Large number of businesses leverage offshore technology teams. However, very few of those companies have data governance on customer data nor understanding of the cyber-security risks involving some amazing and cheap talent. Chances of breaching GDPR, CCPA and other global privacy regulations is high when working with offshore development teams.  Risks of working with remote and […]

Client facing Slack and Zoom channels are especially useful for the direct and safe communication and support environment. For this reason, these client-facing chat rooms can also act as sources of sensitive data leaks, commercial chatter that could affect stock price or highly confidential data that stays is memorialized in ‘history’. Efficiency and organization at […]

Many Slack users are unaware of the permissions that may become enabled when third-party applications are linked with one’s Slack account. According to the Slack Help Center, “an app’s permission scopes depend on the kinds of things it’s supposed to do.”  Typically, such permissions may encompass the ability to view information, post information, and carry out […]

In the US alone, the overall cost of healthcare breaches in 2019 was US$ 11.8 billion (£9.2 billion) – more than double the 2018 figure, & healthcare breach discovery time is the longest for any industry. Technology and process audits such as SOC2, ISO and HIPAA compliance certificate often creates a false sense of security […]

Slack, a proprietary business communication platform that provides long-lasting chat rooms — ranging from channels to direct messages — offers users the capability to comply with HIPAA regulations for messaging and file collaboration via the platform’s paid Enterprise Grid plan.  “The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a U.S. federal law […]

Work-from-home security risks within collaborative and productivity apps such as Slack is being under appreciated. Security failures on platforms like Slack may not manifest directly as ‘platform breaches’ but indirectly through leaks of files downloaded and data shared that is then saved locally. Data breaches, malware infestations, brand or credibility damage have occurred when vulnerable […]

Enterprise privacy practices and security posture in general have not kept up with the increasingly decentralized tech stack.  The remote workforce phenomenon recently, and cloud adoption in general, is accelerating adoption of tools and services that should trigger a ‘rethink’ by enterprises to look deep into data breach risks from within. Background As an organization […]

Equifax. Target. Marriot. Delta Airlines. Recognizable names of course, but as of late, perhaps for the wrong reasons. Every day, malicious actors take the web in search of valuable personal information, made available through the misguided handling of customer data by companies across the globe. When they come for your company, don’t be surprised–almost 30% […]

The proliferation of cloud apps has created high-network user groups. The ease of integrating with Rest APIs has the added benefit of sharing data and files between Slack, Google Sheets and other SaaS products. However, sensitive data in multiple places within open chat channels creates a compliance headache of managing data-leak and regulatory risk. Collaboration […]

Nudge refers to “Influencing people’s behavior in a predictable way without forbidding any options or significantly changing their incentives.”–Richard Thaler & Cass Sunstein (“Nudge: Improving Decisions About Health, Wealth and Happiness”) In this blog we will explore the behavioral science’s concept of ‘nudge’ in improving the security and data privacy posture of organizations. There are […]