Skip the navigation

Data Security Topic Center

What you need to know about data security and protecting sensitive information

Data Security News

Lavaboom creates an encrypted webmail service that fends off snooping

A new webmail service called Lavaboom promises to provide easy-to-use email encryption without ever learning its users' private encryption keys or message contents.
Read more...

First sites admit data loss through Heartbleed attacks

Canada's tax authority and a popular British parenting website both lost user data after attackers exploited the Heartbleed SSL vulnerability, they said Monday.

Google said to be eyeing a boost to encrypted sites in search results

Websites that use encryption could be elevated in Google search results sometime in the future, according to The Wall Street Journal.

Stung by file-encrypting malware, researchers fight back

Jose Vildoza's 62-year-old father was using his old Windows computer when a warning in broken English flashed on the screen: your files have been encrypted.

Gameover malware takes aim at Monster.com and CareerBuilder.com

A new variant of the Gameover computer Trojan is targeting job seekers and recruiters by attempting to steal log-in credentials for Monster.com and CareerBuilder.com accounts.

In rare move, banks sue Target's security auditor

Two banks that claim to have suffered losses from the recent data breach at Target have sued Trustwave Holdings Inc., the company that was responsible for validating Target's compliance with the Payment Card Industry Data Security Standard.

Tip of the Hat: Facebook blocks NSA spies -- for now

In the wake of revelations exposed in classified National Security Agency documents leaked to reporters by Edward Snowden, Facebook must show its users that their data is safe from the prying eyes of government spies.

Snowden advocates at SXSW for improved data security

Encryption technologies can be a powerful tool against government surveillance, but the most effective techniques are still largely out of reach to the average Internet user, Edward Snowden said Monday.

Encrypted communications to take center stage at Cebit

The first Cebit trade show in the post-Snowden era will focus on security, showing off locally developed bug-proof phones and messaging systems, as well as the ability to protect mobile devices using smartcards.

CIO not the only one to blame for Target breach

That someone had to take the fall for the massive breach at Target is neither surprising nor unexpected. The only question is whether more heads will roll in the aftermath of one the biggest data compromises in retail history.

Data Security In Depth

How a cyber cop patrols the underworld of e-commerce

Melissa Andrews, a resident of Canada, is a cyber security "cop" for Payza, an international e-commerce payment platform operating in 97 countries. Her job, described by the company's public relations firm as "the worst security job on the Internet," is to protect the public from illegal, and many times revolting, content, by shutting the sites down and alerting authorities about criminal activity. She spoke with CSO this week about her job and why she is proud of what she does.

Big data security context

I just finished up a lengthy tour through Latin America and Asia, as described in many of my latest blogs. Most recently I was in Australia and New Zealand (ANZ). I had the opportunity to work with various government agencies, organizations within critical infrastructure and general enterprise businesses across ANZ. Their primary topic of interest: big data. More specifically, they were interested in determining what needs to be part of a successful big data security strategy.

How to defend against the OpenSSL Heartbleed flaw

CSOs need to take a number of steps as soon as possible to protect their organizations against the OpenSSL vulnerability that has shaken the tech industry, experts say.

Cognitive bias: The risk from everyone in your organization, including you

Risks to enterprises are not only of the security breach variety from outside attackers, malicious insiders or even careless employees. Another comes from everybody in an organization a even its most loyal, careful, capable members.

How MDM works -- or doesn't work -- for SMBs

In large-scale organizations, implementing mobile device management (MDM) is typically given. After all, with so many employees using mobile devices that either contain or connect to sources of sensitive information, there needs to be some way to keep everything in check. But what about those companies that aren't big enough to be able to afford an MDM implementation and a full-sized IT department to manage it? Without a means to centralize the control of mobile devices, how can these smaller companies protect their data?

Ad tracking: Is anything being done?

Online tracking is on the rise, but efforts to create a practical Do Not Track policy have slowed to a crawl. Meanwhile, users and browser companies are taking matters into their own hands.

Security Manager's Journal: Stopping vendors from making us a Target

The data breach suffered by Target could make it easier for our manager to make some needed changes in his company's vendor management processes.

Why you need to segment your network for security

Pen tester Mark Wolfgang argues segmenting for security is a key piece of an overall defense-in-depth strategy. Here he explains why and how to accomplish it in your organization (registration required)

How to Test the Security Savvy of Your Staff

How do you know your employees retain what you teach them in company-required security awareness training? You don't -- unless you regularly test their security savvy and effectively address their mistakes during post-test follow-up sessions.

How to rethink security for the new world of IT

Not all the proven practices of the past work in today's interconnected, heterogeneous world. Here's what you need to do differently

Consumerization of IT: Get the latest
consumer tech

Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!