Search

In September of 2001, I was conducting a comprehensive security audit of a major health care insurer. They were dealing with the early days of the HIPAA regulations and needed to assess data and application controls in their environments. Then 9/11 happened. All air travel was suspended and major city centers such as NYC, Chicago,…

The rapid acceleration from on-location to remote workforce as part of the Coronavirus Pandemic response opened the door to malicious actors accelerating their phishing and social engineering attacks. Cybercriminals prey on user anxiety by embedding malicious files in COVID-19 themed emails. Remote work layered with user anxiety increases credential theft attack success rates, leaving organizations’…

With the influx of remote access demands, VPN vendors are no doubt having their moment. This is 100% warranted, but organizations must be prepared for the avalanche of bad actors scanning these services, scrutinizing for vulnerabilities. Needless to say, these services must be patched and up-to-date, but relying on a VPN may have once been…

I was recently speaking with a customer who expressed a common concern. Because of COVID-19, their entire finance team was forced to work remotely and they were concerned about the risks of executing critical financial transactions. Purchasing, payroll, expenses, everything… all being done from unknown locations and on devices they couldn’t regulate. From Convenient to…

Analytics have always been necessary for informing ERP data security policies. This has never been more relevant than today, in this everybody-works-from-home environment where function leaders are scrambling to attain oversight and accountability. With whole departments spending 8 hours a day in business applications like PeopleSoft and SAP, establishing strong ERP user activity monitoring strategies is mission-critical….

Data privacy regulations are rapidly reshaping the way companies monitor, manage, and even define the data they collect and store. Prior to new privacy regulations put in place by the European Union and the state of California, the data lifecycle focused solely on collection and dissemination. This meant that the enterprise would collect as much…

Remote workforces are nothing new to most organizations. According to Buffer’s 2019 State of Remote Work report, 44% of respondents noted that at least part of their team was “full-time remote,” and 31% said that everyone on the team works remotely. Further, at the time of the report, 30% of respondents said that their entire…

The news is flooded with stories about cybercriminals successfully engaging in phishing and social engineering aimed at exploiting people’s COVID-19 fears, all in order to steal user credentials to business applications and VPNs. From fake delivery notifications to World Health Organization (WHO) impersonations, malicious actors are preying on people’s emotions during this pandemic. The credentials…

Stop me if you’ve heard (or spoken) this phrase: “All non-essential projects have been put on hold.” To be fair, pausing large-scale IT projects (like a cloud ERP migration) in such an uncertain and unpredictable environment makes sense. If the project will take months to implement and it isn’t helping keep the lights on, it…