Patrick Smith
Some of my favorite articles about cybersecurity.
Universities and other higher education establishments are at risk of data breaches and possible malware threats , the same as all big organisations. From any cyber criminals perspective, schools and universities represent a big target. Personal and financial data within university data systems are very valuable to cyber criminals.
Our OpenDNS web filter review focuses on the advantages and disadvantages of using the Professional version of the Cisco Umbrella service to protect networks, data, and users from web-borne threats such as malware, ransomware, and phishing.
Email retention laws in the United States require companies to maintain copies of emails for many years. There are federal laws applying to all companies and groups, data retention laws for specific industries, and a swathe of email retention laws in the United States at the individual state level. Ensuring compliance with all the proper email retention laws in the United States is vital. Non-compliance can prove incredibly expensive Multi-million-dollar fines await any group found to have breached federal, industry, or state regulations.
SpamTitan for Office365 is a powerful email spam filter for Office 365 that blocks 99.9% of email spam and protect from phishing and malware
Many businesses are now transitioning to the cloud and one of the first services to be moved is usually email. With email already in the cloud, it makes perfect sense for cloud spam filtering services to be used to protect against email threats such as phishing and malware.
Traditionally, spam filtering has been performed on premises, either through a dedicated spam filtering appliance or a virtual appliance – A software solution housed on a virtual machine on existing hardware. Cloud spam filtering – or spam filtering-as-a-service – sees all filtering take place in the cloud. This provides several advantages over more traditional spam filtering options.
During 2020 the healthcare sector has been constant focus of ransomware groups, but the education sector is also dealing with a rise in attacks, with the Pysa (Mespinoza) ransomware gang now aiming for the education sector.
Pysa ransomware is another strain of Mespinoza ransomware that was first seen in ransomware campaigns during October 2019. The threat group responsible for the attacks, like many other ransomware threat gangs, uses double extortion moves on targets. Files are encrypted and a ransom demand is shared for the keys to decrypt files, but to improve the chances of the ransom being paid, data is stolen before file encryption. The gang if trying to profit from selling the stolen data on the darkweb if the ransom is not paid. Many targeted groups entities have been forced to hand over the ransom demand even when they have backups to stop the sale of their data.
The term DNS filtering is rarely used when discussing Internet security, but it is one of the key mechanisms used by Internet filters to prevent users visiting websites harboring malware and ransomware.
This article provides an explanation of “what is a DNS filter”, and invites businesses not already using this Internet security mechanism to try DNS filtering for free.
It is a certainty that business email systems will be attacked so email security measures must be implemented. The best form of email security is to do away with email altogether, but since businesses rely on email to communicate with customers, partners, and suppliers, that simply isn’t an option.
If you have already made enquiries about web filtering with several different companies, you will no doubt have discovered that Cisco Umbrella pricing is considerably higher than most DNS filtering solutions on the market.
Many Cisco Umbrella competitors offer broadly comparable DNS filtering solutions at a fraction of the price and you may be wondering whether the Cisco Umbrella price is worth paying. In this post we will explain why the price is so high and what you get for your money to help you decide whether the solution is right for your business.
Security experts agree the best spam filtering service includes layers of security features to protect organizations from excessive from advanced email threats. The best spam filtering services provide protection against advanced persistent threats like malware, spear-phishing, ransomware, spam and much more. What they might not agree on is which features should be given priority when choosing the best spam filtering service for business.
The Cisco Umbrella DNS filtering solution is an accomplished product with many features that protect organizations against web-based attacks, but many Cisco customers have sought a Cisco Umbrella alternative have now made the switch to WebTitan Cloud.
In this post we will explore why that is the case and will explain some of the benefits of changing the Umbrella DNS filter to WebTitan Cloud.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a critical piece of legislation in the healthcare industry. It introduced industry- and country-wide standards for the protection of sensitive healthcare data.
These standards improved privacy, security, and efficiency, and gave patients new rights over their healthcare data.
A DNS filter blocks access to websites that harbor malware or ransomware, or that could be a barrier to productivity in the workplace.
Many covered entities have criticized the HIPAA training requirements as being very light on detail, and unclear as to exactly what training must be provided to employees.
There are, of course, reasons for this. HIPAA applies to many different types of Covered Entity (CE) and Business Associate (BA), and therefore the legislation must be flexible enough to apply to each and to different employee roles within each CE and BA. The lack of specifics also helps to keep the legislation timeless, so frequent updates are not required when best practices change.
The General Data Protection Regulations, better known as GDPR, came into effect on the 25thMay 2018 and GDPR training is now required.
