How Can Companies Balance IT Security and Personal Web Access at Work?

Posted by Gerd Meissner

Nov 1, 2016

 InfoSec Luminary Lineup IllustrationSECURITY

Companies struggle to protect their IT infrastructure when employees access the web. Checking personal web mail or running online shopping errands from the office helps workers to maintain work/life balance, but it also puts the business at risk from web-borne threats.

Organizations scramble to put policies in place to protect themselves. But policies that are too restrictive can negatively impact productivity and workplace climate.

For our InfoSec Luminary Lineup blog discussion series, we asked: “How can companies balance IT security with users' need to access personal web resources at work?” In this post, cybersecurity startup leaders, experts and influencers share their thoughts, tips and insights on how companies can solve this dilemma.

Face Your Worst Cyber Security Fears

Posted by Scott Petry

Oct 27, 2016

Illustration: Face Your Worst Cyber Security Fears (National Cyber Security Awareness Month / Halloween blog post)SECURITY, NEWS

Survey results: What cyber security issues scare people most?

"There is a time to take counsel of your fears," General George S. Patton once famously said. Halloween marks the end of National Cyber Security Awareness Month (NCSAM). Let’s make this the time to take counsel of the cyber security fears that keep us up at night.

Topics: Security

5 Vendor Risk Reports Every IT Leader Should Read

Posted by Gerd Meissner

Oct 25, 2016


How do you break into a bank? In the old days, burglars would dig their way into the vault from a basement next door.

In today’s digital economy, hackers don’t barge through the front door, either. They are looking to circumvent the cybersecurity barriers of financial service providers and other security-conscious companies by targeting potential weak spots on their IT periphery - such as less guarded software vendors or law firms with access to the bank’s network.

How can companies assess and manage third-party risk? Vendor risk management ranks high now on the agenda of enterprise CIOs and CISOs in the financial services industry and its business partner ecosystem. But what about other sectors?

Law firms were the first to feel the pressure, as described elsewhere on this blog. Yet in many organizations, regardless of industry, the IT infrastructure continues to remain under threat through undetected and unmitigated vendor risks.

You may have heard how vendors contributed to recent large-scale data breaches at retailers, healthcare providers and government agencies.

To be clear - third parties didn’t “cause” these data breaches by themselves. The surveys and research results covered in this post illustrate an endemic lack of vendor risk awareness and management.

Topics: Security

8 Easy Tips for Better, More Secure Passwords

Posted by Scott Petry

Oct 11, 2016

Thumbnail Illustration for Authentic8 Cybersecurity Awareness Month Blog Post Illustration: 8 Easy Tips for Better, More Secure PasswordsSECURITY

We all know the Ben Franklin quote about two certainties in life being death and taxes. It’s time to add a third: passwords.

We can’t avoid passwords. The problem is, when using them, most of us can’t seem to avoid taking shortcuts either. Hackers count on it, which is why weak or unprotected passwords are still the #1 reason for most major data breaches. I’ve blogged about the reasons here.

No National Cyber Security Awareness Month should go by without pointing out methods to improve password security. I recommend you take the following simple steps sooner rather than later: 

Topics: Security

8 Easy Steps to Protect Yourself Online When Traveling

Posted by Gerd Meissner

Oct 4, 2016

Thumbnail Illustration for Authentic8 Cybersecurity Awareness Month Blog Post Illustration: Business Travel Online SecuritySECURITY

Consider this before taking your next trip: When traveling for business, you are more likely to get hacked than to get mugged, according to a recent report.

Are you among the rapidly growing group of professionals - like lawyers, IT professionals, financial advisors or executive search consultants - who stay connected with their job while on an extended weekend or a vacation trip?

Then you potentially put your organization at risk every time you fire up your notebook or tablet computer in an airport lounge, hotel room or beach restaurant.

