to approach it in the right way and why getting alignment is so key. Continue Reading
News 02 Dec 2021

Former Ubiquiti engineer arrested for inside threat attack

Nickolas Sharp is accused of attacking his former employer, stealing confidential data and attempting to extort the company into paying him approximately $2 million. Continue Reading
Tip 30 Nov 2021

How to create a company password policy, with template

Use these guidelines and our free template to ensure your company's password policy sets the ground rules for strong and effective password creation and use. Continue Reading
Feature 29 Nov 2021

The components and objectives of privacy engineering

Privacy engineering helps organizations balance business and privacy needs, while mitigating the impact of data breaches. Learn about its components and objectives. Continue Reading
Feature 29 Nov 2021

The intersection of privacy by design and privacy engineering

Data privacy concerns are widespread. Privacy by design and privacy engineering help organizations balance privacy with utility and usability. Learn how. Continue Reading
News 23 Nov 2021

Apple files lawsuit against spyware vendor NSO Group

Apple sued the Israeli technology vendor, whose Pegasus spyware has been implicated in several malicious attacks on journalists, activists and government officials. Continue Reading
News 22 Nov 2021

GoDaddy discloses breach of 1.2M customer account details

Web hosting provider GoDaddy said an attacker broke into its Managed WordPress service and accessed the account details and SSL keys of 1.2 million customers. Continue Reading
News 22 Nov 2021

Cryptocurrency exchange BTC-Alpha confirms ransomware attack

While it is common for threat actors to use cryptocurrency platforms to move and obfuscate ransom payments, this time an exchange platform was the victim of such an attack. Continue Reading
Tip 22 Nov 2021

Top 5 password hygiene tips and best practices

Passwords enable users to access important accounts and data -- making them attractive targets to attackers, too. Follow these password hygiene tips to keep your organization safe. Continue Reading
Answer 22 Nov 2021

What are the most important email security protocols?

Email was designed without security considerations, but these top email security protocols add mechanisms to keep messaging safe from threats. Continue Reading
Guest Post 15 Nov 2021

Reduce the risk of cyber attacks with frameworks, assessments

Don't rely on a compliance mandate to reduce the risk of cyber attacks or on a cyber insurer to cover an attack's aftermath. Assessments and frameworks are key to staying safe. Continue Reading
News 11 Nov 2021

Aruba Central breach exposed customer data

HPE-owned Aruba Networks said one of its cloud databases was accessed by hackers who were able to make off with location and telemetry data for its customers' Wi-Fi gear. Continue Reading
Guest Post 10 Nov 2021

4 concepts that help balance business and security goals

The goal of enterprise security is to maintain connectivity, while remaining protected. Use these four concepts to balance business and security goals. Continue Reading
Guest Post 03 Nov 2021

To improve resilience, augment zero-trust models

Zero-trust models are a start, but to improve resilience, they should be augmented and extended to include verification procedures, supply chain security and open source software. Continue Reading
News 02 Nov 2021

FBI: Ransomware gangs using financial info to target companies

The FBI assessed that ransomware threat actors are likely using information like mergers, acquisitions and stock valuations to determine vulnerable enterprise targets. Continue Reading
News 28 Oct 2021

Hackers upping SSL usage for encrypted attacks, communications

A report from cloud security vendor Zscaler found that cybercriminals are using secure connections to evade detection while carrying out network attacks. Continue Reading
News 28 Oct 2021

Twitter details internal Yubico security key rollout

Following last year's breach, Twitter obtained 100% security key enrollment from its 5,500 internal employee accounts within a month of the cutover date. Continue Reading
News 25 Oct 2021

SolarWinds hackers attacking more IT supply chain targets

According to Microsoft, the Russian threat group known as Nobelium has already compromised 14 technology service providers across the United States and Europe. Continue Reading
News 18 Oct 2021

Sinclair Broadcast Group suffers ransomware attack, breach

The media giant disclosed a ransomware attack Monday that caused massive disruptions across networks and saw threat actors obtain corporate data. Continue Reading
News 14 Oct 2021

Google digs into Iran's APT35 hacking group

Covert phishing tactics and cleverly disguised notifications are among the calling cards of the increasingly sophisticated operation aimed at Iran's opponents. Continue Reading
Tip 14 Oct 2021

What is attack surface management and why is it necessary?

