Self Improvement Site
On The Internet! Take the Self Improvement Tour
On The Internet! Take the Self Improvement Tour
Articles from Michael Peters | Selfgrowth.com
- Unencrypted Retail POS System Cited in Forever 21 Breach - by Submitted on Nov 25, 2017 from Michael PetersClothing retailer Forever 21 suffered a POS system breach in an undisclosed number of stores from March to October 2017, the company announced last week. The Forever 21 breach was discovered by a third party and involved hackers taking advantage of POS systems that were not encrypted. There ...
Views: 1092 - Chinese Hackers Pose a Serious Threat to Military Contractors - by Submitted on Dec 21, 2018 from Michael PetersThe years-long Marriott Starwood database breach was almost certainly the work of nation-state hackers sponsored by China, likely as part of a larger campaign by Chinese hackers to breach health insurers and government security clearance files, The New York Times reports. Why would foreign spies ...
Views: 1089 - HHS Publishes New Cyber Security Guidelines for Healthcare Industry - by Submitted on Jan 09, 2019 from Michael PetersNoting that cyber security is “the responsibility of every health care professional, from data entry specialists to physicians to board members,” the U.S. Department of Health and Human Services (HHS) has published Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients ...
Views: 1082 - 5 Best Practices for Successful Cyber Security Outsourcing - by Submitted on Oct 06, 2017 from Michael PetersBy following these best practices, organizations can enjoy the benefits of outsourcing their enterprise cyber security, minimize the risks, and build fruitful, long-term relationships with trusted providers. With the cyber security skills gap making it extremely difficult or even impossible ...
Views: 1080 - New York State Cyber Security Regulations Mandate Common-Sense Practices - by Submitted on May 18, 2017 from Michael PetersNew York State Cyber Security Regulations for Financial Institutions Could Be Model for Other States The first phase of the New York state cyber security regulations, which apply to insurance companies, banks, and other financial institutions operating within the state, finally went into ...
Views: 1080 - 5 Tips for Keeping Your Ecommerce Store Secure Over the Holidays - by Submitted on Apr 18, 2017 from Michael PetersOnline shopping is booming, but customers will shun ecommerce if they do not feel their data is secure. Just as “Video Killed the Radio Star,” ecommerce is making shopping malls go the way of the horse and buggy. In 2016, consumers reported making 51% of their purchases online, up from 48% in ...
Views: 1074 - The Yahoo Breach and M&A Due Diligence - by Submitted on Apr 18, 2017 from Michael PetersThe Yahoo hack demonstrates that cyber security has become a fundamental part of M&A transactions. Data breaches and a failure to comply with governmental and industry standards can impact a company in many ways, as Yahoo is finding out the hard way. The company’s recent disclosure of a ...
Views: 1074 - Marriott Starwood Breach Spotlights Multiple Cyber Security Issues - by Submitted on Dec 12, 2018 from Michael PetersThe Marriott Starwood breach, which exposed the personal data of 500 million guests, was not the largest data breach in terms of size; Yahoo still holds that dubious honor. However, because of the nature of the data stolen, it has the potential for a very long reach and highlights multiple cyber ...
Views: 1072 - Hackers’ Next Target: Smart Toys - by Submitted on Apr 18, 2017 from Michael PetersCyber criminals don’t care who they hurt. This was made obvious during the rash of ransomware attacks on healthcare facilities this year, where hackers locked down electronic health records systems, putting patients at grave risk. There is great concern that the proliferation of Internet of ...
Views: 1071 - Understanding the DMARC Email Security Protocol - by Submitted on Jul 01, 2018 from Michael PetersU.S. federal government agencies are required to use the email security protocol DMARC to prevent email spoofing, but the overwhelming majority of federal contractors either don’t have it installed or don’t have it set up properly. NextGov reports: Among the top 98 government contractors by ...
Views: 1067 - Best Practices for Complying with Data Privacy Laws - by Submitted on Nov 23, 2018 from Michael PetersAs California goes, so does the rest of the country. While the California Consumer Privacy Act (CCPA), which was passed this summer and goes into effect in 2020, falls short of being an “American GDPR,” it clearly tore many pages from the far-reaching European data privacy law. Similar to the ...
Views: 1066 - Doxware Takes Ransomware to the Next Level - by Submitted on Apr 06, 2017 from Michael PetersDoxware Leaks Your Private Data if You Don’t Pay the Ransom Ransomware began grabbing headlines about a year ago, after Hollywood Presbyterian Medical Center paid hackers thousands of dollars in ransom after it got locked out of its systems. This large payday apparently encouraged hackers to ...
Views: 1065 - DFARS Compliance Deadline Approaching for DoD Contractors - by Submitted on Aug 04, 2017 from Michael PetersDepartment of Defense contractors and their subcontractors have until December 31 to obtain DFARS compliance Third-party data breaches are a serious problem, especially when highly sensitive data is involved – and our nation’s infrastructure, including our defense systems, are built and ...
