Every week, Nightfall publishes news and insights from the world of cloud security to help you stay up-to-date on cybersecurity issues and to be more proactive in managing your threat responses.In February, we hosted Caterpillar Financial Services CISO Ross Young on the CISO Insider podcast, and published the Season 1 recap episode featuring highlights from all our first season guests. On the Nightfall blog, we took a deep dive into how to better prepare for infosec threats and issues with our 2021 Security Playbook for Remote-first Organizations and articles on VPNs, IAM, and more. Finally, read our case study with SimpleHealth and learn how DLP helps them protect patient data while providing wider access to birth control through telehealth services.Thanks for keeping up with Nightfall in the new year. We’re looking forward to bringing you more infosec news and updates ahead.
CISO Insider S1E5 — “There’s no one way to be a CISO” with Ross Young
We wrapped up Season 1 of the CISO Insider podcast in February. In episode 5, we hosted Caterpillar Financial Services CISO Ross Young, who shared his learnings from a career in both the public and private sectors, like how to develop shared goals and alignment within a security organization, why soft skills and people skills are essential for building relationships, and how introspection can make great managers.Listen to the episode and read the transcript here. For questions, feedback, and suggestions about CISO Insider, including suggestions for CISOs you’d like to hear from, please email us at email@example.com.
CISO Insider S1E6 — CISO Insider Season 1 recap
The Season 1 finale of CISO Insider features highlights and quotes from our interviews with each of our guests. Hear from infosec leaders at Sisense, Compass, LifeOmic and Caterpillar Financial in the Season 1 Recap episode.Listen to the episode and read the transcript on here. Subscribe to the podcast at CISOInsider.com to get the latest episodes delivered to your inbox. Stay tuned for Season 2 of CISO Insider coming Spring 2021. Thanks for your support!
Nightfall simplifies data security & HIPAA compliance for SimpleHealth
SimpleHealth is a reproductive tele-health company, focused on building thoughtful and impactful services that enable patients to own their reproductive health journey. Their core vertical is an online birth control prescription and free home delivery service. As SimpleHealth grew, the information security team saw the need to simplify their internal processes and ensure patient protected health information (PHI) was secure when sharing files and messages on Slack. Nightfall provides the HIPAA compliance coverage they need with cloud-native DLP in Slack. Read the full story here.
The 2021 Security Playbook for Remote-first Organizations
The sudden shift to remote work in 2020 exposed companies to a variety of new security challenges. Start off 2021 right by reviewing the seven most crucial areas of security for emerging remote-first organizations. Read the full playbook and get the free Post-COVID Security Checklist as a reference you can keep in your back pocket.
What is Social Engineering?
The phrase “social engineering” sounds innocuous — but, this approach to hacking threatens organizations of all sizes. Phishing attacks and ransomware attacks have seen massive increases in the last year. By some estimates, ransomware is up 700% and phishing campaigns are up over 200%. This trend will only continue to grow: some estimates suggest that by the end of 2021, ransomware attacks could happen as frequently as every 11 seconds. As a result, it’s essential to understand what social engineering is, the most common forms of social engineering, and how to prevent social engineering attacks. Read our quick guide to social engineering and how to prepare your organization to withstand this growing threat.
A Guide to VPN Security
Many people are familiar with VPNs in the context of trying to stream TV shows for free. A VPN can make it seem like you’re in a different country by displaying an IP address in Europe or the US, for instance. But the advantages of VPN security go beyond streaming the latest TV shows. A VPN is an important component of your company’s remote work security features. Corporate VPNs also allow employees to connect securely to corporate networks which may or may not be accessed through a browser. Read our guide on what a VPN is, the difference between a VPN and an SDP, how to set up a VPN, and whether a VPN is right for your business.
5 Identity and Access Management Best Practices
Identity and access management (IAM) is the practice of defining and managing user roles and access for individuals within an organization. IAM involves both tools and policies to make sure the right people can access the right resources at the right time, and for the right reasons, according to Gartner’s definition. Stolen credentials are among the biggest threats to data security across industries, accounting for around 90% of data breaches. The IAM industry is predicted to grow from about $10 billion in 2019 to over $22 billion by 2024. Here’s what you need to know about this increasingly important aspect of data security.
Business Continuity: How to Plan for the Worst
If the last year has taught us anything, “hope for the best and plan for the worst” should be the new mantra of business owners and IT professionals. No one could have predicted the global pandemic that wreaked havoc on industries and businesses around the world; yet, those companies with a business continuity plan were far better off than those without one. Business continuity plans are slightly different from a disaster recovery plan. Here’s what should go into your business continuity plan, plus some tips for how to get started.
How to Create a Cloud Security Framework
A cloud security framework is part of a holistic approach to protecting your information in the cloud. It works in tandem with your DLP security policy, which identifies what sensitive data needs protection, where it is located, and the method for protecting that information. It’s not always clear how different policies, frameworks, and architectures work together to create a comprehensive approach to cloud security. That’s why we created this guide on the components of a cloud security framework, how it differs from cloud architecture and cloud compliance, and how to create a framework for your company.
Cloud DLP and Regulatory Compliance: 3 Things You Must Know
A data breach is an extremely costly event. By some estimates, a data leak can cost a small to medium-sized business more than $7.68 million per incident. Compliance regimes may seem burdensome, but the goal of these policies is to prevent a devastating data breach that can bankrupt a business and cause myriad problems for consumers. Here’s what you need to know about cloud DLP and prevalent compliance policies like HIPAA, GDPR, and others.
ICYM: 4 SaaS Security Lessons to Keep Top of Mind in 2021
At the end of 2020, we hosted a webinar alongside Sisense’s Chief Security & Trust Officer, Ty Sbano titled Securing Best of Breed SaaS applications in 2021. The discussion focused on reviewing the most important security trends of last year and how that should inform security programs this year. As 2021 continues to progress, we shared the 4 trends and lessons we think are worth keeping in mind in a series of videos. Start watching here.