Security
The Dangers of “Bring Your Own Device” Policies

Today, more employees find themselves working remotely than ever before. In fact, up to 42 percent of the United States’ labor force is now working from home full-time. With more employees involved in remote work, many companies are also implementing "bring your own device" (BYOD) policies, allowing workers to use their own personal devices (computers, laptops, tablets, etc.) in lieu of company-issued ones. While instituting these BYOD policies can save organizations money up-front and help employees feel more comfortable while working from home, the reality is that they also pose some major security threats. By understanding the key dangers of BYOD, organization leaders can make informed decisions regarding whether these procedures are truly in their best interests. Lost or Stolen Devices If an employee loses his or her personal smartphone, this can become an instant security risk – especially if they were using it to check work emails, log into company server

Read more
Top Security Threats for eCommerce Websites & How to Prevent Them

No matter what type of business you run, the last thing you need is to face a web attack or data breach. These events can cost your company big time, both in terms of lost business and a tarnished reputation. However, attacks on eCommerce sites can be especially troubling, as they often prevent you from making sales and can harm your bottom line. Unfortunately, eCommerce websites are prone to web attacks due to the sensitive information their servers tend to store. This includes customer credit card data and other payment information. There are three types of attacks that are especially common on eCommerce sites: phishing attacks, DDoS attacks, and malware attacks. By understanding each type and how to prevent them, you can keep your customers' sensitive data safe and protect your company's reputation. 1. Phishing Attacks A phishing attack occurs when a hacker creates an email address that appears to

Read more
Using Deception Technology to Defend Against Cyber-Attacks

Web attacks can be devastating for businesses of all sizes – and with today's attackers using more sophisticated technology than ever, it's important for site owners and administrators to be on high alert. Of course, there are some simple best practices you can follow to defend your site against cyber-attacks. Beyond that, however, more advanced strategies like deception technology can give you even more protection and peace of mind. Let’s take a closer look at deception technology and how it’s used to thwart cybercrime. What Is Deception Technology? Deception technology refers to a cybersecurity strategy that involves creating a decoy server that is separate from your site's actual infrastructure. From there, attackers are permitted to gain access to the decoy environment while site owners track their activity. Site owners and admins can then use this information to strengthen security on their legitimate networks to prevent further attacks. Meanwhile, hackers don’t realize they've actually gained access

Read more
Thanos Ransomware: Everything You Need to Know

In January of 2020, cybersecurity researchers discovered a new type of ransomware known as "Thanos." This Ransomware-as-a-Service (RaaS) tool has been documented as the first to use RIPlace, a Windows file system technique, to carry out attacks. With so many types of attacks on the web these days, it can be difficult to keep up with the latest threats. However, Thanos ransomware is something that should be on everyone’s radar, whether you run your own website or are a daily web user. By having a better understanding of what this ransomware is and how to avoid it, you can keep your information and devices safe. What Is Thanos Ransomware? Compared to other forms of ransomware, Thanos is a bit unique in the sense that it’s positioned as a Ransomware-as-a-Service tool. This essentially means that hackers who want to utilize it for financial gain can actually purchase a subscription that includes everything they

Read more
Video Conferencing Apps: Top Security Risks & How to Mitigate Them

Many businesses are turning to video conferencing applications like Zoom and Skype to communicate while Coronavirus restrictions prevent face-to-face meetings from happening. And while these tools have been a lifesaver for some organizations, no video conferencing software is without its potential security risks. However, the good news for businesses of all sizes is that there are many steps you can take to optimize video conferencing security, protect sensitive information, and keep employees safe. Let’s take a look! Understanding Video Conferencing Security Risks Unfortunately, there are a number of risks that accompany the use of video conferencing platforms like Skype and Zoom. For example, there has been an increase in malware files being found on these apps. This means that when employees use the video platform, they could be downloading malicious files in the process. And if these same team members are using work computers that are connected to your company's servers, it's easy