Attack surface management approaches security from the attacker's perspective. Discover how ASM can help better secure your organization's sprawling assets and resources. Continue Reading
News 08 Oct 2021

Senators want FTC to enforce a federal data security standard

U.S. Senators debated creating federal data privacy and security standards and providing the FTC with enough resources to enforce them. Continue Reading
News 06 Oct 2021

Twitch confirms data breach following massive leak

Leakers claim to have stolen almost 6,000 internal Git repositories, including 'the entirety of Twitch.tv' and content creator payouts. Continue Reading
News 23 Sep 2021

Autodiscover flaw in Microsoft Exchange leaking credentials

Guardicore found that exploiting a design flaw in Autodiscover allowed it to capture more than 372,000 Windows domain credentials and nearly 97,000 unique application credentials. Continue Reading
Feature 14 Sep 2021

SolarWinds CEO: Breach transparency 'painful' but necessary

SolarWinds CEO Sudhakar Ramakrishna discusses his company's ongoing breach investigation, shares lessons learned from the attack and cautions IT pros on zero trust. Continue Reading
News 31 Aug 2021

SEC sanctions financial firms for cybersecurity failures

Three financial services firms were charged with failing to implement proper cybersecurity policies after cyber attacks led to the exposure of customer data. Continue Reading
News 18 Aug 2021

T-Mobile breach exposes data for more than 40M people

The telecom giant confirmed reports that its network was breached by a threat actor who stole personal data on more than 40 million current, former and prospective customers. Continue Reading
News 16 Aug 2021

FBI watchlist exposed by misconfigured Elasticsearch cluster

A terrorist watchlist was found in an exposed database, and security researcher Bob Diachenko says there is no way of knowing just how long it was open to the public. Continue Reading
News 12 Aug 2021

Months after the Accellion breach, more victims emerge

The Accellion breach occurred last December, but more victims have come to light in recent weeks as investigations, notifications and disclosures stretch on through the summer. Continue Reading
News 11 Aug 2021

Accenture responds to LockBit ransomware attack

The LockBit ransomware crew claims to have stolen data from IT services and consulting giant Accenture, but the company said no customer systems were affected in the attack. Continue Reading
News 09 Aug 2021

'ProxyShell' Exchange bugs resurface after presentation

A critical vulnerability in Microsoft Exchange is once again making the rounds with attackers, following a Black Hat presentation from the researcher who found it. Continue Reading
Answer 06 Aug 2021

Is bitcoin safe? How to secure your bitcoin wallet

As bitcoin use increases, so too have the number of cyber attacks on cryptocurrency exchanges and wallets. Learn how to keep bitcoin use secure. Continue Reading
News 05 Aug 2021

Hackers build a better timing attack to crack encryption keys

A new technique for cracking encryption keys can overcome the limitations of popular timing attacks by analyzing network packets, according to researchers at Black Hat 2021. Continue Reading
Guest Post 16 Jul 2021

4 healthcare risk management tips for secure cloud migration

From improving the security posture and updating threat modeling to securing cloud data, learn about four risk management tips for healthcare organizations migrating to cloud. Continue Reading
News 14 Jun 2021

Accellion breach raises notification concerns

Victims of the breach continue to emerge, and one customer said it could have acted sooner, but a critical alert about a zero-day never left Accellion's email system. Continue Reading
News 11 Jun 2021

Securolytics COO charged in Georgia hospital cyber attack

Details on the cyber attack are scarce, but according to the indictment, Vikas Singla allegedly attempted to steal data and disrupt the hospital's phone system. Continue Reading
Tip 11 Jun 2021

5 steps to achieve a risk-based security strategy

Learn about the five steps to implement a risk-based security strategy that will help naturally deliver compliance as a consequence of an improved security posture. Continue Reading
News 02 Jun 2021

ExaGrid revealed as latest Conti ransomware casualty

The data backup vendor appears to have paid a $2.6 million ransom after Conti threat actors breached its corporate network and stole internal documents. Continue Reading
News 26 May 2021

US agencies lack supply chain best practices post-SolarWinds

Vijay D'Souza, the GAO's director of IT and cybersecurity, said during a joint hearing that 'none of the agencies have fully implemented our recommendations.' Continue Reading
Quiz 25 May 2021

Cryptography quiz questions and answers: Test your smarts

Put your encryption knowledge to the test, and perhaps even learn a new word or concept in the process with these cryptography quiz questions. Continue Reading
News 18 May 2021

Attorneys share worst practices for data breach response

Angry emails, bad jokes and sloppy reports can all lead to legal headaches following a data breach, according to a panel of experts at RSA Conference 2021. Continue Reading
News 13 May 2021

Verizon DBIR shows sharp increase in ransomware attacks

According to Verizon's latest Data Breach Investigations Report, 60% of ransomware cases involved either direct installation or installation via desktop sharing software. Continue Reading
News 12 May 2021

Funding is key to strengthening national cybersecurity

In the wake of the Colonial Pipeline ransomware attack, national cybersecurity experts make the case for additional funding during a Senate hearing. Continue Reading
News 28 Apr 2021

Codecov breach raises concerns about software supply chain

So far, only HashiCorp has disclosed a breach connected to the attack on Codecov, but threat researchers have drawn parallels to the SolarWinds supply chain attacks. Continue Reading
Guest Post 28 Apr 2021

Cybersecurity key to protect brands in the digital landscape

The digital transformation disrupted the relationship between brand value and risk. Vishal Salvi explains how the right cybersecurity strategy protects both brands and customers. Continue Reading
News 27 Apr 2021

