Blog & News
Company updates, industry insights, and thought leadership from the Adsero team.
Adsero Celebrates 11 Years
Reflecting on a decade of helping organizations secure their systems and navigate compliance requirements.
Introducing Our AI Governance Practice
Announcing our expanded AI governance services to help organizations navigate EU AI Act, NIST AI RMF, and responsible AI deployment.
Announcing the Qwik Product Suite
QwikChek, QwikSec, and QwikPhish - our new suite of security tools for modern teams.
Importance of AI Security
As organizations increasingly adopt artificial intelligence, safeguarding sensitive information becomes paramount. Security must be embedded into every phase of the integration.
Are You Vetting Your Third Party Vendors?
Thorough vetting of third-party vendors is essential in contemporary IT security environments. Security questionnaires function as primary instruments for assessing potential partners' cybersecurity readiness.
Happy New Year! Time for the Annual Cybersecurity Checklist
Organizations should perform due diligence on their cybersecurity practices as the new year begins. Start the year on the right foot by focusing on five key areas.
Priorities for Building a Better Startup!
Cybersecurity and compliance have become critical priorities for startups across all industries. Early investment in these areas is essential for establishing customer confidence and attracting investors.
Reap the ROI Benefits of Security Training for Employees
IT security awareness training has become indispensable for companies of all sizes. Investing in employee training yields significant savings compared to breach remediation costs.
Requirements for Safeguarding Customer Data
In today's digital landscape, protecting customer data requires proactive security measures implemented before entering binding business agreements. Learn the key requirements for safeguarding sensitive information.
Why Should Your Organization Conduct an Annual Security Risk Assessment (SRA)?
A Security Risk Assessment may expose organizational vulnerabilities, but this process represents an essential first step toward identifying and mitigating risks while maintaining regulatory compliance.
It's That Time Again: Annual IT Security Policy Review
As businesses enter a new year, they have an ideal opportunity to evaluate and refresh their IT security policies. The tech landscape changes rapidly, demanding that organizations stay alert to new threats.
AI Regulation and the Evolving Tech Landscape
President Biden's AI regulation initiatives will significantly impact companies in the tech sector, emphasizing responsible and ethical AI development and deployment.
Five Key Benefits for Security Awareness Training ROI
Providing IT security training for employees delivers several significant advantages. Here are five key reasons that demonstrate strong ROI for security awareness training.
5 Must-Have Elements for Information Security Policy
Every organization needs a comprehensive information security policy. Here are five essential components that should be included in your security framework.
Writing IT Security Policy?
Organizations need comprehensive IT security policies that are practical and understandable. Learn about the essential policies every company should have in place.
Benefits of a Risk Management Program
Discover the four essential components for implementing a successful risk management program, from asset inventory to workflow implementation.
The Benefits of Annual Penetration Tests
Learn why annual penetration testing is essential for uncovering hidden vulnerabilities, maintaining compliance, and enhancing business continuity.
The Robinhood Data Breach
On November 8, 2021, Robinhood released a statement claiming they experienced a data breach, with email addresses for 5 million people and full names for 2 million people exposed.
User Security Awareness Training Must-Haves
Discover the essential components of an effective security awareness training program, including phishing campaigns and structured training curricula.
Mitigating Third-Party Vendor Security Risks
Learn strategies for managing third-party vendor security risks, including inventory management, vendor selection processes, and continuous monitoring.
The Fortinet VPN Account Leak
87,000 unpatched Fortinet SSL-VPN credentials from around 500,000 accounts have been leaked on the dark web, exploiting a path traversal vulnerability in FortiOS.
The T-Mobile Data Breach
On August 16, 2021, T-Mobile released a statement that unauthorized access to customer data had occurred, affecting millions of former, current, and prospective customers.
The Kaseya Ransomware Attack
Over the Fourth of July weekend, Kaseya's VSA software was targeted by the cybercrime gang REvil in a supply chain ransomware attack demanding $70 million in Bitcoin.
Cybersecurity in the Age of the Coronavirus: VPN Security
More companies are now relying on VPNs for business continuity. As a result, VPN gateways are running at or near capacity, demanding proactive security measures.
Adsero's New Partnership Expands Solutions Offering
Adsero Security and Ballast Services are pleased to announce their integrated partnership to provide comprehensive IT security compliance and managed services.
The Principle of Least Privilege
Understand the Principle of Least Privilege (PoLP) and how it improves security, compliance, and accountability while limiting your attack surface.
Cybersecurity in the Age of the Coronavirus: Cybercrime
The Coronavirus pandemic has remolded us into a digitally dependent world. Our reliance on technology opens doors for new cyberattacks and poses obstacles for business executives.
So SolarWinds Happened...Now What?
In case you haven’t heard, malicious actors hacked into the IT company SolarWinds and used its software channel to push out malicious updates onto 18,000 of its Orion platform customers. This attac...
SIEMs like you need monitoring!
So how do organizations prepare for events like this in the future? Having a SIEM (Security Information & Event Management) solution in place can help your organization be prepared for an increase ...
Critical Windows Server Vulnerability Now Seen In The Wild
The vulnerability known as CVE-2020-1472 or “Zerologon” as its being called allows an attacker to gain control over an Active Directory Domain Controller within seconds of running the exploit. The ...
The Top Cybersecurity Mistakes Made by Companies
Several companies are disregarding important aspects of cybersecurity. Having an inadequate cybersecurity program enables attackers to penetrate the company network. This article highlights the top cybersecurity mistakes made by companies.
Dunkin Donuts to pay $650,000 fine for poor cyber security protections
The NY Attorney General said that Dunkin Donuts failed to adopt security safeguards against future attacks after previous attacks had left customers accounts compromised. During the attacks in late...
Securing Data in the Cloud
Storing data in the cloud allows for easy management and accessibility over the internet. However, cloud storage poses risks for security. The following tips will ensure safe cloud computing best practices.
Cybersecurity in the Age of the Coronavirus: The Impact on Business Operations
Business networks are now accessible from home, posing a risk to the security of business operations. We’ve seen changes in the way leadership makes decisions for business performance.
Security and Privacy Issues with Zoom
In Zoom conferences, anyone with the right link can enter a teleconference and share a screen, even without a Zoom account. There have been new complaints about users being Zoom- bombed, which is w...
SOC 2 and NIST 800-53
In order to assess our information systems, we first need to take a closer look at both SOC 2 and NIST 800-53.
Coronavirus and Ransomware
Healthcare companies like hospitals and clinics are often a target for ransomware attacks because they store sensitive information and commonly lack cybersecurity. Ransomware attacks have changed as the Coronavirus pandemic impacts hospitals and...
Tips for Ensuring Cyber Safety When Working From Home
As organizations shift to remote work during the viral outbreak, employees become vulnerable to cyber attacks if they are working outside of a secure network. Take these steps to securing your company's data while working remotely.
Ryuk Ransomware
Ryuk Ransomware is a type of ransomware that targets businesses and corporate environments. Ryuk enters victims' systems and encrypts their data, demanding payments via Bitcoin cryptocurrency.
The Importance of IT Security Policies
IT security policies are necessary in organizations as they define who has responsibility of what information within the company. Policies are the baseline of all procedures and should be maintained regularly.
Is Your Password Secure?
Passwords can be an inconvenience to remember, especially when you have dozens of applications and accounts to log into everyday. However, with the increase in phishing and ransomware attacks, passwords can be the main line of defense when securing...
How to Prevent Phishing Attacks Against Your Organization
Phishing is a type of cybercrime that happens when an attacker poses as a legitimate company or website in order to divulge sensitive information from the victim. These attacks can be damaging to a company; however, they can be prevented.
How to Prevent Ransomware Attacks Against Your City Network
Ransomware attacks can be crippling, shutting down entire cities for weeks or even months. The good news is, these types of municipal malware attacks are preventable.
