10

Dec 2018

Moving from Threat Intelligence Consumer to Producer

Most organizations are threat intelligence consumers, purchasing or collecting publicly available information about current cybersecurity threats. In this article, we discuss the value of becoming a threat intelligence producer and how an organization can do so with minimal in-house cybersecurity resources. What is Threat Intelligence? Threat intelligence is a term generally used to mean “any useful information for detecting and protecting against cyberattacks”.  Examples include...

Read More


04

Dec 2018

Using Application Whitelisting to Stop Malware

Phishing attacks are one of the most common methods that attackers use to breach organizational defenses and gain access to the protected network. In many cases, the purpose of the phishing attack is to execute malicious software on the target computer. Developing and enforcing an application whitelist is one way that organizations can dramatically decrease the threat that these phishing attacks pose to their corporate...

Read More


03

Dec 2018

Four Ways to Protect Against Insider Threats

Most cybersecurity defenses and strategies are focused on external threats in an effort to make access costlier for a hacker than the value of what they can obtain. However, developing ways to protect against insider threats is an essential part of an organization’s cybersecurity posture. The Internal Threat Landscape Most organizations are focused on the prospect of external threats. Basic security is perimeter-focused, meaning that the primary...

Read More


12

Nov 2018

Hacking Humans: The Social Engineering Threat

When most people think of cyberattacks and the social engineering threat, they picture a scene from an action movie in which a teenage computer whiz spends thirty seconds furiously typing on a computer keyboard and gaining complete access to the Pentagon’s databases. In the real world, this isn’t how hacking actually works. The good news is that hacking the Pentagon is a lot harder than...

Read More


05

Nov 2018

The Importance of Configuration Standards for Regulatory Compliance

Developing and implementing strong configuration standards for regulatory compliance is an important aspect of an organization’s cybersecurity strategy. Privacy regulations commonly require configuration standards. Therefore, knowing how to create strong ones is an important part of achieving and maintaining regulatory compliance for frameworks such as HIPAA/HITECH, PCI DSS, and NIST. What Are Regulatory Compliance Configuration Standards? All technology comes with a default configuration and, in...

Read More


29

Oct 2018

Minimizing Permissions to Improve Cybersecurity

Minimizing permissions for end user account access by assigning appropriate access levels and setting up account separation is an important aspect of building a cybersecurity program. Admittedly, this can present a challenge in workload and regarding pleasing your end users. The requirement for some users to have multiple accounts increases the burden on the security team for account management. It can also interrupt workflow for...

Read More


29

Oct 2018

Patch Management: Why it’s Important for CyberSecurity

A good patch management strategy is commonly listed as one of the basics of an organizational cybersecurity strategy. In this post, we discuss the importance of strong patch management and how to implement a good patch management strategy. What Is Patch Management? All software has bugs. Whether these are caused by design flaws or implementation flaws, the sheer amount of code in systems that we...

Read More


18

Oct 2018

GDPR Regulators Announce Fines Coming by Year’s End

Recently, an announcement was made stating that the first GDPR fines will be levied before the end of 2018. This article describes what the announcement means and how it can affect your organization. The GDPR Regulation On May 25, 2018, the General Data Privacy Regulation (GDPR) went into effect in the European Union. The purpose of this regulation is to protect the privacy of EU...

Read More


10

Oct 2018

Does HIPAA Apply to Me?

Over the course of Sword & Shield’s years of HIPAA compliance consulting, we have been asked many times, “Does HIPAA apply to me?” In this post, we describe how your organization can determine whether or not you are required to be compliant with the HIPAA regulations for privacy and security of protected health information (PHI). Introduction to HIPAA The Health Insurance Portability and Accountability Act (HIPAA)...

Read More


02

Oct 2018

Why Sharing Credentials is Dangerous and How to Stop It

In many cases, sharing your access credentials to a computer or software doesn’t seem like that big of a deal. If you’re in a hurry or out of the office, sharing credentials can allow someone else to give you a hand by performing a simple task or checking something for you. If the other person has the same level of access as you (like having...

Read More



Page 1 of 2312345...1020...Last »