Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Remote work is not going away. Depending on who you ask, experts believe 35% – 65% of the US workforce will continue to work remotely, permanently. Remote work was a trend that began well before the pandemic and will continue to be the preferred way to work for companies and employees alike. However, many companies were unprepared for the speed at which remote work became the preferred office structure. The pandemic forced businesses to adopt new tools and processes virtually overnight.

Modern enterprises will have to work with customer data in one way or another. The COVID-19 pandemic proved that the only businesses that would survive the future were those willing to embrace technology. While technologies such as the Internet of Things, and artificial intelligence have undeniable benefits, they have also presented complications. Managing your customers’ or site visitors’ data is a lot like having intimate access to their homes.

By design, Salesforce is an environment where customer PII and other sensitive information must be shared and stored. However, compliance regulations like PCI DSS, HIPAA, GDPR, CCPA, and others limit this storage and usage of customer data to only what’s justifiably required for an organization to carry out its duties. Even then, there are requirements for how this data should be stored – like whether it should be encrypted, for example.

We are pleased to announce the launch of NC Encrypt to provide independent encryption key management and Bring Your Own Key (BYOK) support for Microsoft 365 applications and SharePoint Server environments. The sheer number of communication and collaboration channels the M365 platform has introduced, increases the vulnerability of sensitive data and potential for accidental data loss or overexposure, making protection mechanisms such as encryption critical.

On Thursday evening, around 6:25 PM, Uber announced that it was responding to a cybersecurity incident. While Uber hasn’t gone into details about what happened, the purported threat actor has openly corresponded with several security professionals, including Sam Curry at Yuga Labs, Corben Leo at Zellic.io and The New York Times. According to both Curry and Leo, multiple systems were impacted.

IHG Hotels & Resorts, the hotel group that owns the Holiday Inn and Intercontinental brands, experienced a cyber attack in the first week of September. The attack has impacted the central hotel’s booking system and mobile apps, causing a service outage for several days. Loyalty program members could not log in or create new bookings during this time.

My first interaction with a firewall was with a TIS Gauntlet that I compiled on a Sun workstation in 1994. Since then, I have worked with firewalls from Checkpoint (back when configuration files were clear text flat files and they only had support out of their headquarters in Israel), Raptor, Pix (when they booted from a 3 ¼” floppy), and finally the Cisco ASAs, FortiGates, and Palo Alto firewalls of today.

Data classification can feel like an overwhelming task, especially for organizations without a strong practice in place. As with any security approach, data classification is both crucial and tempting to avoid. Regardless of whether the value is recognized, there’s a chance that it gets pushed further and further down the priority list in favor of items that are easier to address.

The Federal Trade Commission has recently updated the 2003 Gramm-Leach-Bliley Act ‘Safeguards Rule’ to create new standards and procedures that will apply to auto dealerships and go into effect in December 2022. The Safeguards Rule outlines the standards required for the protection of consumer data. The new updates create stricter criteria and procedures that car dealers will need to implement, both to reduce the risk of a data breach and to better protect customer data.