Read more
Cybersecurity Best Practices for Remote Work

Over the course of the last few months, many businesses have had to shift the majority of their positions to work-from-home roles. Unfortunately, this transition has also resulted in an increase in online scams aimed at unsuspecting remote workers. Phishing schemes and cyber-attacks are on the rise, and some organizations have experienced devastating security breaches.  Considering the current state of the digital world, it’s more important than ever to implement some cybersecurity best practices to protect your data while employees are working from home. Let’s take a closer look at some essential best practices to follow. Provide the Right Training Begin by making sure that your work-from-home employees are educated on the different types of web attacks and how to identify them. You should never assume that your team members understand these threats, how they work, or what precautions to take to prevent them. One specific attack to educate your employees

Read more
Cloud Server Attacks Are on the Rise: Why Now Is the Time to Switch to Dedicated Hosting

Every year, Trustwave publishes a Global Security Report that provides valuable insights into cybercrime trends and statistics worldwide. The 2020 report was made available in April and revealed some interesting (yet troublesome) findings within the world of cloud hosting and other related services. Based on these Trustwave Global Security Report findings, it’s more important than ever for website owners and administrators to evaluate their security practices and consider making the switch to a dedicated hosting plan. The Risk of Using Cloud-Based Services According to the 2020 Trustwave report, web attacks on cloud services more than doubled in 2019 alone, making the cloud the third-largest target for cybercriminals. Because cloud hosting makes up such a large part of these services, website owners who utilize this type of hosting plan are especially at risk. Relying on the cloud to host your organization’s website, email, or other services poses a variety of security concerns in

Read more
Advanced Persistent Threats: What Are They & How Can You Prevent Them?

Today’s digital environment is accompanied by a series of threats. Nearly every day, major organizations are impacted by data breaches, hackers, and other types of attacks. Therefore, it's important for all businesses to follow some cybersecurity best practices to keep their information safe. This is especially true when it comes to a relatively new type of attack known as an advanced persistent threat (APT). An APT is a carefully targeted attack that typically occurs over an extended period of time on a business network. Hackers in an APT attack will "lurk" undetected while gaining access to sensitive files and other information, using advanced tools along the way. The repercussions of an APT attack can be severe. However, by knowing the signs of advanced persistent threats and how to protect your data, you can keep your business safe. Recognizing the Signs of an APT There are a few red flags to watch for

Read more
How to Protect Your Business or Website from Application Layer Attacks

It's no secret by now that distributed denial of service (DDoS) attacks can wreak havoc on a business or website, using an influx of fake web traffic to take down a server. What a lot of people don't realize, though, is that not all DDoS attacks are carried out in the same way. Specifically, there are three main types of DDoS attacks: volumetric, protocol, and application layer. Recently, there has been an increase in the recorded sizes and instances of application layer attacks. In fact, one study estimated that more than half of reported DDoS attacks in 2017 consisted of this type. By having a better understanding of what an application layer attack is and how it works, you can take the proper measures to protect your site. What Are Application Layer DDoS Attacks? Specifically, an application layer attack refers to a type of DDoS attack that targets domain name servers (DNS),

Read more
DDoS Protection in the Healthcare Industry: Key Considerations

No matter what industry you find yourself in, the fact remains that keeping your data secure and your website up-and-running is important. In the medical industry, however, this is especially vital. Unfortunately, there has been a recent rise in the number of distributed denial of service (DDoS) attacks carried out against healthcare providers, especially on patient portals that users rely on to receive medical information, schedule appointments, and more. By having a better understanding of the unique challenges that healthcare organizations face on the web, you can take steps to protect your own business. Unique Security Challenges for the Healthcare Industry Health records are protected by the Health Insurance Portability and Accountability Act (HIPAA), which was passed and implemented nationwide in 1996. This law requires healthcare organizations to take certain measures to protect their patients' health records and other sensitive data – imposing serious penalties and fines for organizations that fail to

Read more