Why do I care about someone else’s data breach?

Because as the size of your organization increases, the probability that an individual employee’s company email is in that breach rises to 1. That lone employee is going to be suffering some unfortunate impacts, from identity theft, financial scams, blackmail, and even death threats (as seen in the Ashley Madison breach). There’s an organizational impact…

How do I get my employees to stop clicking on everything?

If you’ve been given responsibility for network security in a non-technical area of the business, there’s one eternal question that has been bedeviling admins for decades. Shelves of words have been spilled on the subject, to limited result. Everyone with cybersecurity responsibilities has their own crop of horror stories where an intransigent user has clicked…

Corporate Legal Counsels Fret Over Cybersecurity

A majority of in-house legal counsels at US corporations view data breaches and cross-border data privacy regulations as among their biggest e-discovery related legal risks. BDO Consulting, a company that provides financial, business, and technology advisory services, recently surveyed over 100 senior legal executives at organizations ranging in size from $100 million to over $5…

What CISOs Need To Know Before Adopting Biometrics

Biometric techniques offer a solution to the password problem, but getting started can be tough. Here are a few things you need to know. Businesses have long sought a better way to balance end-user security and usability, and it’s clear the password-only model needs to change. Faced with employees who are unwilling to remember more…

Bringing boards up to cyber speed

The exponential growth of cyber risk has impacted roles for the CISO and the CEO, among others, but it has also left board members a little in the dark when it comes to understanding the risks associated with cybersecurity. The National Association of Corporate Directors, NACD, who represents 88 percent of the Fortune 1000, recently released…

7 tips for better security awareness training sessions

At their worst, security awareness training sessions are boring wastes of time, both for employees and the IT people responsible for them. At their best, however, they are interactive, discussion-driven, and genuinely helpful opportunities to raise security issues and lay the groundwork for better habits. How do you steer your own training sessions closer to…

Cyberrisk Through A Business Lens

As with any other aspect of operating a business, effectively managing cyberrisk is predicated on making well-informed decisions and then executing reliably within the context of those decisions. With that in mind, boards and senior executives must ensure that their organizations accomplish both. For the reasons described below, today many organizations are unable to do…