Just a few months ago, we wrote an article about the dangers of using SMS (text) to support multi-factor authentication (MFA), called Breaking the SMS Habit. SMS verification can also be called OTP...

The cybercriminals are still on top of their game, changing targets and tactics. The work-from-home revolution continues and the drive for automation continues across industries. All of these...

After spending some time this week helping our customers with ransomware preparation, I found a statement on the FBI’s website that would be a great tool for Financial Institutions (FIs) and really...

FFIEC released a new handbook replacing the previous Operations Booklet with the new Architecture, Infrastructure, and Operations (AIO) Booklet on June 30, 2021. According to the FFIEC change...

In our line of work, we see many institution’s environments, cultures, and positions on the journey of their information security programs. One of the most common pitfalls is the belief that a...

There’s yet another debate growing post-COVID. It’s not vaccinations, masks, or whether it’s safe to eat at a restaurant, it’s when and how much workers will return to the office. In considering the...

Information Security leadership can be a tough spot. We are agents of almost constant change in order to combat threats that no one can see. Threats that often don’t show evidence of their...

It’s safe to say that remote work is here stay. While we are on the verge of opening back up after COVID, people have loved the flexibility that remote work provides and perhaps there’s no going...

Qakbot (also known as Quakbot or Qbot) is a malware strain that has been used to attack financial institutions since 2008. It’s primary target is stealing bank credentials in order to enable wire...

Unless you had a really secluded and long holiday vacation, you’ve probably heard about the SolarWinds breach and how it has affected many US industries including financial institutions and their...