Home > Resources > Articles > A Cybersecurity Guide for Digital Nomads

A Cybersecurity Guide for Digital Nomads

May 21, 2019 | 664 views

Technology has unlocked a new type of worker, unlike any we have seen before—the digital nomad. Digital nomads are people who use technologies like WiFi, smart devices, and cloud-based applications to work from wherever they please. For some digital nomads, this means their favorite coffee shop or co-working space. For others, it means an idyllic beach in Bali or countryside public house. One thing remains true wherever a digital nomad may choose to lay down their temporary roots: They are at a higher cybersecurity risk than a traditional worker. So what risks should they look out for? Public Wifi Without a doubt, public WiFi is one of the main cybersecurity hazards many digital nomads face. The massive and unresolved flaw in the WPA2 encryption standard used by modern WiFi networks means that anyone connecting to a public network is putting themselves at risk. All public WiFi options—including WiFi provided by hotels, cafes, and airports—poses the risk of not being secure.

Spotlight

Everstring

EverString’s AI SaaS solution is designed for B2B sales and marketing professionals to drive pipeline growth, help close new customers, expand into new markets, prioritize accounts, and provide actionable insights – all without the need for an administrator. EverString is backed by leading investors including Lightspeed Venture Partners, Sequoia Capital, IDG Ventures and Lakestar.

OTHER ARTICLES
ENTERPRISE SECURITY

Security by Sector: Improving Quality of Data and Decision-Making a Priority for Credit Industry

Article | July 20, 2022

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?A new study of credit management professionals has revealed that improving the quality of data and decision-making will be a top priority for the credit industry in the next three years. The research, from Equifax Ingnite in collaboration with Coleman Parkes, takes a deep dive into the views of credit management pros across retail, banking, finance and debt management/recovery sectors.

Read More
PLATFORM SECURITY

3 Trends in Data Privacy Breach Laws That Will Carry Over to 2020

Article | July 11, 2022

During 2019, new privacy laws were introduced, and many current laws evolved in the United States and across the global landscape. With the General Data Protection Regulation (GDPR) in full effect, we saw expensive fines levied upon companies that fell victim to data privacy breaches. As we move into a new year, probably the biggest takeaway from 2019 is that being proactive and having a data privacy strategy in place is important to help mitigate the risk of a data privacy breach. The regulatory landscape continues to evolve as states and countries actively pass new expanded requirements for privacy and cybersecurity regulations. While laws in the U.S., like the California Consumer Privacy Act (CCPA), are getting significant attention, many other states and countries are actively amending their breach notification laws to include tighter restrictions.

Read More
ENTERPRISE SECURITY

Ryuk: Defending Against This Increasingly Busy Ransomware Family

Article | August 2, 2022

On December 16, 2019, the U.S. Coast Guard disclosed a security incident at a facility regulated by the Maritime Transportation Security Act (MTSA). Forensic analysis suggests that the incident might have begun when an employee clicked on a link embedded in a phishing email.This action enabled a threat actor to set Ryuk ransomware loose on the facility’s network. Ultimately, the infection spread to all IT network files, leading Ryuk to disrupt the corporate IT network and prevent critical process control monitoring systems from functioning properly. Phishing is one of the primary infection vectors for most ransomware families, but there’s an interesting twist with this particular family. As noted by Malwarebytes, a typical Ryuk attack begins when a user opens a weaponized Microsoft Office document attached to a phishing email. Opening the document causes a malicious macro to execute a PowerShell command that attempts to download the banking trojan Emotet. This has the ability to download additional malware onto an infected machine that retrieves and executes Trickbot.

Read More

New Ransomware hitting Industrial Control Systems like a nuclear bomb

Article | February 10, 2020

Researchers at security firms including Sentinel One and Drago’s have been mystified by a piece of code named Ekans or Snake, over the last month. Drago’s publically released its full report on Ekans Ransomware that has recently inflicted Industrial Control Systems and these are some of the most high-value systems that bridge the gap between digital and physical systems. In the history of hacking, only a few times a piece of malicious code has been marked attempting to intrude Industrial Control Systems. Ekans is supposed to be the first Ransomware with real primitive capability against the Industrial Control Systems, software, and hardware used in everything from oil refineries to power grids. Researchers say this ransomware holds the capability to attack ICS by Honeywell and GE as well.