Views: 1057 - FISMA, FedRAMP, and NIST: Federal Compliance Demystified - by Submitted on Oct 19, 2017 from Michael PetersFISMA, FedRAMP, NIST, DFARS, CJIS, HIPAA … Government compliance standards can seem like a veritable alphabet soup. Making matters even worse, a lot of them overlap, and many organizations aren’t certain which standards they need to comply with. Even if your organization does not currently ...
Views: 1054 - Employees Are Biggest Threat to Healthcare Data Security - by Submitted on Mar 15, 2018 from Michael PetersHealthcare data security is under attack from the inside. While insider threats — due to employee error, carelessness, or malicious intent — are a problem in every industry, they are a particular pox on healthcare data security. Two recent reports illustrate the gravity of the ...
Views: 1048 - Cyber Cooperation Is Crucial in the Era of NotPetya - by Submitted on Jul 08, 2017 from Michael PetersThe NotPetya attacks weren’t as bad as WannaCry; they were worse, and we all need to start cooperating to prevent the next attack. It’s looking more and more like last week’s NotPetya malware attacks, which infected computers around the world but hit Ukraine particularly hard, were designed ...
Views: 1043 - Understanding & Preventing Advanced Persistent Threats (APTs) - by Submitted on Nov 29, 2018 from Michael PetersA guide to advanced persistent threats (APTs), a highly sophisticated, highly destructive form of cyber attack. What is an Advanced Persistent Threat (APT)? “Advanced persistent threat” is a broad term used to describe a cyber attack where hackers covertly gain access to a system and ...
Views: 1043 - The 6 Most Common Cyber Security Mistakes Your Employees Are Making - by Submitted on Jan 02, 2019 from Michael PetersWith an estimated 90% of cyber attacks caused by human error or behavior, it’s important to understand the most common cyber security mistakes your employees are probably making and know how to mitigate them. Becoming victims of phishing schemes Stolen login credentials are the most common ...
Views: 1041 - Cyber Security Best Practices When Using Public WiFi Networks - by Submitted on Aug 17, 2018 from Michael PetersOnce a luxury item, free public WiFi has morphed into a standard service that consumers expect when patronizing everything from restaurants and retail stores to airports and hotels. Free WiFi users aren’t just checking Facebook or posting vacation photos to Instagram, either; all of us have sat ...
Views: 1036 - SCADA Security of Deep Concern as Cyber Attacks Against Government Escalate - by Submitted on Apr 19, 2017 from Michael Peters“ClearEnergy” May Have Been Fake News, But Threats Against ICS / SCADA Security Are Quite Real Accusations of “fake news” rocked the cyber security industry last week after infosec provider CRITIFENCE implied that it had detected a brand-new “in the wild” ransomware variant called ClearEnergy ...
Views: 1035 - The Proverbial Identity Theft Bus Will Run You Over! - by Submitted on Jun 14, 2017 from Michael PetersThink about a time when you had a single credit card lost or stolen, and how much of a pain that experience was. Now imagine if your entire wallet was lost or stolen and the exponential magnitude of pain in the patootie that would be for you. Run Over by the Bus If you are a subscriber to ...
Views: 1035 - HBO Hacks Indicate a Company in Cyber Security Crisis - by Submitted on Aug 26, 2017 from Michael PetersHacks in the City: Latest in String of Attacks at HBO Targets Company’s Social Media Accounts HBO has had a rough summer, and things are getting progressively worse for the cable titan. The HBO hacks began in late June, when an individual hacker or group calling themselves “Mr. Smith” dumped ...
Views: 1027 - Why your cloud business needs FedRAMP certification - by Submitted on Dec 27, 2018 from Michael PetersThe Federal Risk and Authorization Management Program, or FedRAMP, was designed to support the federal government’s “cloud-first” initiative by making it easier for federal agencies to contract with vendors that provide SaaS solutions and other cloud services. Unlike FISMA, which requires ...
Views: 1027 - Crypto-Mining Malware May Be a Bigger Threat than Ransomware - by Submitted on Feb 07, 2018 from Michael PetersCryptocurrencies such as Bitcoin and Ethereum have gone mainstream; it seems like everybody and their brother is looking to buy some crypto and get their piece of the digital currency gold rush. Hackers want a piece of it, too. In addition to hacking ICO’s and cryptocurrency exchanges, they’re ...
Views: 1026 - Best Practices for Achieving PCI DSS Compliance - by Submitted on Sep 27, 2018 from Michael PetersPCI DSS compliance is mandatory for any organization that accepts or processes payment cards, yet shockingly, a recent study by SecurityScorecard found that over 90% of U.S. retailers fail to meet four or more PCI DSS requirements. Compliance with PCI DSS is not something to be taken lightly. ...
