We first wrote about Business Email Compromise (“BEC”) scams in 2015.  Over the last four years, these attacks have continued unabated.  According to the FBI, in just the last year alone, there were over 20,000 reported BEC scams, with adjusted losses of over $1.2 billion.  One reason this
Continue Reading

As we highlighted in our predictions for 2019, the proliferation of leaked personal information online provides an increasingly valuable resource for threat actors to use in cyber attacks. So far in 2019, billions of records have been leaked, creating significant additional cybersecurity risks for companies. To help understand this
Continue Reading

We recently wrote about companies monitoring employees to reduce cybersecurity risks. Those insider threat risks do not end when employees leave the company. Sensitive company data in the hands of a disgruntled former employee is obviously a potential risk, but so is unauthorized access to confidential company information by a
Continue Reading

Two-factor authentication is one of the most common measures that companies use to reduce cyber risk, but it is not very effective if companies don’t also have a good lost-phone protocol.

Various regulations and industry rules require two-factor authentication (also referred to as multi-factor authentication or MFA) including the NYDFS
Continue Reading

Insider data threats – which include the deliberate theft or destruction of sensitive information, as well as innocent mistakes that result in a loss of control of confidential data – have become a primary risk factor to most businesses.  To properly maintain cybersecurity and protect confidential information, companies need to
Continue Reading

Companies have good reasons to limit business-related communications to devices and applications (“apps”) controlled by the company, and to avoid having sensitive company information on the personal devices and apps of employees:

  • Security: The company does not control the cybersecurity and privacy on employees’ personal apps on personal devices,


Continue Reading

Companies and law enforcement are increasingly turning to white hat hackers for help.  The FBI apparently paid consultants over $1,000,000 to unlock an iPhone used by one of the shooters in the San Bernardino attacks, and companies such as Microsoft, Uber, Facebook, and Google are paying hackers tens of thousands
Continue Reading