Read More
ENTERPRISE SECURITY

The Growing Importance of Cybersecurity Mesh

Article | July 20, 2022

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?A new study of credit management professionals has revealed that improving the quality of data and decision-making will be a top priority for the credit industry in the next three years. The research, from Equifax Ingnite in collaboration with Coleman Parkes, takes a deep dive into the views of credit management pros across retail, banking, finance and debt management/recovery sectors.

Read More
PLATFORM SECURITY

Why Should Businesses Care About Identity Security?

Article | July 11, 2022

During 2019, new privacy laws were introduced, and many current laws evolved in the United States and across the global landscape. With the General Data Protection Regulation (GDPR) in full effect, we saw expensive fines levied upon companies that fell victim to data privacy breaches. As we move into a new year, probably the biggest takeaway from 2019 is that being proactive and having a data privacy strategy in place is important to help mitigate the risk of a data privacy breach. The regulatory landscape continues to evolve as states and countries actively pass new expanded requirements for privacy and cybersecurity regulations. While laws in the U.S., like the California Consumer Privacy Act (CCPA), are getting significant attention, many other states and countries are actively amending their breach notification laws to include tighter restrictions.

Read More
ENTERPRISE SECURITY

Combating the Risk of SQL Injection Attacks – Part 2

Article | August 2, 2022

On December 16, 2019, the U.S. Coast Guard disclosed a security incident at a facility regulated by the Maritime Transportation Security Act (MTSA). Forensic analysis suggests that the incident might have begun when an employee clicked on a link embedded in a phishing email.This action enabled a threat actor to set Ryuk ransomware loose on the facility’s network. Ultimately, the infection spread to all IT network files, leading Ryuk to disrupt the corporate IT network and prevent critical process control monitoring systems from functioning properly. Phishing is one of the primary infection vectors for most ransomware families, but there’s an interesting twist with this particular family. As noted by Malwarebytes, a typical Ryuk attack begins when a user opens a weaponized Microsoft Office document attached to a phishing email. Opening the document causes a malicious macro to execute a PowerShell command that attempts to download the banking trojan Emotet. This has the ability to download additional malware onto an infected machine that retrieves and executes Trickbot.

Read More

New Ransomware hitting Industrial Control Systems like a nuclear bomb

Article | February 10, 2020

Researchers at security firms including Sentinel One and Drago’s have been mystified by a piece of code named Ekans or Snake, over the last month. Drago’s publically released its full report on Ekans Ransomware that has recently inflicted Industrial Control Systems and these are some of the most high-value systems that bridge the gap between digital and physical systems. In the history of hacking, only a few times a piece of malicious code has been marked attempting to intrude Industrial Control Systems. Ekans is supposed to be the first Ransomware with real primitive capability against the Industrial Control Systems, software, and hardware used in everything from oil refineries to power grids. Researchers say this ransomware holds the capability to attack ICS by Honeywell and GE as well.

Read More
MORE ARTICLES

Spotlight

Everstring

EverString’s AI SaaS solution is designed for B2B sales and marketing professionals to drive pipeline growth, help close new customers, expand into new markets, prioritize accounts, and provide actionable insights – all without the need for an administrator. EverString is backed by leading investors including Lightspeed Venture Partners, Sequoia Capital, IDG Ventures and Lakestar.

Related News

DATA SECURITY, ENTERPRISE SECURITY, PLATFORM SECURITY

BlueVoyant Enhances its Cloud-Native Splunk Managed Detection & Response (MDR), Consulting, and Implementation Services

