Switzerland's revised data protection law took effect September 2023. What are the implications of the law and how can organizations comply with what it asks? We dig into it in today's blog.

In 2024's first edition of our Friday Five series, learn about CMMC updates and other data security challenges to come, new malware, and a ransomware decryptor that can help victims.

In this week's Friday Five, learn how internal threat actors are finding success, the U.S. and allies are fighting foreign espionage campaigns, a new bill could fortify the U.S. cybersecurity workforce, and more.

Data masking or data obfuscation has become a popular way to modify data to make it difficult to ascertain what's authentic vs. what's been modified. In today's blog we look at three different data masking techniques.

Despite the recent dismantling of a ransomware gang, malware remains on the rise and the FCC is making moves to combat cybercrime. Catch up on the latest in this week's Friday Five!

As cyber attacks and data breaches are on the rise, federal agencies are warning of several new and persisting threats. Learn all you need to know in this week's Friday Five.

While two ransomware gangs were taken down this past week, an increase in zero-day exploitations and shifting tactics by Gootloader and Jupyter are keeping enterprises on their toes. Catch up on these stories and more in this week's Friday Five!

A recent spike in ransomware has prompted dozens of countries to agree to stop paying ransoms. Meanwhile, the FTC is amending its data breach reporting rules, CISA may be seeing budget cuts, and a high-profile CISO was charged with fraud. Catch up on it all in this week's Friday Five!

This past week's headlines detail how threat actors are taking advantage of ongoing conflict, violent threats, and shifting tactics. Stay up-to-date on the latest in this week's Friday Five!

This past week was marked by an increase of DDoS attacks, hacktivism, elaborate phishing scams, and more. Catch up on all of these stories and more in this week’s Friday Five!

In the midst of the DHS and Pentagon releasing their Threat Assessment Report and unclassified Cyber Strategy, respectively, three major social media giants came under fire this past week. Catch up on all of these stories in this week’s Friday Five!

Wins against cybercrime and the invasion of data privacy took the headlines this past week, but phishing, business email compromise, and the effects of climate change remain as threats against organizations. Catch up on all these stories in this week’s Friday Five!

Between malicious QR codes, ransomware, and new legislation that would require increased vulnerability disclosures, organizations have a lot to pay attention to in this week's headlines. Catch up on it all in this week’s Friday Five!

The Australian Privacy Act 1988 has been a cornerstone in protecting Australians’ privacy rights and governing how personal information is collected, used, and managed by organizations. Here you’ll find more about what the Privacy Act is and how it could impact you or your organization.

With an uptick of cyberattacks against government agencies comes a wave of new cyber frameworks, guidance, and regulations. Catch up on all the latest in this week’s Friday Five!

The cost of the average data breach is on the rise, the SEC recently approved new data breach regulations, and four AI powerhouses have come to an agreement on a new joint initiative. Catch up on these stories and more in this week’s Friday Five!

This past week, the White House released the first version of their National Cybersecurity Strategy implementation plan, Signal's President voiced her concerns over encryption and data privacy, BreachForums made its return, and more. Catch up on these stories and more in this week’s Friday Five!

Files and documents are the primary tools for chronicling and sharing information. While helpful, collaborating like this can raise privacy concerns for businesses because documents may contain business secrets, proprietary information, and personally identifiable information (PII). The most secure document collaboration tools for businesses prevent data loss, theft, and misuse while preserving their organization’s competitive advantage. What Is Secure Document Collaboration? Secure document collaboration enables individuals, typically workers, to share files, information, and sensitive data in a simple, safe, and protected manner. They foster collaboration by allowing several users to simultaneously work on a single document while maintaining its privacy restrictions. The Features & Capabilities You Should Look for In Secure Document Collaboration Tools Generally, any secure document collaboration tool should have a couple, if not most, of these features: Robust security features: The best document collaboration software incorporates security features like encryption and authentication processes to protect the integrity of its content. Tracking workflow changes: This allows team members to monitor progress, especially by seeing who has made what changes and holding people accountable. Document management: This includes the ability to draft, create, edit, save, and publish documents to a specified audience. Comments and feedback: This allows members to provide feedback that facilitates asynchronous collaboration and messaging. Consolidated data and communications: This centralization fosters quick task completion and eliminates the need to switch back and forth between multiple apps. Top 5 Document Collaboration Software 1. Digital Guardian Secure Collaboration As a secure collaboration tool, Digital Guardian Secure Collaboration incorporates the notion of perimeter-less, zero-trust security. Most secure document tools are adept at protecting sensitive information within the confines of the platform. However, unlike the product, they cannot offer protection once the data leaves the network or application platform. The product is different because it can track data once it leaves the confines of your network or endpoint. Users can also dynamically revoke access to leaked information or information mistakenly sent to the wrong user. Common Features and Use Cases The product can protect data when it leaves managed system environments. Facilitates zero-trust file sharing with portable, persistent data security and encryption. Documents are inspected for malware, cyber threats, and sensitive information before transfer is permitted. Allows granular security implementations that can be based on policy and classification. Pros Provides total control over documents wherever they travel. The product's Always-on File Security bundles encryption, data protection, and digital rights management into a secure document collaboration tool. Ensures your valuable data is safe throughout the document’s collaborative orbit. Cons The lack of a tiered pricing model disfavors small business enterprises. 2. Google Docs Google Docs is a free, cloud-based solution. It is also one of the most widely used document collaboration software. Its autosave capability is one of its most defining features, saving countless users from hair-pulling meltdowns due to the loss of critical information from unsaved work. Common Features and Use Cases Every change is automatically saved. Allows seamless online collaboration in real time. Provides ready-made yet customizable templates for various writing tasks. Facilitates the use of different permissions on the same document. Only browser, no special software required. Pros Allows users to sync changes from anywhere. Simple, intuitive interface with easy-to-use tools for editing and formatting content. Integrates seamlessly with other Google apps. Although web-based, it allows you to unlock offline editing on the Chrome browser. Cons While it’s good for commonplace editing tasks, it lacks advanced collaboration options. It doesn’t contain top-notch security features. 3. Microsoft Word Microsoft Word is a powerful word-processing software and part of Microsoft’s productivity suite. It is ideal for creating documents of the highest professional standards with visually appealing elements. Microsoft Word also comes with an extensive range of features. Common Features and Use Cases The ability to secure documents through passwords. Numerous templates and ready-made designs to choose from. The ability to incorporate graphic elements like 3D models directly into your document. Built-in language translator. Checking document readability scores. Pros A very user-friendly interface. Though there are alternatives in the marketplace, Microsoft Word still remains a top-notch product. Sophistication word processing features, including editing tools and a wide range of add-ons. Easy to create professional-looking documents. Cons

