The NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, published June 2015 (updated January 2016), focuses on information shared by federal agencies with non-federal entities. With its implementation deadline, 31 December 2017, looming, governmental contractors and sub-contractors are running out of time to update their policies and reach compliance.
What is NIST 800-171 and who does it apply to?
Issued by the National Institute of Standards and Technology(NIST), the publication works as a guide for federal agencies to guarantee that Controlled Unclassified Information(CUI) is protected when processed, stored and used in non-federal information systems. This sort of data is often shared by the federal government with institutions and organizations that carry out the work of federal…Read more
The enforcement of the EU General Data Protection Regulation (GDPR) is less than ten months away and companies across the EU and international businesses with European customers are already taking steps to achieve compliance. While some are still bewildered by its legal jargon, many tech companies and news outlets have come to the rescue providing extensive guides and infographics to help businesses understand what GDPR is, what its requirements mean for everyday company operations and how they can get started on the road to compliance. We, at Endpoint Protector, have also put together a handy guide and an informational video about GDPR compliance.
In short, the GDPR is the most notable change in data privacy regulation in Europe in the last 20 years and its purpose is to protect EU citizens’ private data, solidifying their right to demand that data controllers and processors delete,…Read more
In its 2016 top 10 security predictions, Gartner warned that by 2020 shadow IT is likely to account for a third of successful attacks experienced by enterprises. A relatively new concept that has arisen in recent years as a consequence of mounting pressure on IT departments to deliver as well as outdated company policies, shadow IT has become an uneasy element most companies either knowingly tolerate or are unaware of.
What is Shadow IT?
Shadow IT refers to applications and digital solutions not expressly sanctioned by management, but widely used in certain departments or the entire company to minimize workloads, often for the sake of convenience or as communication and collaboration tools. Slack, Evernote, Google Docs, for example, can be in many cases considered shadow IT.
There are multiple factors that have led to the rise of shadow IT. One has been the introduction of BYOD and the…Read more
Linux has long been considered a safe operating system that, with its opensource, community built kernel, is less likely to be a mark for cybercriminals because attacking it can be a far more daunting task than going after other, bigger, more vulnerable targets. But with the rising popularity of Linux and its introduction into the business environment, its attractiveness to hackers has grown as the recent slew of cyberattacks aimed at it can attest. From the backdoored version of Linux Mint that users unwittingly downloaded in February 2016 to the Mirai trojan used in DDoS attacks on computers running Linux in August 2016 and the most recent Erebus Linux ransomware attack that infected South Korean servers in June 2017, Linux’s image as the most secure OS is slowly cracking. And while it has yet to come under the relentless wave of attacks other OS like Windows and Android (that also uses…Read more
The Australian government is the latest to reveal it’s working on new laws that will require companies to be able to unscramble encrypted communications. Australian Prime Minister Malcolm Turnbull came under fire for telling reporters pointing out the mathematical impossibility of breaking into end-to-end encryption: “The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia.”
The UK government’s Investigatory Powers Bill, more commonly referred to as the Snooper’s Charter, raised similar concerns in Europe last year over politicians’ understanding of encryption and the dangers of banning it or asking companies to include backdoors into their encryption solutions. There is also the problem of end-to-end encryption used in popular messaging applications like WhatsApp and Apple’s iMessage…Read more
In recent years, the number of Mac computers has visibly grown among consumers, mainly because of their modern design and features, built-in security and ease of use.
Even so, there is still a common misconception prevalent within companies when it comes to buying Macs for the workforce, the assumption being that they are not affordable compared to the costs of Windows PCs. But when you compare the TCO (Total Cost of Ownership) of Macs and Windows PCs, Mac is the clear winner.
Last year, Fletcher Previn of IBM had a presentation at the Jamf tech conference, where he talked about the usage and costs of Macs vs PCs inside IBM, proving that the total cost of ownership of Macs is significantly lower. The number of Macs increased inside IBM, by the end of last year, reaching 100.000 Mac users. From the total number of Mac users, only 5% needed help-desk support, versus 40% of PC users, resulting in lower…Read more
Employees are often cited as one of the top reasons data loss occurs. Whether negligent or malicious, insiders, with high levels of physical and digital access to sensitive information, have the power to inflict the most damage to a company’s data security. According to the IBM X-Force Threat Intelligence Index 2017, negligence accounts for up to 53% of all cyberattacks businesses suffer, depending on the industry sector, while malicious insiders only for up to 25%. However, ill-intent, because it intentionally targets valuable information, is the biggest danger a company faces from the inside. Therefore, it is well worth keeping an eye on disgruntled employees.
Warning signs include virulent disagreements with management or company policies, poor evaluations that might spark discontent and transition to other places of employment. Companies often see a spike in sensitive…Read more
Cloud services have become a crucial and integrated part of modern IT systems and their security has been continually debated since their emergence. Big cloud service providers such as Amazon and Salesforce have argued that their systems benefit from the kind of heavy-duty state-of-the-art security features smaller businesses are unlikely to ever invest in, making their data less vulnerable in the cloud than on their own servers. However, using cloud services opens data up to easier access and potential breaches. It is, in fact, one of its biggest selling points: data access from anywhere anytime. And while it’s in tune with today’s increasingly mobile, globalized world, it also means that companies have to deal with more vulnerabilities, not necessarily from the cloud services themselves that, as stated above, have taken security concerns very seriously, but from one of …Read more
Standing as testimony to innovation, strength, and uniqueness, the Marina Bay Sands is accommodating once again the RSA Conference Asia Pacific & Japan between 26 and 28th July. The event is bringing together information security experts just like the MBS is connecting its host city, empowering organisations and individuals to stay ahead of cyber threats.
We are happy to exhibit this year as well and we would like to invite you to join us at booth E92 where our colleagues from CoSoSys Far East are looking forward to welcoming you. For those of you whose presence at events in the US or Europe is more difficult, this is a great opportunity to meet the people behind the Endpoint Protector technology and see live demos, whether you are already using it, you are evaluating it or just looking around for Data Loss Prevention software. We will make sure your visit will be worth your while, dedicating…Read more
With recent surges in hacker attacks and leaks, it seems that sensitive data has never been more vulnerable. And with every aspect of businesses becoming digitized, we are increasingly relying on third party solutions, whether antivirus, Data Loss Prevention, encryption and other solutions to keep our data safe.
Sensitive data comes in different shapes depending on the sector a business is part of. It can take the form of credit card numbers, medical records or social security numbers, but regardless of its actual content we can distinguish three different states it can be found in: data at rest, data in use and data in motion. These three types of data present different levels of vulnerability and different challenges when it comes to their protection.
Data at rest is static data stored on hard drives that is archived or not often accessed or modified. Data in use refers to data that is …Read more