BlueVoyant | March 20, 2023

BlueVoyant, a cybersecurity company that illuminates, validates, and remediates internal and external risks in one platform, announced enhanced Splunk capabilities, with end-to-end consulting, implementation, and Managed Detection & Response (MDR) services. With the increasing adoption of cloud technologies, organizations face a complex and rapidly evolving threat landscape. The service helps clients maximize their Splunk investment whether it be on the Splunk Cloud Platform or Splunk Enterprise. "Splunk Your Way with BlueVoyant enables our clients to have industry-leading consulting, implementation, and cyber defense in a cost-effective manner," said Drew Gibson, BlueVoyant senior director for the company's Splunk Alliance. "BlueVoyant has a strong relationship with Splunk, and is known for its dynamic expertise in the company's products, helping our joint clients have greater control and visibility of their data usage and security posture." Key components of Splunk Your Way with BlueVoyant include: Enabling clients to collect, monitor, and analyze security data across on-premise, hybrid, and multi-cloud environments in a single platform Cloud-native SIEM (security information and event management) with real-time visibility to identify security threats and remediate them quickly Clients can reduce their data burden by 20% or more with a proprietary Data Readiness model that improves data quality and reduces costs Onboarding within a month for Existing Splunk users to quickly see the benefits of BlueVoyant Continuously improving client's Splunk instance by using faster security content delivery, and parity between different SIEM and EDR (endpoint detection and response) tools Availability of numerous bundles of workshops, retainers, and MDR services to help clients optimize, implement, manage, and monitor and protect their Splunk instance "BlueVoyant has the strength of our MDR for Splunk which we launched in 2021, aided by the expertise of thousands of Splunk deployments by our Concanon Professional Services division to provide a compelling service which helps the client get the most their Splunk investment, whether Splunk is installed 'on-prem' or via Splunk Cloud," said Michael Cormier, managing director for Concanon, a BlueVoyant company. BlueVoyant acquired Conanon in fall 2021 to enhance its end-to-end Splunk platform capabilities. Splunk recognized BlueVoyant as a key MSP (managed service provider) partner with the new Premier Manage designation. BlueVoyant also earned core competency badges for Cloud Migration and Cloud Migration: Co-Delivery. The company has 200 active Splunk certifications. In 2022, BlueVoyant expanded its Splunk go-to-market by including its offerings on the Amazon Web Services (AWS) Marketplace. BlueVoyant is hosting a webinar at 1 p.m. EDT Thursday, April 13 to discuss what the company has learned from our Splunk deployments and clients, and to answer questions. Current clients, security professionals, and other parties are encouraged to attend. About BlueVoyant BlueVoyant combines internal and external cyber defense capabilities into an outcomes-based cloud-native platform by continuously monitoring your network, endpoints, attack surface, and supply chain, as well as the clear, deep, and dark web for threats. The full-spectrum cyber defense platform illuminates, validates, and quickly remediates threats to protect your enterprise. BlueVoyant leverages both machine-learning-driven automation and human-led expertise to deliver industry-leading cybersecurity to more than 900 clients across the globe.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

BIgID Introduces Secrets Detection Capabilities to Mitigate Risk

BigID | March 17, 2023

BigID, the leading platform for data security, compliance, privacy, and governance, today introduced purpose-built AI and ML-based data discovery and classification capabilities designed to quickly and easily detect secrets across enterprise data and reduce risk from potential data breaches and leaks. Secrets - including as API keys, tokens, usernames and passwords, and security certificates - are commonly shared, cloned, and distributed across enterprise data environments as a means for better collaboration and efficiency. Unfortunately, the proliferation of secrets across these environments increases the attack surface and quickly raises security risks. Data containing secrets can inadvertently get pushed into production, while other secrets can be exposed to internal and external bad actors. With BigID's native secrets detection capabilities, organizations can: Scan for secrets across the entire software development ecosystem including GitLab, GitHub, Jira, Confluence, Powershell scripts, Slack, and hundreds of other data sources across the environment Detect secrets faster and more accurately using patented AI and ML-based data classification techniques Proactively protect secrets with streamlined and automated remediation to continually mitigate the threat of exposure "Secrets-in-code remains one of the most overlooked vulnerabilities in security, despite being a priority target in some of the biggest breaches of late," said Tyler Young, CISO at BigID. "BigID's purpose-built AI and ML-based data discovery and classification give security teams speed and confidence to protect secrets from unwanted exposure so they don't become another headline." About BigID BigID enables organizations to know their enterprise data and take action for data-centric security, privacy, compliance and governance. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, the 2021 and 2022 Deloitte 500, and an RSA Innovation Sandbox winner.

Read More

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Beyond Identity Launches Zero Trust Series with Security Industry Leaders

