If you shopped in a brick-and-mortar Forever 21 store this year, your credit card information may have been compromised due to the company’s failure to turn on encryption in some of its point-of-sale (POS) terminals which resulted in a 7-month Forever 21 breach. Encryption was not turned on at some of the point of sale (POS) devices used in Forever 21 stores, exposing customers card data to info-stealing malware last year,...
Read More
It's been quiet since 2015, but TorrentLocker has suddenly returned. And this time it wants to steal your passwords too. A ransomware variant which has been relatively inactive for almost two years is back, and this time it's stealing user credentials from victims in addition to demanding a ransom to unencrypt locked files. TorrentLocker -- or commonly referred to as, Cryptolocker-- began targeting Windows users back in 2014, before disappearing by Summer...
Read More
We're writing this post specifically for the people who have absolutely no idea what ransomware is, or those who have heard the buzz word but don't really know what it means. It's easy to read the word, and assume a definition, but can you really sit there and say you know EXACTLY what ransomware is? Don't fret. We will explain in a practical, not technical language that you can easily understand,...
Read More
If you were at our annual Camp Secure Sense this year, then you will remember the compelling presentation by Fortinet’s Senior Security Strategist, Aamir Lakhani. Lakhani spoke about the reality of digital breadcrumbs being left behind, without the realization. He also showed everyone about the dangers of selling your hard drives and devices online, and how most people unintentionally end up selling sensitive and unencrypted data. Lakhani spoke about the reality of...
Read More
Researchers from Johns Hopkins University have discovered a flaw that allows skilled attackers to intercept and decrypt video and images sent on iMessage. Apple partially fixed the flaw in the latest iOS 9, but the exploit leaves versions prior vulnerable. However, Johns Hopkins professor Matthew D. Green expressed to the Washington Post, that a modified version of the exploit could possibly be developed for iOS 9 versions. This iMessage vulnerability is...
Read More
A new malicious program has surfaced, indicating a new trend in ransomware development that has already seen a resurgence in 2016. CTB-Locker, has been attacking files on web servers, infecting at least 100 websites over the past several weeks. Also known as Critroni, the ransomware operates similar to traditional attacks wherein it encrypts a user’s files and delivers an ultimatum; pay a fee to decrypt and return your data, or consider...
Read More
On February 16, 2016, a California court ordered Apple to assist the FBI in hacking and gaining complete access into an iPhone. The phone previously belonged to one of the San Bernardino shooters who tragically took the lives of 14 people in an attack last December. It is the first court order of its kind and has vast potential repercussions for the privacy and security of every Apple customer. Apple’s CEO...
Read More
The Houston-based hospitality chain Landry’s, has recently released news of a point of sale, or POS malware attack at the organization's restaurants and additional properties dating back to 2014, and 2015. An original report regarding the security incidents by Landry’s was released on December 17th, however, did not provide an exact estimate of the impacted customers. The malware attack exposed payment cards and data used at over 45 of its brands...
Read More
With the proliferation of data and the need to access it from anywhere at any time, encryption is rapidly emerging as the best place to start your data security strategy.
Despite some common ideas about encryption that it is too complicated to implement or too much of a hassle to manage, that’s not the case with the right encryption solution.
Below are six key aspects to keep in mind while choosing the right encryption solution for your organization.
1. Usability: A security product that’s too complicated to use doesn’t offer very much security at all. An encryption solution needs to be comprehensive yet simple: it should protect data everywhere – at rest, in use, or in transit – but shouldn’t take up too much time or IT resources to implement and manage.
Look for an encryption product that’s easy to set up and deploy, with an intuitive management console. It should also allow for simple key management and enforcement of your data protection policy.
2. Multi-platform: Find a solution that covers all types of encryption, including for multiple operating systems like Windows, Mac, Android, iOS.
3. Adaptability: You ideally want a solution that protects your data without getting in the way of daily work. Your encryption solution should adapt to your organization’s workflow – not the other way around.
4. Independent endorsements: Before making a decision, look at what others are saying about a product. Make sure whatever company you choose for your encryption needs has strong third-party endorsements from industry analysts, reviewers and customers.
5. Scalability: As you grow your business, you need an encryption solution that grows with you.
6. Proof of compliance: In the event that the worst happens and your data is compromised, encryption makes it unreadable and unusable by data thieves. If you work in a vertical or location that has specific data protection laws or regulations, auditors will require proof that the data was encrypted.
Learn more about how encryption can work for you, and how to choose the right encryption product. Check out our free and easy-to-understand guide to encryption, fun videos showing you why you need to encrypt, and a comprehensive encryption solution buyers guide at sophos.com/encrypt.
We would like to thank Sophos for providing this Guest Blog Post. The article featured above originally appeared on Sophos Blog.