Cybersecurity Blog

Cybersecurity Blog

  • Meta Pixel Privacy Concerns

    Large privacy concerns are looming over Meta Pixel, regarding how it has accessed highly sensitive information. Meta Pixel is a Javascript website tool that can measure advertising effectiveness by capturing how customers interact with business’ website. Specifically, it tracks how people react to Facebook advertisements, as well as interactions between customers/prospective customers and the business’ website.

    Read More

  • Shadow IT and Rogue Applications

    Authored by Lindsay Timcke

    The last ten years have shown an unprecedented growth in application development and deployment. Presently there is pretty much an application for anything and everything you can imagine. From a corporate standpoint what this has led to is a dramatic increase in groups or even individuals within companies purchasing software that meets their department needs. Over time this application will grow in size and complexity while the user community and importance to the group for completing their daily tasks will also increase. From a compliance and audit standpoint the above introduces many points of concern.

    Read More

  • Vendor Management – Outsourcing the Task, Not the Risk

    Authored by Lindsay Timcke

    One of the most overlooked areas of Cybersecurity and creating a solid defensible cybersecurity posture for your firm is vendor management. With most firms in the 21st century being heavily invested in relationships with outside vendors who monitor, develop, deploy, extract, and oversee many aspects of our network infrastructure, it is imperative that each firm approach these outside resources as just an extension of their own organization. This means the controls you have in place at your organization should also be in place at each of your vendors.

    Read More

  • Microsoft 365 Security: Is Your Organization’s Data Safe?

    Authored by David Sun

    Microsoft 365 came of age just as organizations quickly adopted remote work during the pandemic. In their urgency to migrate, many IT departments did not have the time to fully research the new platform and all its security features, opting to use the default settings. Once migration was complete and systems running reliably, organizations — fearing disruption — may not have gone back to change the settings.

    Read More

  • 2022 Cybersecurity Awareness Month at CLA!

    Welcome to the 2022 Cybersecurity Awareness Month – “See Yourself in Cyber!”

    Read More

  • Ransomware that Your Cybersecurity Insurance Can’t Cover

    The latest alert from various US government agencies through the Cybersecurity & Infrastructure Security Agency (CISA) warns that actors affiliated with Iran’s Islamic Revolutionary Guard Corps are targeting vulnerabilities in Fortinet networking equipment and Microsoft Exchange email software.  Like other threat actors, they leverage vulnerabilities to deploy tools and encrypt systems and exfiltrate data, creating significant business interruption and consumer risk, while demanding a large ransom payment. 

    Read More

  • Lloyd’s to Exclude Nation State Attacks from Cyber Insurance Coverage

    Earlier this month, Lloyd’s of London announced in a market bulletin that they will cease their nation state attack insurance coverage beginning in April 2023. While there is a growing demand for cyber liability insurance as cyber-attacks grow in frequency, severity, and sophistication, Lloyd’s identifies cyber related insurance as an evolving risk for their business.

    Read More

  • Education Sector Being Targeted for Cyber Attacks

    Back to school apparently also applies to hackers.  Educational institutions are currently being targeted for ransomware attacks.  The FBI, Cybersecurity & Infrastructure Security Agency (CISA) issued a warning on September 6, 2022 about the increase in ransomware attacks by hacking group Vice Society.  This group has been using compromised credentials to exploit internet-facing applications to gain access, explore the network, exfiltrate sensitive student data and deploy ransomware.  In the past, we have seen this disruptive activity lead to classes being cancelled, exams being delayed, to schools being shut down permanently.

    Read More

  • NIST’s Current Challenges to AI Risk Assessments

    While artificial intelligence (AI) and machine learning (ML) are integrating day to day life, from digital assistants to image, video, and language processing, there is still no formal and finalized risk assessment process for the technology – but NIST is in the process of changing that.

    Read More

  • Uptick in Phishing Attacks on LinkedIn

    Regular users of the professional networking and social working platform have noticed an increase of threat actors trying to steal critical personal information through phishing attacks using false LinkedIn accounts to trick unsuspecting victims to give up confidential information.

    Read More

Subscribe to Blog   

Protecting your data from cyber threats starts with confidentiality, integrity, and availability. CLA’s cybersecurity team understands the threats you face — and how to help keep your organization safe. Check back often to learn about risks, trends, IT security attack and defense, and mitigation and response techniques.