Beyond Identity | March 16, 2023

Beyond Identity, the industry leader in providing phishing-resistant, passwordless MFA, has announced the official launch of 'Zero Trust Authentication' as a subcategory of zero trust technology, along with the introduction of the Zero Trust Leadership series of events worldwide, which will be held throughout 2023. Combining industry-leading security integrators and technologies, such as Beyond Identity, CrowdStrike, Palo Alto Networks, Optiv, World Wide Technology, BeyondTrust, Climb Channel SolutionsPing Identity, and Guidepoint Security will enable organizations to move toward secure authentication designed to improve the zero-trust strategies of the Fortune 5000. Zero Trust Authentication was created in response to the failure of conventional authentication methods, a problem that has been compounded by the rise of cyberattacks. Implementing Zero Trust Authentication will enable businesses to surpass the constraints of legacy multi-factor authentication (MFA) and passwords and deploy more effective security strategies. To achieve this, the Zero Trust Authentication strategy incorporates components like Beyond Identity's risk scoring and continuous authentication functionalities, which greatly increase the given level of security. Tom Jermoluk, Co-Founder and Chief Executive Officer of Beyond Identity, mentioned, "In working with leaders across the security ecosystem, it became apparent to us that the industry needs to formally bring identity and access management into the security fold to continuously deliver the highest level of security around users and devices." (Source – Business Wire) He added, "We are bringing together the leaders from the essential technology categories to ensure authentication decisions are risk based and continuously informed with signals from the wealth of existing cybersecurity tooling. Through close technology collaboration and now go-to-market collaboration in this Zero Trust Leadership series, we are delivering strong authentication built for an 'always on' zero trust world coupled with the practical advice and best practices so that enterprises can finally close identity and access management vulnerabilities." (Source – Business Wire) About Beyond Identity Beyond Identity is redefining digital access for companies seeking to enhance protection against cyber assaults and provide the greatest levels of security for their customers, employees, and developers. The company's phishing-resistant, passwordless, and Zero Trust Authentication technologies enhance both security and the user experience. The platform provides continuous risk-based authentication that incorporates signals from the zero-trust ecosystem to guarantee that only valid users and secure devices get or keep access to vital resources. Snowflake, Roblox, and Unqork rely on Beyond Identity's highly accessible cloud-native platform to deter assaults and advance their zero-trust strategy.

Read More

DATA SECURITY, ENTERPRISE SECURITY, PLATFORM SECURITY

BlueVoyant Enhances its Cloud-Native Splunk Managed Detection & Response (MDR), Consulting, and Implementation Services

BlueVoyant | March 20, 2023

BlueVoyant, a cybersecurity company that illuminates, validates, and remediates internal and external risks in one platform, announced enhanced Splunk capabilities, with end-to-end consulting, implementation, and Managed Detection & Response (MDR) services. With the increasing adoption of cloud technologies, organizations face a complex and rapidly evolving threat landscape. The service helps clients maximize their Splunk investment whether it be on the Splunk Cloud Platform or Splunk Enterprise. "Splunk Your Way with BlueVoyant enables our clients to have industry-leading consulting, implementation, and cyber defense in a cost-effective manner," said Drew Gibson, BlueVoyant senior director for the company's Splunk Alliance. "BlueVoyant has a strong relationship with Splunk, and is known for its dynamic expertise in the company's products, helping our joint clients have greater control and visibility of their data usage and security posture." Key components of Splunk Your Way with BlueVoyant include: Enabling clients to collect, monitor, and analyze security data across on-premise, hybrid, and multi-cloud environments in a single platform Cloud-native SIEM (security information and event management) with real-time visibility to identify security threats and remediate them quickly Clients can reduce their data burden by 20% or more with a proprietary Data Readiness model that improves data quality and reduces costs Onboarding within a month for Existing Splunk users to quickly see the benefits of BlueVoyant Continuously improving client's Splunk instance by using faster security content delivery, and parity between different SIEM and EDR (endpoint detection and response) tools Availability of numerous bundles of workshops, retainers, and MDR services to help clients optimize, implement, manage, and monitor and protect their Splunk instance "BlueVoyant has the strength of our MDR for Splunk which we launched in 2021, aided by the expertise of thousands of Splunk deployments by our Concanon Professional Services division to provide a compelling service which helps the client get the most their Splunk investment, whether Splunk is installed 'on-prem' or via Splunk Cloud," said Michael Cormier, managing director for Concanon, a BlueVoyant company. BlueVoyant acquired Conanon in fall 2021 to enhance its end-to-end Splunk platform capabilities. Splunk recognized BlueVoyant as a key MSP (managed service provider) partner with the new Premier Manage designation. BlueVoyant also earned core competency badges for Cloud Migration and Cloud Migration: Co-Delivery. The company has 200 active Splunk certifications. In 2022, BlueVoyant expanded its Splunk go-to-market by including its offerings on the Amazon Web Services (AWS) Marketplace. BlueVoyant is hosting a webinar at 1 p.m. EDT Thursday, April 13 to discuss what the company has learned from our Splunk deployments and clients, and to answer questions. Current clients, security professionals, and other parties are encouraged to attend. About BlueVoyant BlueVoyant combines internal and external cyber defense capabilities into an outcomes-based cloud-native platform by continuously monitoring your network, endpoints, attack surface, and supply chain, as well as the clear, deep, and dark web for threats. The full-spectrum cyber defense platform illuminates, validates, and quickly remediates threats to protect your enterprise. BlueVoyant leverages both machine-learning-driven automation and human-led expertise to deliver industry-leading cybersecurity to more than 900 clients across the globe.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

