• Identity theft prevention tips and assistance

    Eva Casey-Velasquez is the CEO of the Identity Theft Resource Center, which provides victim assistance at no charge to consumers throughout the United States. They also educate consumers, corporations, government agencies, and other organizations on best practices for fraud and identity theft detection, reduction and mitigation.

  • Companies need to be custodians of customer data, not owners

    Due to the fact that most students are under the age of legal consent and only beginning to establish a “digital footprint” that will follow them the rest of their lives, it’s not hard to understand why so many companies that serve this market agreed to follow a set of rules aimed at protecting the privacy of this special class of consumer. It’s a no-brainer, right? Wrong.

  • 4 tips to make data protection everyone's business

    Most people wrongly assume that the burden of protecting workplace data across laptops, tablets and smartphones falls solely on your IT department. Without active observance of company protocols, however, any data security plan that IT puts in place falls flat, leaving your company’s data vulnerable. You don’t necessarily need to memorize a litany of IT mandates in order to reduce the risk of losing or compromising your work data.

    Thinking twice about the cloud-based apps you download and staying up-to-date on the latest password best practices are examples of simple, proactive measures you can take to support your organization’s data privacy efforts.

  • APTs: Minimizing losses with early detection

    Attackers try hard to mask their activities – but try as they might, in order to accomplish their goals, their behaviors are likely to be anomalous at some point in time. Quickly detecting these anomalies as they develop could make the difference between losing tens of millions of customer records and losing a few hundred – or none at all.

  • DMARC: The time is right for email authentication

    The DMARC specification has emerged in the last couple years to pull together all the threads of email authentication technology under one roof—to standardize the method in which email is authenticated, and the manner in which reporting and policy enforcement is implemented. The last two pieces are critical. Prior to DMARC there was no real way to determine how policies were implemented upon email receipt, and no way to determine who was doing what with those emails.

  • Infosec management strategies and the modern CTO

    Lumenta recently appointed Brandon Hoffman as their new CTO. We took this opportunity to get his perspective on the management strategies that are essential in the information security industry. He also offers advice to those stepping into the CTO role for the first time, and talks about the evolution of network situational awareness.

  • Bold reform needed to strengthen U.S cybersecurity

    Mr. President, the status quo in cybersecurity is failing the U.S. It is failing the commercial sector, which is being publicly breached on a weekly basis, and it is failing the government as well. It is time to take bold and decisive action to stop these dangerous and embarrassing hacks before they cause further damage and erode the confidence that is vital to the U.S. economy.

  • Has the time come to give up penetration testing?

    By carrying out ‘white hat’ attacks to identify potential entry points in the externally facing parts of an organization’s IT network, such as its firewalls, email-servers or web-servers, pen testing can bring to light any existing security weaknesses. These potentially vulnerable external facing aspects, however, are rapidly increasing in number.

  • How to prepare if you're selected for an OCR audit

    The forthcoming Office of Civil Rights (OCR) audits for HIPAA compliance have seen some delays this fall – but that doesn’t mean covered organizations can delay their audit preparations. In fact, it’s more important than ever that covered entities and business associates ready themselves, if they haven’t already.

    What should organizations do to prepare for the possibility of an audit? How can you demonstrate compliance efficiently and effectively? Let’s take a look at the essential steps.

  • What is the value of professional certification?

    Recognition for and therefore the value of professional certification is rising within the information security domain. In an increasing number of markets across Europe, chances are that if there is a job being advertised that requires someone to ensure information security of systems, data, software, or the company overall, they will be asked to demonstrate at least a baseline of practical knowledge by having earned a professional certification in the field.

Videos      Podcasts


Email scammers stole $215M from businesses in 14 months

Posted on 29 January 2015.  |  In 14 months there have been nearly 1200 US and a little over 900 non-US victims of BEC scams, and the total money loss reached nearly $215 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Jan 30th