So What Exactly Is a Security Risk Assessment?
A Security Risk Assessment is an assessment that involves identifying the risks in your company, your technology and your processes to verify that controls are in place to safeguard against security threats.
Top 10 Overlooked Security Risks: 4 of 10
Encrypting desktops and laptop computers is one of the easiest ways to prevent data loss as a result of lost or stolen computers. Modern operating systems include full disk encryption features bundled with the operating system.
Top 10 Overlooked Security Risks: 3 of 10
Companies often forget about data once they stop using it day-to-day. Leaving outdated data on sunsetted systems increases your potential exposure in the event of a data breach.
Top 10 Overlooked Security Risks: 2 of 10
Allowing employees or guests to share a single WiFi password prevents you from controlling who is accessing your company network. Users should always connect to WiFi using a unique username and strong password.
Top 10 Overlooked Security Risks: 1 of 10
Once a user logs into a computer, they potentially have access to sensitive company information. If they get distracted or leave their computer unattended, it leaves your company data open to potential theft or exploit.
Breach Exposes Sensitive California State Employee Data
It is alleged the breach was discovered in December last year but was only disclosed to employees this week.
The most common type of data breach in hospitals? Paper records, study suggests
"Hospitals should conduct routine audits to allow them to see their vulnerabilities before a breach occurs,"
FedEx data breach: 119,000 passports or photo IDs found on unsecured server
“After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure. The data was part of a service that was discontinued after...
What cybersecurity surprises does 2018 hold?
New attack vectors New attack vectors have also been on Craig’s mind, particularly in light of recent disclosures of hardware flaws in microprocessors. “There’ll be more activity by hackers around hardware-based attacks that go after the memory of...
Japan's Coincheck set to report to regulators over $530 million cryptocurrency heist
Coincheck has received withdrawal requests from customers totaling about 30 billion yen ($280 million), a person with direct knowledge of the matter told Reuters last week.
Winter Olympics: Computer virus targeted Pyeongchang Games, say cyber security firms
All three security companies said the Olympic Destroyer malware was designed to knock computers offline by deleting critical system files, which would render the machines useless. The three firms said they did not know who was behind the attack.
Winter Olympics "draws hackers like flies to a candle," cybersecurity expert says
The Department of Homeland Security alert warned travelers to Pyeongchang that their mobile devices could be monitored or compromised.
Viewpoint: Equifax breach is a reminder of society’s larger cybersecurity problems
Several major problems need to be addressed before people can live in a truly secure society: For example, companies must find and hire the right people to actually solve the overall problems and think innovatively rather than just fixing the...
Uber says hackers behind data breach were in Canada, Florida
About 25 million users affected by the breach are users located in the United States, John Flynn, chief information security officer at Uber, said in written testimony to a Senate Commerce Committee panel.
Consumer Reports finds Samsung, Roku TVs vulnerable to hacking
"We found that a relatively unsophisticated hacker could change channels, play offensive content or crank up the volume, which might be deeply unsettling to someone who didn't understand what was happening," Consumer Reports said. "This could be...
How a Sneaky Data Hack Increases Liability Risks for Corporate Directors
Statistics show that once data thieves are in, they can hide for months undiscovered until they strike again – this time at an even greater cost to the victim and their vendors and partners. Data thieves got inside Target through an air...
Hacked at Sea: Concerns Grow Over Lax Cybersecurity for Ships, Ports
As hacking risks grow and maritime operations become more digitally connected, experts in industry and government have long said no one is prepared.
What your employees need to know about cybersecurity
If you are not educating your employees on cybersecurity best practices, you are missing the biggest opportunity for improvement in your cybersecurity profile.
Equifax, Strava, And Russian Facebook Ads: How To Hold Websites Accountable For Data Breach
One common thread running through these notorious cases of recent privacy breaches is the potential harm arising from tracking people. Strava, Facebook, and Equifax created phenomenal databases of people’s behavior. Each of these platforms uses the...