Don’t be the one employee whose carelessness opens the door for online crooks. October is National Cybersecurity Awareness Month, so here's to cybersecurity awareness while traveling:

Topics: Security

How a Secure Browser Insulates the Enterprise from Third-Party Risks

Posted by Gerd Meissner

Sep 13, 2016

Illustration for blog post: How a Secure Browser Insulates the Enterprise from Third-Party Risks - Trusted Vendor MemeSECURITY

From enterprise-sized organizations down to one-person professional firms, critical business information is frequently handled by third-party service providers.

Suppliers and vendors are routinely given access to their customers’ most sensitive systems and data. And just as routinely, this results in massive data breaches.

How can your organization improve security to minimize the risk introduced by third-party suppliers?


Most companies learn about vulnerabilities when it’s too late - after a data breach. 37 percent of the U.S. companies who responded to a recent survey by Ponemon Institute believed their main third party vendors would not inform them in case of a serious data breach.

Companies are depending on IT consultants, accounting and payroll professionals, HR consultants, recruiters and other professional service providers to get the job done and to maintain a competitive edge.

Topics: Security

Ransomware in 2020: Still a Threat?

Posted by Gerd Meissner

Sep 6, 2016

Ransomware in 2020: Still a Threat? InfoSec Luminary Lineup IllustrationSECURITY

What’s your prediction, and why?

Yes, predicting the future of cyber crime may be a bit of a “fool’s errand” (Richard Caplan). But ransomware is not a new phenomenon, it’s been around since 1989, as Jake Olcott points out below.

In spite of such a long history of mayhem, ransomware is more prevalent than ever. So we asked information security industry thought leaders, analysts and observers to extrapolate, and received a wide range of responses for this installment of our "InfoSec Luminary Lineup" series of blog posts.

Topics: Security

Five Endpoint Security Resources Every IT Leader Should Know

Posted by Gerd Meissner

Aug 9, 2016


Endpoint security tops the priority list for many enterprise IT leaders this year, across a wide range of industries. One main reason: “2016 is shaping up as the year of ransomware - and the FBI isn’t helping” (Los Angeles Times).

Ransomware, distributed by criminals via automated phishing email campaigns and large-scale infections of web servers, infiltrates the networks of hospitals, law firms and energy utilities alike, encrypting stored data, and demanding payment to unlock the victim’s data.

Data breaches at major law firms and healthcare data providers have already reached record numbers in the first half of this year. In many cases, the organization’s use of regular, non-secure browsers - which fetch and process code from the web on the local computer, including malware - opened the door for outside attackers.

Topics: Security

No More Ransom? Activism Won’t Prevent Ransomware.

Posted by Gerd Meissner

Aug 1, 2016

Illustration: Thumbnail No More Ransom (screenshot)SECURITY, NEWS

The European Cybercrime Centre (EC3) of Europol, the European law enforcement agency, is driving a new public/private initiative that, according to the Washington Post, “may offer a glimmer of hope for victims” of ransomware.

No More Ransom, is the campaign’s motto. As nice as that would be, I think the slogan and the site promote a false sense of security.

I’d call it feel-good activism. Here’s why:

Silo Underscores Integral Role in Enterprise Web Security

Posted by Gerd Meissner

Jul 26, 2016


New Enhancements Integrate With IT Infrastructure and Enable Seamless Access

(MOUNTAIN VIEW, CA -- Jul 26, 2016) - Authentic8, maker of Silo, the cloud-based secure browser for business, introduced today new enterprise capabilities for its flagship product aimed at seamless deployment within the enterprise and added convenience for end users.

Silo now includes synchronization with Microsoft Active Directory (AD) services, integration with Identity Provider (IDP) solutions for federated authentication, and enhancements to the Silo Access Portal to streamline secure access to the web.

By synchronizing Silo with AD, an organization's traditional methods of managing users, enabling application access and defining policies can be used as the basis for deploying and managing Silo for secure access to the web.

For organizations that rely on federated authentication systems, such as Microsoft ADFS or other commercial identity provider (IDP) services that are based on the standard Security Assertion Markup Language (SAML), Silo deploys without requiring users to perform further authentication steps. Once the user is registered on the network, use of Silo is seamless.

Topics: Corporate News