Removable media devices—also known as removable storage devices–present a very high risk to sensitive data stored, processed, or transmitted by information systems in your organization. Sedara recommends implementing strict measures to safeguard sensitive information and prevent its accidental or intentional loss, misuse, or disclosure.
The National Institute of Standards and Technology recommends using longer passphrases instead of passwords for authentication purposes. Passphrases improve an organization’s security posture and reduce the risk of data breaches: they are more complex, easier to remember, and more resistant to cyber-attacks.
Microsoft 365 (formerly Office 365) is a Software-as-a-Service (SaaS) that offers a cloud-based version of its popular software productivity suite, including MS Word, Excel, PowerPoint, Outlook, and OneNote. In contrast, Azure Active Directory (Azure AD) is an Infrastructure-as-a-Service (IaaS) that offers a cloud-based version of Active Directory to control identity management and access to virtual resources across an organization.
Microsoft 365 E5 is an enterprise cloud-based suite of Microsoft Office productivity apps combined with advanced voice, analytics, security, and compliance services. It is an upgrade over lower tiers E1 and E3. Though threat protection features are included in all Microsoft or Office 365 subscriptions, an E5 license provides some advanced features.
The National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) is undergoing a major update. Originally released in 2014, the NIST CSF is one of the most widely used cybersecurity frameworks helping organizations understand and manage their cybersecurity risk. NIST is currently updating the CSF to align with the latest cybersecurity trends and best practices, with the expected release date of the CSF 2.0 slated for the first quarter of 2024.
Search engines automatically create a business listing based on publicly available information, but they permit business owners to override this automatic listing by publishing their own. This listing may include business hours, slogan, geographical location, a website link, contact information, reviews, and images. Business owners are also permitted to respond to reviews. Recently, Sedara has seen incidents in which the attacker claims control over a business listing that they do not own.
The Gramm-Leach-Bliley Act (GLBA) applies to many types of financial institutions, like banks, savings and loans, credit unions, insurance companies and securities firms. It requires those organizations to explain their information-sharing practices to their customers and to protect sensitive data. On November 15, 2022, The FTC announced a six-month extension for companies to comply with data security provisions in the GLBA. The new deadline is June 9, 2023.
Phishing prevention can be difficult since it is constantly morphing and so common. A multi-pronged approach usually works best for addressing this threat.
MDR (Managed Detection and Response) is a type of cybersecurity service that combines advanced threat detection technologies with human expertise to provide continuous monitoring and rapid response to cyber threats. These services involve a team of cybersecurity experts who monitor an organization’s network and endpoints in real-time using advanced security tools, such as threat intelligence, machine learning, and behavioral analytics.
The list and research identify and honor the top MSSPs (managed security service providers) worldwide. The rankings are based on MSSP Alert’s 2022 readership survey combined with the site’s editorial coverage of MSSP, MDR and MSP security providers. The sixth-annual list and research track the MSSP market’s ongoing growth and evolution.