Read about the rise in cyberattacks against Android users, Chinese cyberattacks in Europe, a new ransomware decryptor, and more—all in this week’s Friday Five!

The International Traffic in Arms Regulations (ITAR) controls the sale, manufacture, import, and export of defense-related services, articles, and technical data on the United States Munitions List (USML). ITAR is a set of US regulations overseen and administered by the State Department designed to protect the national security interests of the United States. ITAR applies to defense companies that handle military and defense-related information, including universities and research centers. Due to its security implications and foreign relations interests, the United States highly regulates information relating to its defense industry. Therefore, there are stiff penalties for violating or mishandling the sensitive data specified by USML. ITAR Regulations The overall thrust of ITAR regulations is to ensure military technology, both physical materials and technical data related to defense, are restricted to only United States citizens or those otherwise authorized, with access provided on a compliant network. The overriding objective of ITAR is to safeguard defense-related goods, especially defense technologies and information, to ensure they don’t fall into the wrong hands, such as unauthorized parties. Below are the items subject to ITAR control, organized by their 21 USML categories based on the Electronic Code of Federal Regulations (e-CFR): Category I—Firearms and related articles Category II—Guns and Armament Category III—Ammunition and ordnance Category IV—Launch vehicles, guided missiles, ballistic missiles, rockets, torpedoes, bombs, and mines. Category VI—Surface vessels of war and special naval equipment Category VII—Ground vehicles Category VIII—Aircraft and related articles Category IX—Military training equipment and training Category X—Personal protective equipment Category XI—Military electronics Category XII — Fire control, laser, imaging, and guidance equipment Category XIII — Materials and miscellaneous articles Category XIV—Toxicological agents, including chemical agents, biological agents, and associated equipment. Category XV— Spacecraft and related articles. Category XVI—Nuclear weapons-related articles. Category XVII—Classified articles, technical data, and defense services not otherwise enumerated. Category XVIII — Directed energy weapons. Category XIX — Gas turbine engines and associated equipment. Category XX — Submersible vessels and related articles. Category XXI — Articles, technical data, and defense services not otherwise enumerated. In addition to weaponry and equipment, the defense-related articles profusely mentioned in the list include military gear, technical documentation, software, and instruments. What Does It Mean to be ITAR-Compliant? To be ITAR-compliant means to dutifully abide by its regulations. First and foremost, ITAR applies to any company that conducts business with the US military. Secondly, it involves any organization, whether third-party or otherwise, that deals with defense services, articles, or data specified in USML. This applies to various types of organizations, such as contractors, manufacturers, wholesalers, technology/hardware/software vendors, and third-party suppliers involved in manufacturing, distributing, and selling ITAR services or products. If you are among these companies or work with companies in your supply chain that handle ITAR-controlled items, then you must remain ITAR-compliant. All of the following are the necessary steps to become or remain ITAR-compliant: Step 1: Register with the Directorate of Defense Trade Controls (DDTC) of the Bureau of Political-Military Affairs under the State Department's auspices. First-time entrants pay the $2,250 application fee. ITAR registration must be renewed every 12 months with a renewal fee of between $2,250 and $2,750 per year. However, your registration renewal documents must be submitted 60 days before the registration expiration date. Step 2: Setting up formal ITAR compliance programs inside the business. There are procedures necessary for the protection of ITAR-related technical data. Implementing this requires understanding how ITAR regulations apply to the company’s USML goods, services, or data. This understanding equips the organization to define and implement the processes and programs needed to demonstrate and strengthen a commitment to ITAR compliance. Step 3: Utilizing cloud-compliant storage A secure data center to protect technical data is cardinal to ITAR compliance. This cloud storage should have sufficient controls to prevent access to unauthorized foreigners, individuals, or governments. This demands implementing data security controls to ensure technical data that travels through the cloud and endpoints with end-to-end encryption. Moreover, strict key management protocols must be applied such that the decryption keys aren’t accessible by a third party. Step 4: Keeping a comprehensive record of defense goods This includes the recipients' identity and their country, including the end-use and end-users of the defense item. While the steps enumerated above should be followed, the best practice for companies handling ITAR-regulated materials is to adhere to the data security guidelines specified in NIST SP 800-53, which defines the standards for safeguarding information systems that federal agencies should comply with. ITAR Penalties and Violations Due to the high-security stakes involved, there are severe penalties for violating ITAR: