If you have administered password policies in Active Directory or looked at the local policies present in the Windows client operating system, you may have noticed an interesting setting contained in the Account policies section. The setting is Store... Read More
Compliance
Zero to hero: save your org from cyber-attack with a zero trust model
Zero trust mentality: sounds kinda harsh, doesn’t it? Here at Specops it doesn’t mean we can’t trust our colleagues not to eat our yogurt out of the office fridge, but it does mean we lock our computers before leaving... Read More
Corporate account takeover attacks and prevention
Corporate account takeover is a form of identity theft, wherein an unauthorized entity steals and assumes an employee’s digital identity, to perform actions on behalf of that user, while remaining undetected. The popularity of corporate account takeover attacks lies in their afforded safeguards for bad actors.... Read More
Australia’s Cyber Security Strategy and stolen credentials
To address the growing number of cyber threats, Australia released a new version of the Australia’s Cyber Security Strategy 2020 on August 6, 2020. The 2020 version of the strategy replaces the earlier strategy from 2016, and will be delivered through the combined efforts... Read More
Password Policy Compliance Report in Specops Password Auditor
Organizations looking to evaluate how well their existing password policies measure up against different compliance standards may benefit from running a free scan with Specops Password Auditor. One of the reports Password Auditor provides is the Password Policy Compliance report.... Read More
What is Gramm-Leach Bliley Act (GLBA)?
The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, requires financial institutions to explain their information-sharing practices to their customers, and to safeguard sensitive data. The GLBA applies to all companies that offer consumer financial products or services like loans, financial or investment advice, or... Read More
CIS Benchmark Password Policy
With technology constantly evolving, cybersecurity organizations are helping people, businesses, and governments with best practices to protect themselves against emerging threats. The Center for Internet Security (CIS) is one of these advisement groups. The CIS Controls and CIS Benchmarks provide globally recognized best practices for security IT systems and... Read More
NYDFS cybersecurity regulation requirements
Financial organizations house a myriad of sensitive customer data, including login credentials, personally identifiable information (PII), and account numbers. With valuable data at stake, the financial services industry repeatedly has the highest cost of cybercrime. As the threat of breaches looms across the industry, and remote work introduces more variables into the cybersecurity equation, it’s clear that... Read More
Defending Your Network from RockYou2021
In June 2021, a large data dump was posted to a popular internet hacking forum. This dataset was termed “rockyou2021,” named after the popular password brute-force wordlist known as Rockyou.txt. Media and Twitter alike were abuzz with what to... Read More
Microsoft password expiration recommendation
Microsoft Active Directory provides built-in password policies to control various aspects of password management in the environment. One of the password configurations traditionally controlled at the password policy level is password expiration. Many organizations use password expiration policies to secure Active Directory accounts as part of... Read More