War room to boardroom: The new era of cybersecurity
Facebook’s hire of its first-ever head of cybersecurity policy is recognition that protecting corporations from foreign hacking is an increasingly serious matter.
Top 7 Cyber Security Threats of 2018
To prevent your computer from getting hijacked avoid clicking on unknown links, keep security software up to date, and back-up everything on an external hard drive.
Cyber security expert explains what to do if your email is hacked
“A lot of businesses don’t take steps in preventing it, they rely on their IT people,” Stanley said
Healthcare Data Breaches: 4 Tips for Healthcare Execs
Despite the fact that healthcare hacking was rampant in 2017, only one in five healthcare professionals say they have experienced patient data breaches.
Facebook to roll out global privacy settings hub — thanks to GDPR
“Our apps have long been focused on giving people transparency and control,” she also remarked — a claim that any long-time Facebook user might laugh at rather long and hard.
The New Rules Of Cybersecurity
Over that time, the ability of cyber threats to try to take advantage or limit America’s ability to conduct uninterrupted operations—both militarily, and commercially—increased dramatically.
Adsero supports cyber security schools; Urges others to help develop IT talent
One way we can build our defenses against these cyber-attacks is to develop the talent needed to literally man the front lines in this war.
4 lessons for businesses on South Africa’s biggest data breach
With over 60-million unique ID numbers (more than the country’s population) available in the file, it’s likely that the majority of South Africans were affected. Even certain deceased citizens had their information exposed.
The 5 Laws of Cyber Security
Finding ways around everything for both good and bad purposes is so ubiquitous today that we even have a term for it: “Life Hacking.”
Youth Compete in Cyber Security Competition
Based off of a percentage of total points for each team, Cavanaugh’s group placed with three platinum level and two gold level scores.
What is the real cost of a data breach?
There are other cost factors: Yahoo’s acquisition by Verizon saw a $350M reduction in purchase price due to a loss of 1.5 billion records.
Cybersecurity quiz winners rewarded with malware-infected USB sticks
The Windows-based malware was designed to steal personal information from infected PCs and send it via an IP address based in Poland to parties unknown.
Are Your Group Chat Messages Safe?
Some attackers created malicious software downloads that would masquerade as WhatsApp Desktop applications.
Where We Stand and Where We Need to Go
Don't forget to think of that new application you downloaded recently. How do you differentiate that from a download triggered by an attacker? In abstract terms, only a subset of statistical anomalies contains interesting security events.
Jason's Deli warns customers of possible data breach
The company said the management team "immediately activated" a response plan and is examining whether a breach actually took place, the extent of it and whether there is a continuing threat.
2018 Forecast: Hacking...as prevalent as it was in 2017
2017 was notable for some massive data breaches, unintended exposures of sensitive information on the internet and other unfortunate tech incidents. 2018 probably won't be any better.
Adsero Security Points to Cyber Security Threats Within; Offers IT Security Techniques to Keep Your Systems Safer
A 2016 IBM cyber security intelligence report found that 60 percent of all cyber-attacks were related to, or directly the result of, insider activity. These security breaches often originate from three unique sources within an organization's known...
IT Security Advice from Adsero Makes the News
Organizations that rely on simple security appliances or monitoring services are not getting a complete view of their risk surface and are enjoying a dangerous false sense of security, observes Jason Martino, Co-Managing Partner at Adsero Security.
Breaking News: Healthcare Data Breach
A survey of senior information technology and security professionals in healthcare found the most likely source of a data breach to be email, which the vast majority of respondents admitted to using frequently to transfer protected health...
Breaking News: Uber Breach
The massive data breach at Uber that exposed the data of some 57 million accounts was the work of a 20-year-old Florida man, who was paid by the ride-hailing company to destroy the information through its bug bounty program.
New Release: Complimentary IT Vulnerability Scans Offered
As business risks increase, Adsero Security offers complimentary IT vulnerability scans of internet-facing corporate networks, including up to four external domains or IP addresses.