Your browser identified itself as a version of IE that was often shipped with default settings that were less than secure. Your internet experience could be made more secure by opening Internet Options in your browser, going to the Advanced tab and looking under the security settings for "Use TLS 1.1" and "Use TLS 1.2". Ensure these are turned on (checked). Doing so will enable your browser to support a higher quality of encryption on this and other websites. You will still be able to browse this site without turning on support for TLS 1.1 and 1.2, but we will have to use a lower level of encryption to accomodate you. See this question on Stack Exchange's Superuser forum from 2011 for more details keeping in mind the comments about TLS 1.2 non-support were made many years ago, and things have changed since then.

If the support for better cryptography has been turned on for your browser, thank you, and you can safely ignore this advisory.

Browser Security Alert



Every year, we look forward to the RSA Conference, the cybersecurity industry’s biggest event. No other conference lets us meet as many security professionals, or get as many different viewpoints on what’s happening in security and where the industry is heading.

Here’s a summary of the top storylines we heard as we talked with customers, industry analysts, and other folks in the security world this year.

Read more ...

PKWARE is proud to announce that CRN, a brand of The Channel Company, has once again named Rick Hofmann, Vice President of Worldwide Channel Sales, to its prestigious list of Channel Chiefs. The top IT channel leaders included on this list continually strive to drive growth and revenue in their organization through their channel partners.

Read more ...

Not that anyone needed another reminder, but a financial services vendor has provided an illustration of the fact that sensitive data should never be left unencrypted.

As first reported by TechCrunch and security researcher Bob Diachenko, millions of records containing Social Security numbers, tax information, credit scores, and other mortgage data were discovered, unencrypted, on a publicly-available server in early January. The company directly responsible for the breach has already taken its website offline and stopped responding to questions, but the repercussions may only be beginning.

Read more ...

From the moment Europe's leaders began discussing the law that would eventually become the GDPR, it seemed almost inevitable that the United States would some day pass a national cybersecurity law of its own. After all, as the center of the world economy, America presents the largest attack surface for anyone looking to steal consumer data, trade secrets, or other sensitive information.

America's GDPR may still be years in the future, but the country appears to be taking another step in that direction. Recent comments from Senator Mark Warner and other high-profile politicians, in the wake of the recently-uncovered breaches at Marriott and the National Republican Congressional Committee, suggest that there may be growing support in D.C. for a national solution.

Read more ...

Faced with staffing shortages, skill gaps, and evolving cyber threats, security professionals around the world are beginning to recognize that automation is the future of information security. There’s simply no way that security managers—or end users—can be expected to evaluate every risk and apply appropriate protection to the constantly-multiplying volumes of data they handle.

Automation is a difficult idea to accept for some, especially those who have tried automated technology in the past, only to abandon it after watching it disrupt workflows, frustrate users, and overwhelm already-busy IT staff with a flood of false alarms. So how can an organization automate its data protection activities without throwing a wrench in its critical business processes?

Read more ...

Back when they were new on the scene, HIPAA's privacy and security rules didn't get much respect. Beginning with the privacy rule's introduction in 2003, the Office of Civil Rights received thousands of complaints and investigated thousands of infractions each year, but took little or no corrective action. In fact, the OCR didn't issue a single fine for a HIPAA privacy or security rule violation between 2003 and 2008.

It's easy to understand how HIPAA got a reputation as a toothless mandate, but things have changed over the last ten years. If anyone needed a reminder of the fact, the OCR delivered one this week with its $16 million fine for the Anthem data breach. The penalty is nearly triple the previous record for a HIPAA fine, and sends a clear message that organizations can expect to pay a heavy toll for neglecting their data protection obligations.

Read more ...

We're now three quarters of the way through New York's two-year-long implementation of its cybersecurity law for financial services companies.

The first law of its kind in the US, NYCRR 500 sets best-practice cybersecurity requirements for all banks, mortgage companies, insurance companies, and other organizations that do business in New York. The requirements are being phased in between March 1, 2017 (when the law first took effect) and March 1, 2019.

Read more ...

A few years from now, stories like this may not even qualify as news. That's how quickly cybersecurity laws—nearly unheard of until recently—are becoming the norm.

For now, though, each new law is worth noting, and the Colorado Protections for Consumer Data Privacy law, which took effect on September 1, is the latest law to hit the books in the US.

Read more ...