Your personal health data is not only very private, but it is very valuable. Healthcare organizations across North America (and the world) are continually needing to invest in security programs that protect their patient information through physical security, technology, and managing human-led processes and workflows.Read More
Security, Passwords, Cyber Monday, Cell Phone, Juice Jacking, USB Ports, Hacker, Security Breach, Black Friday
(A friendly reminder from our RSP team on practical ways you can avoid being a target of identify theft when shopping on & offline this holiday season.)
What's Your Cellular Data (Protection) Plan?
There’s no shortage of stories from around the globe on new ways that hackers are learning to access our personal data. Important preventative measures include keeping up-to-date antivirus software, having an active firewall, and using strong passwords. Even with these controls in place, this can lead to a false sense of security.
While many of us focus on protecting laptops and computers, we often don’t stop to think about protecting our personal or work-assigned smartphones, which is exactly what criminals are counting on.Read More
Leadership, Security, Privacy, PCI, SystemAdministrators, Authentication, Passwords, PasswordComplexity, Captcha
Password complexity and authentication has always been a subject of contention both for users and system administrators. Many assume that forcing users to create more complex passwords, and changing them frequently, will lead to greater system safety - in theory this may be true. Given human nature, things rarely go as planned and research has shown that forcing users to comply with these additional requirements has actually had a detrimental effect on system security.Read More
With RSA Conference 2018 behind us, we asked Onliner Derek Nwamadi to share some of his observations from the conference floor.
This year’s RSA Conference did not disappoint. Once again attendees were treated to a great line up of presentations, events, and an always impressive expo floor. Looking back at my week at RSA, one word kept coming to
Trust; we seem to be living in an age where we are technology and data rich but trust poor.
As always, there are some technologies and buzzwords that become industry hot buttons and generally drive it for the rest of the year (more on that later).
With the European Union’s GDPR regulation coming into effect on May 25, we sat down with Online’s legal counsel/privacy consultant, Laura Sulymosi, to discuss the biggest questions being asked by organizations looking to be compliant.
As you may have heard in the news, computer researchers have recently discovered a design flaw that results in a security vulnerability in the CPU chip that powers nearly all the world’s computers, including PCs, smartphones, and data center computers. This hardware bug allows malicious programs to steal data that is being processed in the computer memory. The name given to these vulnerabilities is ‘Meltdown’ for Intel chips or ‘Spectre’ for AMD and ARM chips. The first reports were published on January 2, 2018, prior to a coordinated disclosure scheduled for the week of January 8. There is no evidence of exploitation at this time, but the publicly disclosed proof-of-concept (PoC) exploit code could result in the vulnerabilities being weaponized for malware delivery.Read More
There is a huge problem in cybersecurity. It has been festering for years and it isn’t going away anytime soon. This problem isn’t the latest zero day threat, malicious attackers, or even a rogue nation-state. There is a scarcity of cybersecurity professionals available to meet the increasing need for improved cybersecurity among businesses. The lack of qualified cybersecurity personnel has been a concern for years. Recently, the problem has intensified as organizations become more aware of their own vulnerabilities.Read More
Over the years, our team has performed thousands of penetrations tests. In the first 15 minutes of a pen test there are a handful of issues that we often discover. These issues are simple to understand and they're easy to correct, but they're almost always there. They don’t require authentication, need minimal expertise to find, and aren't the focus of the OWASP Top 10.Read More