Life science companies regularly deal with intellectual property and expensive lab equipment, making them an appealing target for cybercriminals. This is a major issue on two crucial fronts:

A data breach has the potential to cause reputation damage, financial ramifications, and legal liability. Any company with sensitive data or intellectual property must ensure their work is secure. Data security is an escalating issue for life sciences companies in particular: 40% of cyberattacks on life sciences companies reported to the media since 2017 took place in 2020 alone.

With the recent news that Bill Burr, who originally wrote the guidelines for government employees password polices that influenced the business world too, now regrets those complexity standards he developed businesses are now left to decide how they should handle these new standards.

NIST released a draft of its guidelines for review last year, and this summer, released the final version. It’s a four-volume document, written, as Fortune describes, “in turgid bureaucrat-speak.” We’ll save you the trouble of wading through it and highlight some of the biggest changes from the password best practices of the past.

Apple likes to cultivate a pristine image: hardware, software, and user experiences blending seamlessly together. And for the most part, image and reality are the same.

Apple products command a premium because they “just work.” Businesses owners will tell you they choose Macs — despite their higher price tags — because they’re powerful with less hassle. And the perception is that they’re more secure.

In fact, since Apple debuted Mac OS X (10.0) in 2001, the conventional wisdom has been that the operating system is nearly impenetrable to viruses and other malware due to it being built on Unix.

2017 hasn’t even reached its halfway point and already it’s been a banner year for email scammers. The hackers may be rejoicing, but if you or your company has been on the receiving end of an email-based cyberattack, it’s hardly something to celebrate.

According to the FBI, email scams have been hitting American businesses hard, to the tune of a half a billion dollars per year. And the pace doesn’t seem to be slowing for 2017.

If your company hasn’t fallen victim to an email scam this year, count yourself lucky. Up to 85 percent of organizations have suffered phishing attacks, according to one report. (Phishing is the blanket name for the most common form of email scam.)

What came to mind? If your mental image of a hacker is informed by Hollywood stereotypes and stock imagery, you thought of a shadowy figure, bathed in the green glow of multiple screens, furiously pounding out complex algorithms and arcane programming.

If only that were accurate. The truth is, the perpetrators of some of the most devastating cyber attacks of recent years relied more on charm and quick thinking than on technical wizardry.

Hackers succeed by exploiting weaknesses. And long ago, they discovered that the weakest element of most systems is the human element.

It’s easier to talk someone into giving up their password then it is to crack it through sheer computing power. And hackers are all about what’s easier.

Every month it seems, another large company suffers a network breach or unauthorized access to sensitive information. The number of well-known hacking victims keeps getting larger:

• The IRS
• Sony
• Home Depot
• Target
• The U.S. Department of Veterans Affairs
• JPMorgan Chase
• Verifone
• AOL

It’s tax season. And that means, for internet scammers looking to filch your employees’ identities and steal their money, it’s phishing season.

According to a warning issued by the IRS, tax season triggers a 400 percent surge in phishing and malware incidents. The scammers’ target? The sensitive information found on your employees’ W2 forms:

The cost of cybercrime is going nowhere but up. Meanwhile, the news reports on staggering incidents of mass data theft on a regular basis. If you’ve become obsessed with combatting intrusion from outside hackers and scammers, it’s understandable.

But if you’re only looking outward, you may be missing one of the leading and most damaging risks to your cybersecurity: those who work in and with your organization.

No one wants to believe their colleagues and partners would compromise their data security – either deliberately or mistakenly – but it happens more often than you would think.

We don’t have to tell you your organization’s IT system is deeply complex. To provide even the most basic services to your users, many layers of hardware and software combine.

Lurking within these layers are vulnerabilities – weaknesses that can be exploited to inflict costly damage on yourorganization. And as the layers of your IT system multiply, so do their vulnerabilities, whether they’re problems in the operating systems, application flaws, or improper configurations.

How do you find these weak points before the bad guys do? That’s exactly what penetration testing is for and why it is a critical part of a company’s security policy.