For IT Pros Only

Lets be clear: this is for IT people. Not because IT people are better looking and drive cooler cars than the general populace (which is true: most IT departments look like extras from the set of The Fast and Furious), but because unless you're familiar with things like the dark blackness that grips your soul when you discover that two NICs have the same MAC address on your network - you probably aren't going to appreciate this at all.

Get Your Cards Now
Data Security

[Podcast] I’m Brian Vecci, Technical Evangelist at Varonis, and This is H...

If you’ve ever seen Technical Evangelist Brian Vecci present, his passion for Varonis is palpable. He makes presenting look effortless and easy, but as we all know, excellence requires a complete devotion to the craft. I recently spoke to him to gain insight into his work and to shed light on his process as a presenter. “When I first started presenting for Varonis, I’d have the presentation open on one half of the screen and…
Data Security
pencils in a line and a red pencil higher

Insider Threats: A CISO’s Guide

According to the recent Verizon DBIR, insiders are complicit in 28% of data breaches in 2017. Broken down by vertical, insiders are responsible for 54% of data breaches in the Healthcare industry and 34% in the Public Administration. Hacking (48%) and malware (30%) were the top 2 tactics used to steal data, while human error (17%) and privilege misuse (12%) made the cut as well. What does it all mean? Insiders have capabilities and privileges…
Data Security

Adventures in Malware-Free Hacking: Closing Thoughts

I think we can all agree that hackers have a lot of tricks and techniques to sneakily enter your IT infrastructure and remain undetected while they steal the digital goodies. The key takeaway from this series is that signature-based detection of malware is easily nullified by even low-tech approaches, some of which I presented. I’m very aware that prominent security researchers are now calling virus scanners useless, but don’t throw them out just yet! There’s…
Data Security, Privacy

Australian Notifiable Data Breach Scheme, Explained

A third time is a charm, in life and in data breach notifications laws. On February 13, 2017, the Australian government, in its third attempt, passed the Notifiable Data Breaches scheme, which finally came into effect on February 22nd of this year. While we all have a conceptual idea of what a data breach notification means, but when it comes to required action, we have to look at the nitty gritty details. Let’s start with…
Compliance & Regulation

[Podcast] Attorney Sara Jodka on the GDPR and HR Data, Part II

In the second part of my interview with Dickinson Wright’s Sara Jodka, we go deeper into some of the consequences of internal employee data. Under the GDPR, companies will likely have to take an additional step before they can process this data: employers will have to perform a Data Protection Impact Assessment (DPIA). As Sara explained in the first podcast, internal employee data is covered by the GDPR — all of the new law’s requirements…
Data Security
Recognize a phishing scam

The Anatomy of a Phishing Email

Have you been hooked by a phishing email? Phishing scams are one of the most common ways hackers gain access to sensitive or confidential information. In fact, according to the Verizon’s 2018 Data Breach Investigations Report, phishing is involved in 70 percent of breaches that feature a social engineering component. What is Phishing? At the most basic level, a phishing scam involves sending fraudulent emails that appear to be from a reputable company, with the…
Data Security

[Podcast] Varonis CFO & COO Guy Melamed: Preventing Data Breaches and ...

In part two of my interview with Varonis CFO & COO Guy Melamed, we get into the specifics with data breaches, breach notification and the stock price. What’s clear from our conversation is that you can no longer ignore the risks of a potential breach. There are many ways you can reduce risk. However, if you choose not to take action, minimally, at least have a conversation about it. Also, around 5:11, I asked a question…
Varonis News

Data Classification Labels: Integrating with Microsoft Information Protecti...

We’re thrilled to announce the beta release of Data Classification Labels: integrating with Microsoft Information Protection (MIP) to enable users to better track and secure sensitive files across enterprise data stores. By integrating with Microsoft Information Protection, customers will be able to automatically apply classification labels and encrypt files that Varonis has identified as sensitive. Users can manually tag documents, and Varonis will ingest this information to provide additional context around the data. Data Classification…
Compliance & Regulation
nist 800-53

NIST 800-53: Definition and Tips for Compliance

NIST sets the security standards for agencies and contractors – and given the evolving threat landscape, NIST is influencing data security in the private sector as well. It’s structured as a set of security guidelines, designed to prevent major security issues that are making the headlines nearly every day. NIST SP 800-53 Defined The National Institute of Standards and Technology – NIST for short – is a non-regulatory agency of the U.S. Commerce Department, tasked…
Compliance & Regulation

[Podcast] Attorney Sara Jodka on the GDPR and Employee HR Data, Part I

In this first part of my interview with Dickinson Wright attorney Sara Jodka, we start a discussion of how the EU General Data Protection Regulation (GDPR) treats employee data. Surprisingly, this turns out to be a tricky area of the new law. I can sum up my talk with her, which is based heavily on Jodka’s very readable legal article on this overlooked topic, as follows: darnit, employees are people too! It may come as…
Compliance & Regulation

Canada’s PIPEDA Breach Notification Regulations Are Finalized!

While the US — post-Target, post-Sony, post-OPM, post-Equifax — still doesn’t have a national data security law, things are different north of the border. Canada, like the rest of the word, has a broad consumer data security and privacy law, which is known as the Personal Information Protection and Electronic Documents Act (PIPEDA). For nitpickers, there are also overriding data laws at the provincial level — Alberta and British Columbia’s PIPA — that effectively mirror…
Data Security

[Podcast] Varonis CFO & COO Guy Melamed: Preventing Data Breaches and ...

Recently, the SEC issued guidance on cybersecurity disclosures, requesting public companies to report data security risk and incidents that have a “material impact” for which reasonable investors would want to know about. How does the latest guidance impact a CFO’s responsibility in preventing data breaches?  Luckily, I was able to speak with Varonis’ CFO and COO Guy Melamed on his perspective. In part one of my interview with Guy, we discuss the role a CFO has in preventing insider threats…