Rise in ransom payments may fuel more dangerous attacks

A new report from Coveware found that ransom payments increased significantly in Q1 this year, as did ransomware actors' use of software vulnerabilities in attacks. Continue Reading
Guest Post 16 Apr 2021

Companies must train their SOC teams well to prevent breaches

SOC teams can have all the latest and greatest cybersecurity tools, but unless they have the proper training, it won't be enough to mitigate an attack. Continue Reading
Guest Post 07 Apr 2021

Utilizing existing tech to achieve zero-trust security

A zero-trust security model can immediately be used to address current gaps and provide a secure foundation for managing risk going forward, from both internal and external threats. Continue Reading
Quiz 30 Mar 2021

Data loss prevention quiz: Test your training on DLP features

Data loss prevention tools can help infosec manage insider threat, shadow IT and compliance initiatives. Test your know-how with this DLP quiz. Continue Reading
News 25 Mar 2021

Cyber insurance company CNA discloses cyber attack

Though the nature of the cyber attack is unclear, CNA confirmed the attack caused a network disruption and affected systems such as corporate email and the company's website. Continue Reading
Guest Post 18 Mar 2021

3 ways CISOs can align cybersecurity to business goals

To work effectively with the C-suite, CISOs can take three steps to align business goals with cybersecurity needs to reduce risk, guest contributor Mike McGlynn advises. Continue Reading
News 16 Mar 2021

Timeline of Microsoft Exchange Server attacks raises questions

Multiple security vendors reported that exploitation of the Microsoft Exchange Server zero-days began well before their disclosure, but researchers are at a loss to explain why. Continue Reading
Guest Post 11 Mar 2021

How security teams can prepare for advanced persistent threats

Daniel Clayton explains how any organization can devise its cybersecurity strategy to account for advanced persistent threats, which have started changing the threat landscape. Continue Reading
News 25 Feb 2021

Vastaamo breach, bankruptcy indicate troubling trend

The blackmailing of patients directly, as well as the resulting bankruptcy of Vastaamo Psychotherapy Centre, could single a shift in cyber crime tactics. Continue Reading
Tip 25 Feb 2021

3 post-SolarWinds supply chain security best practices

Following the devastating SolarWinds breach, IT leaders should renew their focus on third-party risk management. Start by implementing supply chain security best practices. Continue Reading

1
2
3
4
5
6
7
8

Networking

5 steps to migrate from MPLS to SD-WAN
To migrate from MPLS to SD-WAN, you need a plan. Use these five steps as a guideline to avoid MPLS contract disasters, unexpected...
Follow these 9 steps for SD-WAN testing before deployment
Before an SD-WAN implementation, you'll want to run the system through a battery of tests to check for things like failover, ...
Configure NIC teaming in Windows Server
NIC teaming maximizes network bandwidth and provides redundancy benefits. These steps guide users through NIC teaming ...

CIO

Tech competition with China remains top of mind for U.S.
U.S. competition with China on technology has advanced beyond legislation as the Biden administration mulls rules for limiting ...
10 key ESG and sustainability trends, ideas for companies
From consumers to employees to investors, more people are choosing companies that prioritize environmental, social and governance...
Connected product, a Bluetooth jump-rope, reflects digital shift
Crossrope faced hardware, software and marketing challenges -- along with the need to satisfy data-hungry fitness enthusiasts -- ...

Enterprise Desktop

What do the different licenses for Windows 11 come with?
Before organizations migrate to Windows 11, they must determine what the best options are for licensing. Learn about the choices ...
Top 4 unified endpoint management software vendors in 2023
UEM software is vital for helping IT manage every type of endpoint an organization uses. Explore some of the top vendors and how ...
Compare capabilities of Office 365 MDM vs. Intune
Office 365 MDM and Intune both offer the ability to manage mobile devices, but Intune provides deeper management and security. ...

Cloud Computing

Is a cloud-first strategy right for you?
A cloud-first strategy has its fair share of advantages and disadvantages. Learn how to avoid risks and build a strategy that is ...
How to use startup scripts in Google Cloud
Google Cloud lets you use startup scripts when booting VMs to improve security and reliability. Follow these steps to create your...
When to use AWS Compute Optimizer vs. Cost Explorer
AWS Compute Optimizer and Cost Explorer monitor, analyze and optimize your cloud costs. Compare the two tools to choose which is ...

ComputerWeekly.com

Nordics move towards common cyber defence strategy
Nordic countries agree to work together to improve their cyber defences amid increasing threat
MPs explore how to expand quantum computing in business
Commons Science and Technology Committee is looking for evidence of where the UK’s new quantum strategy needs improvement
Riedel Networks, Kalaam collaborate to connect motorsports
Digital services firm teams with international customised network provider to support real-time data transfer and broadcasting ...

Close