Compliance

data encrypted message on screen

Corporate account takeover attacks and prevention

Corporate account takeover is a form of identity theft, wherein an unauthorized entity steals and assumes an employee’s digital identity, to perform actions on behalf of that user, while remaining undetected. The popularity of corporate account takeover attacks lies in their afforded safeguards for bad actors.... Read More

scam warning shown on laptop

Australia’s Cyber Security Strategy and stolen credentials

​To address the growing number of cyber threats, Australia released a new version of the Australia’s Cyber Security Strategy 2020 on August 6, 2020. The 2020 version of the strategy replaces the earlier strategy from 2016, and will be delivered through the combined efforts... Read More

Specops Software

Password Policy Compliance Report in Specops Password Auditor

Organizations looking to evaluate how well their existing password policies measure up against different compliance standards may benefit from running a free scan with Specops Password Auditor. One of the reports Password Auditor provides is the Password Policy Compliance... Read More

hands with gears on top

Gramm-Leach Bliley Act (GLBA) Password Requirements

The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, requires financial institutions to explain their information-sharing practices to their customers, and to safeguard sensitive data. The GLBA applies to all companies that offer consumer financial products or services like loans, financial or investment advice, or... Read More

coding with lock

CIS Benchmark Password Policy

With technology constantly evolving, cybersecurity organizations are helping people, businesses, and governments with best practices to protect themselves against emerging threats. The Center for Internet Security (CIS) is one of these advisement groups. The CIS Controls and CIS Benchmarks provide globally recognized best practices for security IT systems and... Read More

city street with cars

NYDFS cybersecurity regulation requirements

Financial organizations house a myriad of sensitive customer data, including login credentials, personally identifiable information (PII), and account numbers. With valuable data at stake, the financial services industry repeatedly has the highest cost of cybercrime. As the threat of breaches looms across the industry, and remote work introduces more variables into the cybersecurity equation, it’s clear that... Read More

music notes and password security

Defending Your Network from RockYou2021 

In June 2021, a large data dump was posted to a popular internet hacking forum. This dataset was termed “rockyou2021,” named after the popular password brute-force wordlist known as Rockyou.txt.   Media and Twitter alike were abuzz with what to... Read More

laptop with login screen

Microsoft password expiration recommendation

Microsoft Active Directory provides built-in password policies to control various aspects of password management in the environment. One of the password configurations traditionally controlled at the password policy level is password expiration. Many organizations use password expiration policies to secure Active Directory accounts as part of... Read More

masked password credential attacker

Pipeline Cybersecurity Initiative best practices

There is no question that ransomware attacks are on the rise.  They present what is arguably the most dangerous risk to businesses today when looking at the cybersecurity threat landscape. Recently, a ransomware attack impacted the Colonial Pipeline, one of the largest fuel... Read More

finger on scale

Service account security best practices

There are number of privileges and roles granted to Windows users. However, it’s often necessary to restrict roles to specialized accounts called service accounts. These Active Directory (AD) accounts have deeper access to OS infrastructure, making them both handier and higher-priority... Read More