BIgID Introduces Secrets Detection Capabilities to Mitigate Risk

BigID | March 17, 2023

BigID, the leading platform for data security, compliance, privacy, and governance, today introduced purpose-built AI and ML-based data discovery and classification capabilities designed to quickly and easily detect secrets across enterprise data and reduce risk from potential data breaches and leaks. Secrets - including as API keys, tokens, usernames and passwords, and security certificates - are commonly shared, cloned, and distributed across enterprise data environments as a means for better collaboration and efficiency. Unfortunately, the proliferation of secrets across these environments increases the attack surface and quickly raises security risks. Data containing secrets can inadvertently get pushed into production, while other secrets can be exposed to internal and external bad actors. With BigID's native secrets detection capabilities, organizations can: Scan for secrets across the entire software development ecosystem including GitLab, GitHub, Jira, Confluence, Powershell scripts, Slack, and hundreds of other data sources across the environment Detect secrets faster and more accurately using patented AI and ML-based data classification techniques Proactively protect secrets with streamlined and automated remediation to continually mitigate the threat of exposure "Secrets-in-code remains one of the most overlooked vulnerabilities in security, despite being a priority target in some of the biggest breaches of late," said Tyler Young, CISO at BigID. "BigID's purpose-built AI and ML-based data discovery and classification give security teams speed and confidence to protect secrets from unwanted exposure so they don't become another headline." About BigID BigID enables organizations to know their enterprise data and take action for data-centric security, privacy, compliance and governance. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, the 2021 and 2022 Deloitte 500, and an RSA Innovation Sandbox winner.

Read More

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Beyond Identity Launches Zero Trust Series with Security Industry Leaders

Beyond Identity | March 16, 2023

Beyond Identity, the industry leader in providing phishing-resistant, passwordless MFA, has announced the official launch of 'Zero Trust Authentication' as a subcategory of zero trust technology, along with the introduction of the Zero Trust Leadership series of events worldwide, which will be held throughout 2023. Combining industry-leading security integrators and technologies, such as Beyond Identity, CrowdStrike, Palo Alto Networks, Optiv, World Wide Technology, BeyondTrust, Climb Channel SolutionsPing Identity, and Guidepoint Security will enable organizations to move toward secure authentication designed to improve the zero-trust strategies of the Fortune 5000. Zero Trust Authentication was created in response to the failure of conventional authentication methods, a problem that has been compounded by the rise of cyberattacks. Implementing Zero Trust Authentication will enable businesses to surpass the constraints of legacy multi-factor authentication (MFA) and passwords and deploy more effective security strategies. To achieve this, the Zero Trust Authentication strategy incorporates components like Beyond Identity's risk scoring and continuous authentication functionalities, which greatly increase the given level of security. Tom Jermoluk, Co-Founder and Chief Executive Officer of Beyond Identity, mentioned, "In working with leaders across the security ecosystem, it became apparent to us that the industry needs to formally bring identity and access management into the security fold to continuously deliver the highest level of security around users and devices." (Source – Business Wire) He added, "We are bringing together the leaders from the essential technology categories to ensure authentication decisions are risk based and continuously informed with signals from the wealth of existing cybersecurity tooling. Through close technology collaboration and now go-to-market collaboration in this Zero Trust Leadership series, we are delivering strong authentication built for an 'always on' zero trust world coupled with the practical advice and best practices so that enterprises can finally close identity and access management vulnerabilities." (Source – Business Wire) About Beyond Identity Beyond Identity is redefining digital access for companies seeking to enhance protection against cyber assaults and provide the greatest levels of security for their customers, employees, and developers. The company's phishing-resistant, passwordless, and Zero Trust Authentication technologies enhance both security and the user experience. The platform provides continuous risk-based authentication that incorporates signals from the zero-trust ecosystem to guarantee that only valid users and secure devices get or keep access to vital resources. Snowflake, Roblox, and Unqork rely on Beyond Identity's highly accessible cloud-native platform to deter assaults and advance their zero-trust strategy.

Read More

Events