Views: 1019 - Six Cyber Security Best Practices for People and Businesses - by Submitted on Sep 20, 2017 from Michael PetersHacks do not happen in a vacuum; if one computer on a network is compromised, all machines on that network are at risk. For this reason, both enterprises and individuals have a responsibility to implement cyber security best practices – and this does not mean installing anti-virus software and a ...
Views: 1019 - What Is Ransomware-as-a-Service? Understanding RaaS - by Submitted on Feb 07, 2019 from Michael PetersRansomware isn’t a new threat. It first rose to prominence back in 2016, when Hollywood Presbyterian Medical Center shelled out $17,000 in bitcoin after an attack took the hospital offline. Since then, ransomware has only become more popular, especially for hackers targeting the healthcare ...
Views: 1008 - 6 Reasons to Stop Using Spreadsheets for GRC - by Submitted on May 24, 2018 from Michael PetersDespite the availability of modern GRC software, many organizations still use spreadsheets to conduct IT compliance audits and other GRC activities. While spreadsheets are highly useful for many business functions, especially accounting, they are not GRC tools. Depending on spreadsheets to ...
Views: 1007 - Cyber Risk Management Lessons Companies Need to Learn Right Now - by Submitted on Oct 11, 2017 from Michael PetersDon’t want your company to be the next Yahoo, Equifax, Deloitte, or SEC? Don’t ignore cyber risk management. October is National Cyber Security Awareness Month in the U.S., which is quite fitting right now, being as barely a day is going by without yet another disclosure of a massive hack, ...
Views: 1006 - Who Takes the Fall When a Company Gets Hacked? - by Submitted on Apr 21, 2017 from Michael PetersYahoo is trying to pass the buck, but data breach responsibility starts at the top. Who should be held responsible when a company’s systems get breached? Historically, the CIO, the CISO, or both have shouldered the lion’s share of data breach responsibility; well over half of security ...
Views: 1006 - 3 Cyber Security Lessons from the SWIFT Network Attacks - by Submitted on Apr 14, 2017 from Michael PetersOver several months last year, an international group of cyber bank robbers, possibly funded by the North Korean government, stole nearly $100 million, threw the integrity of a decades-old banking industry messaging system into question, and remained at large. Sound like the plot of the latest ...
Views: 1005 - Why Do Schools Keep Getting Hacked? - by Submitted on Apr 19, 2017 from Michael PetersK-12 schools, colleges, and universities are attractive targets for hackers. Their networks contain an enormous amount of identifying information on staff members, students, and students’ families, including names, birth dates, addresses, Social Security numbers, and even health records. ...
Views: 1003 - Phishing for Dollars: Email Scams Costing Companies Billions - by Submitted on May 10, 2017 from Michael PetersWhy Your Employees Keep Clicking on Phishing Emails, and How You Can Stop It The 2017 Verizon Data Breach Report is out, and it’s full of great news – if you’re a hacker. The study, which examined over 1,900 breaches and more than 42,000 attempts in 84 countries, showed that cyberespionage ...
Views: 999 - Smart Toys Put Children and Parents at Risk of Data Breaches - by Submitted on Apr 06, 2017 from Michael PetersInternet-connected smart toys, a popular holiday gift item, have vulnerabilities that put both children and parents at risk of data breaches and identity theft. Smart toys, which connect to the internet and offer children a personalized, interactive play experience, were a very popular gift ...
Views: 996 - 5 Things to Know About Email Marketing and the GDPR - by Submitted on May 10, 2018 from Michael PetersEmail marketing is big business. MarTech Advisor reports that it is the best-performing channel for a company’s ROI, and 61% of consumers prefer to receive offers via email, as opposed to only 5% who prefer social media offers. However, many organizations are concerned about how the GDPR, the ...
Views: 991 - SEC Cyber Enforcement Action Cites Lack of Internal Controls - by Submitted on Oct 31, 2018 from Michael PetersDes Moines-based Voya Financial Advisors (VFA) has agreed to pay the U.S. Securities and Exchange Commission a $1 million penalty in the wake of an April 2016 breach that affected several thousand VFA customers. The SEC cyber enforcement action charged VFA with not having sufficient written ...
Views: 991 - Mirai Botnet Attacks Likely Pulled Off By Bored Teenagers - by Submitted on Apr 18, 2017 from Michael PetersThe Mirai botnet DDoS attacks were the largest on record – and they were likely masterminded by teenagers. In October, a massive DDoS attack on the Dyn DNS “Managed DNS” infrastructure brought down a number of major websites, including PayPal, Twitter, Amazon, Netflix, and Spotify. The attack ...
