5 Step SharePoint Migration Plan

Creating SharePoint sites and libraries is pretty simple. Getting the right data to those sites and libraries isn’t that simple, especially if you want to make sure that only the right people have access once it’s there and that data currently lives in file shares and/or in other domains. Which data do you move? What…

Continue Reading

Phishing Lessons: Care to phish your file system?

As I’ve been pointing out over many posts, hackers are generally not using very sophisticated techniques to break into corporate servers. Weak passwords vulnerable to brute-force guessing, or back-doors that were never removed from purchased software provide simple attack vectors. Could there be anything simpler? In fact, there is: how about just asking employees for…

Continue Reading

What is Human Generated Data?

Unlike business application data, like a billing database or CRM system, or machine-generated data, such as the log files that servers generate, human-generated data is comprised of the emails, Word documents, spreadsheets, presentations, images, audio, and video files that we create and share with other people every day. There is massive explosion of human generated…

Continue Reading

And One More Thing about the HIPAA Omnibus Rule: Breach Notification Gets Tweaked

The HIPAA Omnibus Final Rule is a long document with dense legalese. As we’ve been pointing out, a few key provisions should be on the top of your compliance list now that the new regulations are in effect.  But there are also some subtle points that haven’t received as much attention. For example, the rules concerning…

Continue Reading

Are Your Employees Stealing Data Without Realizing It? [INFOGRAPHIC]

Have you ever sent work documents to your personal email or cloud account? Did you delete them when you were done? How about when you left the company? Varonis conducted a short survey at several industry events this year to estimate how much confidential information is being leaked beyond corporate walls.  The results are in…

Continue Reading

FBI Investigates Punxsutawney Phil

One of the items on my blog check-list was to review the presentations from the Blackhat 2013 conference held earlier this summer. While browsing their archives I came across former FBI Chief Security Officer Patrick Reidy’s talk on insider threats. He hooked me on the blurb for his PowerPoint, which, to paraphrase, went something like,…

Continue Reading

The Value of Sandboxes

There’s been a lot of talk about malware sandboxing as a form of protection against advanced persistent threats (APTs). The idea behind malware sandboxing is that you can drop suspicious binaries into a virtualized environment, execute them, and observe what happens without posing any risk to your production systems.  After the malicious code wreaks its…

Continue Reading

Get the Big Picture on Health Care Data Security: Varonis’s Interactive HIPAA Breach Map

Lately there have been some troubling signs that healthcare data breaches are on the rise. Besides recent headline-making hospital data security incidents, the Ponemon Institute just released a survey estimating that about 1.8 million adult-age Americans were victims of medical identity theft in 2013. That’s up 20% from the previous year’s results. And the Identity Theft…

Continue Reading

The HIPAA Omnibus Rule [In Plain English]

It’s the final countdown! By September 23 2013, all covered entities have to comply with the HIPAA Omnibus Rule (aka the Final Rule) or face noncompliance penalties. Not sure where to start?  Omni-who?  Rather than read through 500+ pages of dense legal jargon, we’ve boiled the changes down into a quick, easy-to-understand punch list. 1….

Continue Reading