Organizations involved in data processing are tasked with ensuring their staff has adequate training. However, the legislation itself gives little information about what form this training should take. Here we outline some recommendations for a core training course, suitable for a broad range of employees.
The term DNS filtering is rarely used when discussing Internet security, but it is one of the key mechanisms used by Internet filters to prevent users visiting websites harboring malware and ransomware. This article provides an explanation of “what is a DNS filter”, and invites businesses not already using this Internet security mechanism to try DNS filtering for free.
The Health Insurance Portability and Accountability Act was established in 1996, mainly as a way of easing the transfer of healthcare plans between employers. However, since then it has come to cover all aspects of patient privacy. Much of this focuses on safeguarding “protected health information” (PHI), patient data that can be used to identify individuals.
Phishing is the leading cause of data breaches and 2020 saw phishing-related data breaches increase again. The recently released Verizon 2021 Data Breach Investigations Report shows there was an 11% increase in phishing attacks in 2020, with work-from-home employees extensively targeted with COVID-19 themed phishing lures.
Phishing attacks are conducted to steal credentials or deliver malware, with the former often leading to the latter. Once credentials have been obtained, they can either be used by threat actors to gain access to business networks to steal data and launch further attacks on an organization. Credentials stolen in phishing attacks are often sold to other threat groups such as ransomware gangs. From a single phishing email, a business could be brought to its knees and even prevented from operating.
This comprehensive HIPAA compliance guide explains in detail how to make your organization compliant with the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security and Breach Notification Rules. This guide explains HIPAA enforcement and HIPAA fines. Finally, this guide gives some general guidelines regarding keeping patient data secure and private.
A cloud based anti spam service is an email filtering solution hosted in the cloud rather than a more traditional physical appliance or on-premises software installation. As with most software-as-a-service (SaaS) solutions, a hosted spam filtering service is available on demand, has minimal maintenance overheads and requires no capital investment.
Despite being hosted in the cloud, businesses utilizing a cloud based anti spam service retain full control of their email filtering policies and can apply those policies by individual user, user-group or business-wide, through integration with directory services such as AD. In contrast to appliances and software installations, set up is a quick and quick and easy, just requiring a simple change to your MX record.
Many covered entities have criticized the HIPAA training requirements as being very light on detail, and unclear as to exactly what training must be provided to employees.
There are, of course, reasons for this. HIPAA applies to many different types of Covered Entity (CE) and Business Associate (BA), and therefore the legislation must be flexible enough to apply to each and to different employee roles within each CE and BA. The lack of specifics also helps to keep the legislation timeless, so frequent updates are not required when best practices change.
This comprehensive HIPAA compliance guide explains in detail how to make your organization compliant with the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security and Breach Notification Rules. This guide explains HIPAA enforcement and HIPAA fines. Finally, this guide gives some general guidelines regarding keeping patient data secure and private.
1. The HIPAA Compliance Guide for Hospital Administrators, Practice Managers, and Business Associates
This HIPAA Compliance Guide has been compiled for the benefit of hospital administrators and practice managers who are aware they have to be HIPAA compliant, but are unsure of what this involves or need to develop a better understanding of HIPAA rules and regulations. This guide should also be of value to businesses that provide services to healthcare organizations who will come into contact with protected health information (PHI) during the provision of those services.
Although the Office 365 spam filter offers a reasonable level of security, many businesses find it basic and lacking when it comes highly-sophisticated cyber threats especially advanced and persistent spear phishing attacks. Although Microsoft regularly introduces new features to improve its spam detection rates, many of these are paid-for features or only available as part of an Advanced Threat Protection (APT) subscription. Others (for example “IP throttling”) cause users more distress than the spam emails the feature is meant to prevent.
One of the reasons why the spam filter on Office 365 fails to detect spam is that Microsoft spam filters work retrospectively. Only after a customer has reported a spam email will Microsoft add the IP address to its “real-time block lists” and include the blacklisted IP address in the next software update. With spammers frequently changing IP address, retrospective updating is generally ineffective.
All employees at an organisation that is subject to comply with GDPR should undergo training. Certain employees may require further training due to their roles in the organisation or how they interact with sensitive data.
It is recommended that training is held regularly, in short sessions. Employees should be engaged during the training course, and tested on their understanding of their responsibilities under GDPR. Certain aspects of GDPR, such as the rules surrounding data processing are more applicable in a day-to-day setting, and should be allocated more time. Employees should be served regular reminders on issues such as IT best practices and the dangers of cyberattacks.
It is important to keep a record of training sessions, such as who attended, what the session covered, and how regularly they occur. As employee training is a requirement of GDPR, auditors may need to see records of the training sessions.
