The National Institute of Standards and Technology (NIST) has made it clear that highly complex passwords should no longer be the standard practice.  Organizations should begin instituting long passwords/passphrases without complicated complexity requirements. View the link below for more information regarding password complexity Death to Complexity, Long Live the Passphrase

Following a global increase in malicious cyber activity exploiting fear derived from the COVID-19 pandemic, the FBI was notified of targeted email phishing attempts against US-based medical providers.  These phishing emails leveraged content relating to COVID-19 to mask and distribute malicious attachments to US healthcare providers.  The FBI recommends companies targeted by a phishing campaign …

An Internet Crime Complaint Center (IC3) PDF warns individuals that scammers are leveraging the COVID-19 pandemic to steal your money, your personal information, or both.  Protect yourself and do your research before clicking on links purporting to provide information on the virus; donating to a charity online or through social media; contributing to a crowdfunding …

In 2019, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act).  The SHIELD Act expands data security and breach notification requirements to cover all businesses that collect private data from New York residents. Breach Notification Changes Notifications now must be provided to any New York …

Happy #NationalWomensHistoryMonth from our CEO Holly Hubert, CISSP, CISM, CGEIT, CRISC. Hubert spoke at Buffalo Business First Mentoring Monday event. The event highlighted over 40 different bizwomen mentors and mentees…truly an amazing day to engage with such exceptional women. Thank you Michelle Cioci, Donna Collins, and John Tebeau for hosting the event.

What makes a password strong? They need to be long and complex to create a uniqueness about it that will be hard to crack from the hacker’s standpoint. Password requirements are getting more in-depth, below is a list of best practice requirements that are needed for a secure password: 1. Do not input any login, …

Did you know that cyberattacks are becoming the biggest threat to the US financial system? Cybersecurity is everyone’s job. Ensure all employees are aware of the significant role they play in keeping your organization secure with GlobalSecurityIQ’s custom educational programs for boards, management, and employees on a broad spectrum of security topics. Breaches can impact …

The cybersecurity space is so “wide“ that practitioners in the field also often confuse the conversation by conflating terms like Vulnerability Assessment, Vulnerability Scan, and Penetration Test. We have many clients call for a “Penetration Test” what they really need is a fundamental assessment of their cybersecurity posture relative to risk and vulnerabilities. Any new …

Vulnerability Scanning vs. Penetration Testing Vulnerability scanning and penetration testing are both technical assessments that provide useful and often very detailed information about the security of your computing environment. Although these two assessments have a lot of similarities and are often used interchangeably by those outside of the cybersecurity realm, they are actually quite different. …