It's no longer enough to simply ensure that your organization's systems and enterprise web presence are secure. Your risk management program needs to look beyond the perimeter of your organization to properly vet the third and fourth-party vendors who will have access to your data without being subject to your internal risk management process. The use of third parties in your supply chain or for data handling create potential risks that can be compounded by these third-party weaknesses.

I write a lot about how organizations can secure their workers as they start using tablets and smartphones more for work. The truth is, the legal professional has been ahead of that curve for years. Even before smartphones were introduced over a decade ago, lawyers, paralegals and legal staff were already using cellphones to stay on top of case work. Now, with smartphones and tablets, your law firm’s staff can do everything they used to do in an office from wherever they go.

As we say goodbye to 2020 and spend time reflecting on the industry changes, reassess our workflows and procedures in order to identify where 2021 will bring us, it’s a brilliant time to also address our security practices and ways we can bring improvement to those, as well. After considering the top challenges I saw with development teams and security teams within development environments, I came up with a list of ways to focus our security improvements for 2021.

ISO/IEC 27001 is a set of international standards developed to guide information security. Its component standards, such as ISO/IEC 27001:2013, are designed to help organizations implement, maintain and continually improve an information security management system (ISMS). Compliance with ISO 27001 is not mandatory.

With one in three SMEs adopting cloud-first strategy more than ever, cybersecurity concerns have only grown exponentially. In the wake of the pandemic, nearly 95% of cybersecurity professionals have shown concerns regarding public cloud security. Microsoft Office 365 is at the heart of most small to mid-sized businesses. Combined with a rapid cloud adoption rate, security concerns are not far behind.

In order to ensure compliance with the growing list of personal privacy regulations—like GDPR, CCPA, and PDPA—your company needs to know how it handles the personal information of your customers, users, and even visitors.

We asked Paul Sutton, Head of Research & Development at Redscan Labs, to tell us about the work he and his team are doing to ensure Redscan remains at the forefront of detection and response.

Detecting the threat after collecting the right data is the first step. From there, the impact of the threat really matters; otherwise, security teams may be chasing after too many issues.

“Joker’s Stash”, the largest dark web marketplace for buying & selling stolen payment card data, announced on January 15, 2021 that it is shutting down. The last day of activity will be February 15, 2021.

TL;DR: On January 7, the Detectify security research team found that the .cd top-level domain (TLD) was about to be released for anyone to purchase and claimed it to keep it secure before any bad actors snatched it up. A technical report with full details is available on Detectify Labs. This blog post will discuss the basics of domain takeover.