Views: 988 - Make These Cyber Security Resolutions for 2018 - by Submitted on Dec 28, 2017 from Michael PetersNow that the year is coming to an end, all eyes are on what’s possibly around the corner. More attacks on cryptocurrencies? An escalation in attacks by state-sponsored cyber criminals? Chaos as the EU’s GDPR is implemented? In cyber security, only one thing is certain: It’s a continuous game of ...
Views: 985 - Tax Phishing Scams Are Back: Here Are 3 to Watch Out For - by Submitted on Mar 07, 2018 from Michael PetersTax season is stressful enough without having to worry about becoming the victim of a cyber crime. Here are three different tax phishing scams targeting employers, individuals, and even tax preparers that are currently making the rounds. Employers: W-2 Phishing Emails The W-2 phishing ...
Views: 984 - Latest Anthem Breach Traced Back to Third-Party Vendor - by Submitted on Aug 10, 2017 from Michael PetersNew Anthem breach underscores the need to manage cyber risk throughout the enterprise ecosystem Anthem – yes, that Anthem – has been hacked again. About a month after the beleaguered health insurer agreed to fork over a record-setting $115 million to settle a class action lawsuit related to ...
Views: 983 - GDPR Compliance Means Transforming Your Data Governance - by Submitted on Dec 07, 2017 from Michael PetersOrganizations have until May 25, 2018, to comply with the EU’s new General Data Protection Regulation (GDPR). Arguably the most comprehensive, far-reaching data privacy law passed to date, the GDPR grants European consumers numerous new data privacy rights and places new data governance ...
Views: 979 - Jackpotting: How Secure Are Your Bank’s ATMs? - by Submitted on Apr 06, 2017 from Michael PetersATMs were designed to protect their cash vaults, not their computer components, which leaves them vulnerable to “jackpotting” cyber attacks. Earlier this month, the American Bankers Association announced changes to its Bank Capture incident tracking system, which logs data on ATM attacks, as ...
Views: 978 - NIST Issues Guidance for Medical IoT Device Security - by Submitted on Sep 05, 2018 from Michael PetersThere are more connected devices than there are humans on Earth. Organizations have been as quick to embrace the Internet of Things as consumers have, and the healthcare industry is no exception. Medical IoT devices have exploded in popularity and grown in complexity. Smart medical devices allow ...
Views: 975 - Nearly 340 Million Records Exposed in Exactis Data Leak - by Submitted on Jul 05, 2018 from Michael PetersLast week’s data leak at Exactis, a Florida-based marketing and data aggregation firm, has cyber security experts and data privacy advocates up in arms. WIRED reports: Earlier this month, security researcher Vinny Troia discovered that Exactis, a data broker based in Palm Coast, Florida, had ...
Views: 974 - Outsourcing Can Help Bridge the Cyber Security Skills Gap - by Submitted on Jun 29, 2017 from Michael PetersThe cyber security skills gap is real and growing; there simply aren’t enough cyber security employees to go around. Cyber crime is rapidly escalating, and board rooms are taking notice. KPMG’s 2017 U.S. CEO Outlook survey shows cyber security risks to be among CEOs’ top concerns, yet only ...
Views: 971 - New PCI DSS Ecommerce Guidelines Stress TLS 1.1 Migration - by Submitted on Apr 19, 2017 from Michael PetersNew PCI DSS Ecommerce Best Practices Replace Previous Guidelines Issued in 2013 Consumers love shopping online and are abandoning malls for mobile shopping apps in droves. However, online shopping environments offer multiple opportunities for hackers to steal payment card data. Even worse, as ...
Views: 966 - Is the California Consumer Privacy Act the “American GDPR”? - by Submitted on Jul 12, 2018 from Michael PetersThe recent Exactis data leak, which could surpass Equifax in the sheer number and scope of records exposed, has data privacy advocates calling for an “American GDPR.” While it is unlikely that a federal data privacy law will come to pass anytime soon, some states have already taken matters into ...
Views: 965 - Social Media Cyber Security Risks and Best Practices for Businesses - by Submitted on Aug 29, 2018 from Michael PetersBusinesses tend to gloss over social media cyber security, thinking that it’s more of an issue in their employees’ personal lives than a threat to workplace cyber security. However, one in eight enterprises have suffered a security breach that was traced back to a cyber attack on social ...
Views: 963 - The 12 Biggest Cloud Security Threats Facing Your Organization - by Submitted on Mar 28, 2018 from Michael PetersCloud computing has opened up a world of opportunities for businesses, but it has also resulted in new cyber security threats. Some of these mirror the threats organizations have been combating on premises for years, while others are unique to the cloud. What are the top cloud security threats ...
Views: 963 - The Six Worst Data Breaches of 2016 - by Submitted on Apr 18, 2017 from Michael PetersAs 2016 comes to an end, we look back at six of the year’s worst data breaches and what went wrong. It seems like not a day went by this year without reports of yet another major data breach, or two or three data breaches. From healthcare to fast food to adult entertainment, no industry was ...
Views: 962