A new study finds that the majority of companies hit with ransomware attacks choose to pay the ransom in hopes of quickly regaining access to their data. However, federal officials warn that those who negotiate with ransomware extortionists may expose themselves to millions of dollars in fines and penalties.

In October, a Dutch security researcher claimed he was able to access President Trump’s Twitter account by guessing the password — “maga2020!” — after only six tries. Victor Gevers said that after he alerted U.S. cybersecurity officials, the password was changed, and two-factor authentication was added.

Say Goodbye to Adobe Flash Player

New Year’s Eve celebrations are likely to be tamer than usual this year due to social distancing requirements, but IT professionals everywhere will probably still break out the noisemakers and confetti. When the clock strikes midnight, they’ll finally be able to say goodbye and good riddance to the security-plagued Adobe Flash Player.

Phishing awareness training is designed to educate employees about how to spot fraudulent emails and text messages designed to steal sensitive information and data. However, a new study by researchers from several German universities suggests the effectiveness of such training is short-lived.

When asked why he robbed banks, the notorious thief Willie Sutton reportedly replied: “That’s where the money is.” Cybercriminals have a similarly simple motivation for targeting contact center operations — they have the best data.

Contact centers capture, store and process huge amounts of sensitive customer data such as Social Security numbers, payment card data, account numbers and purchase histories.

People have been finding ways to rip each other off for centuries — historians say the first documented case of financial fraud occurred in ancient Greece around 300 B.C. It is no surprise that fraudsters in 2020 are using the global pandemic to hoodwink victims on a massive scale.

It Doesn’t Take a Bad Actor to Create an Insider Threat

In our last post, we explained why consumer-grade file-sharing services are risky business in terms of data security. These tools are handy, but they provide very little control over how information is accessed and shared.

It has always been difficult to keep documents up-to-date and ensure that everyone on your team has the right version. Now that many employees are working remotely and sharing documents via mobile devices, the problem has only become more acute.

Cloud-based file-sharing services such as Dropbox, iCloud and Google Drive seem to provide a simple solution.

Virtually all companies today depend on computer networks to link employees, suppliers and customers, exchange information and facilitate a variety of essential day-to-day tasks. Unfortunately, that makes them susceptible to cyberattacks. It’s why all companies need an incident response (IR) plan — a structured process for detecting, responding to and recovering from cybersecurity incidents.

The Twitter hack last month demonstrates once again why managing access rights and user identities has become a critical element of cybersecurity. Hackers used stolen credentials to access the social media platform’s internal tools and commandeer the accounts of a virtual Who’s Who of politicians, celebrities and technology magnates.