This is a weekly series to highlight the best articles and stories happening all over the web.
What was your favorite story? What topics would you like to see? Sound off in the comments!
Top 3 Questions SMBs Should Ask Potential Service Providers
It can be daunting to step into the often unfamiliar world of security, where you can at times be inundated with technical jargon (and where you face real consequences for making the wrong decision).
In a study performed by Ponemon Institute, 34% of respondents reported using a managed service provider (MSP) or managed security service provider (MSSP) to handle their cybersecurity, citing their lack of personnel, budget, and confidence with security technologies as driving factors. But how do you find a trustworthy partner to manage your IT matters?
Here are the top 3 questions any business should ask before signing a contract.
IBM’s complete Meltdown fix won’t land until mid-February
IBM’s started to release its own patches for the Meltdown mess and the Spectre SNAFU, which it’s half-confirmed impact its hardware and operating systems, but won’t have a complete fix until mid-February.
The current fix has two steps: IBM wrote that it “involves installing patches to both system firmware and operating systems. The firmware patch provides partial remediation to these vulnerabilities and is a pre-requisite for the OS patch to be effective.”
eBook: Detect and deter data theft by departing employees
Too many organizations choose not to take the threat of data theft by departing employees seriously — until they discover that their data has been sold to competitors or published online, causing financial losses, compliance failures, and reputational damage.
Netwrix, an IT security software company that offers IT auditing solutions for systems, has created an eBook that covers the following topics:
- Why departing employees are one of the top insider threats
- What their motives are
- What methods they use to steal your data
- How you can mitigate the risk of employee data theft in your organization.
WPA3 to feature much-needed security enhancements
The Wi-Fi Alliance, a non-profit organization that tests and slaps the “Wi-Fi Certified” logo on products that meet certain standards of interoperability, has announced enhancements for WPA2 and the imminent introduction of WPA3.
“Four new capabilities for personal and enterprise Wi-Fi networks will emerge in 2018 as part of Wi-Fi CERTIFIED WPA3,” the alliance shared. “Two of the features will deliver robust protections even when users choose passwords that fall short of typical complexity recommendations, and will simplify the process of configuring security for devices that have limited or no display interface."
Get the full story.
The Evolution of Corporate Authentication
Many industry experts believe that existing authentication and encryption methods are adequate to keep sensitive information under wraps. If the myriad of breaches from last year taught us anything, it’s that this is not true; there are chinks in the armor of firewalls, VPNS, and DMZs.
Today, most organizations simply provide access and then authenticate. It’s so important to use a solution that separates the two tiers. You wouldn’t allow someone in your home before knowing who they are! Treat your data the same way. Often, companies end up needing two or more authentication solutions covering internal and external users. Picking a platform that supports multiple methods and can be integrated with other security systems reduces complexity.
Infosecurity covered this topic succinctly.
What story from the last week the most important for you? We love hearing your feedback!