Practical Security Tips, News & Advice.
Non-malware attacks are on the rise. According to a study by the Ponemon Institute, 29 percent of the attacks organizations faced in 2017 were fileless. And in 2018, this number may increase up to 35 percent. So, what are non-malware attacks, how do they differ from traditional threats, why are they so dangerous, and what […]
Imagine a scenario in which an employee clicks a link in an e-mail and costs his or her employer $600,000. Unfortunately, this situation does not require one’s imagination. This is exactly what happened in Riviera Beach, Florida, when an employee clicked a link in an e-mail, and the government was crippled by a ransomware attack. […]
Whether it’s necessary to gain a promotion, maintain a security-related (and hard-earned) certification, finish a college or university degree program, or continue to demonstrate competence in their particular fields or industries, security professionals must go to live programs or take security education online courses on an ongoing basis.
The posted orders at a security officer’s position exist for a reason. Their existence provides rules, responses, and a formalized structure for the officer’s work shift. So why are posted orders so poorly written or not followed? What are the liability concerns if they aren’t followed? How can site security managers craft better orders?
As a security professional, you understand the complexity of defending your organization (or client’s organization) against any number of existing and potential threats. The exercise becomes Malthusian, however, when you’re forced to account for the security practices of every vendor in your organization’s supply chain. While basic strategies like regular anti-malware scans and limiting network […]
Workplace harassment is a pervasive issue that too often gets overlooked or simply dismissed by those with the authority to address issues before they escalate. Maybe employees on the receiving end of a workplace bully don’t feel comfortable reporting the incidents, or perhaps they don’t know what resources are available to them. Who should they […]
In this day and age, when many companies house much of their critical information and infrastructure online, it’s imperative to plan ahead. What would you and your company do in the event of an emergency or sabotage?
Security, HR, and/or a threat assessment team can work together and use a five-step model to manage a current or former employee making threats. As with many dynamic situations involving the threat of workplace violence, there is no one perfect solution. These ideas, especially done in combination, can deter subjects from violence, both while they […]
When it comes to compliance, keeping your data secure should be one of the biggest priorities for your business. How can different companies with different requirements make sure they are compliant?
The security world is full of professional certifications, ranging from the plethora of initials offered by ASIS, to homeland security designations, to a fraud examiner’s certification, to others related to crisis management, threat management, and even critical incident stress. Do the examination costs, recertification fees and costs, and study time make sense for security professionals […]