Lessons from the SolarWinds Breach to Enhance Your Cybersecurity and Vendor Management Programs WHAT HAPPENED? Remediation efforts have been underway for nearly two months following the burgeoning SolarWinds attack. Initial findings indicated that the breach affected an estimated 1,800 companies, including major cybersecurity vendors like Mimecast and Qualys. While [...]
SonicWall Issues and Retracts Alert of Hackers Exploiting Zero-Day Vulnerability Within SonicWall VPN SonicWall, a company providing firewalls and other cybersecurity solutions, issued an alert indicating that it had found a probable zero-day vulnerability with its SMA 100 series products on Jan. 22, 2021. A zero-day vulnerability is a software [...]
Hackers Use Mimecast Certificate to Access Microsoft Accounts On Jan. 12, 2021, the cloud-based email security and management provider Mimecast disclosed that one of its digital certificates, used by approximately 10 percent of its customers, was hacked and used to access some of its client’s Microsoft 365 accounts. A digital [...]
Scam Risks In 2021 and How to Avoid Them Cybercriminals are becoming increasingly sophisticated and continue to find new ways to compromise both individuals’ and firms’ data security. Phishing attacks often use current events or crises to entice users to click infected links, download malicious programs or documents, or provide [...]
Avoid the risk of using common passwords– make your accounts more secure today WHAT HAPPENS IF I USE COMMON PASSWORDS? Password spray attacks target user accounts by attempting to access hundreds of thousands of accounts with the same common password at once, instead of testing many password combinations on [...]
How to Identify and Avoid Vishing and Smishing Attacks WHAT HAPPENED? You likely have heard of phishing attacks, a type of social engineering scheme that tricks victims into clicking email links infected with malware, or into giving sensitive information to cybercriminals posing as a credible contact. Sophisticated attackers use [...]
5 Ways to Strengthen Your Firm’s Vendor Management Program WHAT HAPPENED? Vendor management is a critical piece of creating a comprehensive information security strategy for firms. Vendors processing or maintaining sensitive information on behalf of your firm and its clients are especially important to review and conduct due diligence [...]
Are You Taking Steps To Avoid Ransomware Attacks? WHAT HAPPENED? Earlier this month, the Office of Compliance Inspections and Examinations of the United States Securities and Exchange Commission (OCIE) issued a Risk Alert which outlines best practices for maintaining a secure network; the United States Cybersecurity and Infrastructure Agency [...]
The CCPA Enforcement Date Is Approaching: What You Should Know WHAT HAPPENED? The July 1, 2020 enforcement date for the California Consumer Privacy Act (CCPA) is fast approaching. The original adoption of the regulations, on Jan. 1 of this year, contained a six-month enforcement delay. Although some organizations requested [...]
What Does OCIE Look for When Examining Cybersecurity Practices? WHAT HAPPENED? In recent years, the Office of Compliance Inspections and Examinations (OCIE) of the Securities and Exchange Commission made cybersecurity a top priority when examining all types of firms. As the use of digital technology becomes more essential to [...]