Enterprise Network Security Blog from ISDecisions

Why compromised logins are every CIO and CISO’s nightmare!

Why compromised logins are every CIO and CISO’s nightmare!

The real, $940 million risk of sharing credentials or having weak login information! Last week, a federal judge awarded Epic $940 million in damages, $240 million in compensatory damages and $700 million in punitive damages in the suit against Tata. Tata plans to appeal the decision. At the centre of the lawsuit is the unauthorized … Continued

Panama Papers Leak: Prevention is Always Better than Cure

Panama Papers Leak: Prevention is Always Better than Cure

For almost four decades, Panama’s Mossack Fonseca law firm has specialised in commercial law, trust service and investor advisory, and was known for its discretion to global elites. However, its recent leak of more than 11 million documents – the…

How to Detect Ransomware with FileAudit

How to Detect Ransomware with FileAudit

According to the FBI, ransomware – the strain of malware whereby files and folders are locked down by criminals and not released until a ransom is paid – is a growing concern. This, coupled with the new mass access alerts with…

Protection from Password Sharing

Protection from Password Sharing

Employees are arguably the greatest security risk to modern businesses. Though it is often assumed that IT viruses and hackers should be your biggest concern, the reality is that it is your own staff, whether maliciously or accidentally, that are…

Are you Identifying and Monitoring End-Users Network and File Access?

Are you Identifying and Monitoring End-Users Network and File Access?

Recent IS Decisions research among 1500 healthcare, finance, and legal sector workers in both the US and the UK highlighted the current status of how organizations are securing their networks and sensitive information within. The results shed light on how…

Beta Testers wanted for UserLock 9.0

Beta Testers wanted for UserLock 9.0

IS Decisions is pleased to announce the UserLock 9.0 Beta Testing Program. This major upgrade comes with numerous new features and enhancements including: Verify and manage users Initial Access Point to better secure all subsequent network connections Block all logon attempts remotely, for any specific user, to react quickly to suspected compromised credentials Set and … Continued

Stopping Legitimate Login Credentials being used for Security Breaches

Stopping Legitimate Login Credentials being used for Security Breaches

Many data breaches involve the use of legitimate login credentials. Guarding against these ‘insider threats’ means better protecting all authenticated users access to the network, and the sensitive information within. The Threat from Human and Authenticated Users There is now widespread recognition that the insider threat is very serious but in most sectors there is insufficient … Continued

HIPAA Access Control

HIPAA Access Control

Access control is the first Technical Safeguard Standard of the HIPAA Security Rules. It is described in HIPAA compliance as the responsibility for all healthcare providers to allow access only to those users (or software programs) that have been granted access…

Five Ways to Never Trust, Always Verify, in Zero-Trust IT

Five Ways to Never Trust, Always Verify, in Zero-Trust IT

Is your IT like an M&M? Does your security have a hard, crunchy exterior and soft, chewy interior? The following is a guest post from Andy Doyle at PNL Tools, a leading UK based, professional services provider and IT reseller that work…

Concurrent Session Control in Healthcare for CMS compliance

Concurrent Session Control in Healthcare for CMS compliance

“UserLock is the only solution on the market that allows our organisation to fulfill the CMS compliance requirements for its government contracts. It is absolutely critical to our business in this respect, but brings with it numerous other benefits in…

A Failure to Enforce Unique Employee Logins for ISO 27001 Compliance

A Failure to Enforce Unique Employee Logins for ISO 27001 Compliance

The legal and law enforcement sector is risking compliance and security issues by failing to provide and enforce unique employee logins. Our latest report ‘Legal and Law Enforcement: Information Access Compliance‘ found that despite requirements by regulation global standard ISO 27001, 31% of…

How an Insider Threat Assessment Can Help You Uncover Gaps in Protection

How an Insider Threat Assessment Can Help You Uncover Gaps in Protection

The following is a guest post from Greg Cullison, Senior Executive of Security, Stability & Insider Threat Programs at Big Sky Associates The issue of ‘Insider Threat’ may be one that has recently crossed your desk. If so, you are aware that insiders can cause harm in ways that are not as easy for outsiders … Continued

Growing Access Management Responsibilites for 2016

Growing Access Management Responsibilites for 2016

Access management responsibilites are extending. There are more and more reasons people need access to information to do their jobs. And it’s not just employees. The ‘extended enterprise’ means your supply chain, your partners and even your customers need access, or temporary access, to sensitive information such as company data, financial data, patient data and personal data. … Continued

Why creating a culture of security awareness is crucial in tackling insider threat

Why creating a culture of security awareness is crucial in tackling insider threat

Last month was European Cyber Security Month (ECSM), and this year’s theme was ‘Cyber Security is a Shared Responsibility’, reflecting the notion that cyberspace cannot be secured without the help of all users. Meanwhile, Week 2’s topic ‘Creating a culture of…

File System Auditing

File System Auditing

Rated as “highly recommended” by WindowSecurity.com and given its Gold Award, FileAudit 5 greatly simplifies the critically important job of monitoring and auditing access to folders and files across Windows File Systems.  Access to Sensitive Files There’s hardly a day that goes by that we don’t…

Technical Safeguards HIPAA & IS Decisions

Technical Safeguards HIPAA & IS Decisions

HIPAA’s Security Rule divides its protections into three “safeguard” categories: technical, administrative and physical. This post outlines how both UserLock and FileAudit help meet different security requirements of the HIPAA technical safeguards and better protects patient data. What are Technical Safeguards The Technical Safeguards…

Better Understanding the Insider Threat

Better Understanding the Insider Threat

The fact is that many, if not most, security breaches involve internal users, and this risk is known as ‘Insider Threat’. Creating a culture of cybersecurity within and for your employees is paramount in helping to safeguard your company against…

Secure Remote Access to an Exchange 2013 Mailbox with UserLock 8

Secure Remote Access to an Exchange 2013 Mailbox with UserLock 8

Unauthorized access to users’ Exchange 2013 mailbox is a key security concern for many organizations. In a previous article (that we advise you to read first), we explained how UserLock 7 can control remote access to Exchange 2010 mailbox through either Outlook Web Access (OWA) or ActiveSync. In this article we will outline how UserLock … Continued