dcsimg

Privileged Access Management Compliance Through the Eyes of an Auditor

Compliance audits are a stressful, time-consuming effort for many companies. In the Lockdown blog, we often talk about the tools and processes customers use to prepare for both internal and external information security audits. This time we thought we’d turn the tables and speak directly to an auditor to hear his perspective. In this post, auditor and Information Security Specialist Edgar … [Read more...]

Design Principles that Drive Thycotic’s Software User Experience Strategy

Users are the biggest risk to information security. That’s why it’s so important to have a usable software product, especially in the cyber security space. Our goal is to give people the agility and control they need to reduce risk. Usability is our North Star.   With this goal foremost in our minds, we’re building a growing team of usability experts, including cyber security software UX … [Read more...]

Lower Risk of PowerShell Vulnerabilities with Privilege Management

PowerShell and other scripting tools are part of an IT professional’s arsenal. They are incredibly powerful, a force multiplier which allows you to automate important or frequently used tasks. The same traits that make these tools a boon for IT pros also make them valuable to malicious actors who can use them to exponentially increase their reach within an organization.   Allowing too many people … [Read more...]

(SSH) Keys to Unix Security

Root accounts are the keys to powerful IT systems, the backbone of your entire infrastructure. They use privileged credentials to control shell access, file transfers, or batch jobs that communicate with other computers or apps, often accessed remotely, with local configuration. They can be the trickiest of all types of privileged accounts to secure, particularly if they are based on Unix or … [Read more...]

Ostriches, Zero Day Exploits, and the Elusive CyberSec Expert: Why SMBs Should Implement Cloud-Based PAM

Small and medium-sized businesses (SMBs) face a cyber security trifecta. Cyber criminals are increasingly targeting the most vulnerable businesses (not just the biggest fish). Sophisticated attackers quickly take advantage of newly revealed vulnerabilities. And, cyber security professionals are in short supply. Maybe SMBs aren’t aware that they can use the same types of security systems as larger … [Read more...]

Top 5 Ways to Win your CEO/CTOs Heart

In today’s always-connected world it’s important to realize that, historically and traditionally, cybersecurity was the responsibility of the IT department. Any time a cyber incident or data breach occurred or security questions arose, these got deferred to IT for the answers. Failure to translate cyber risk into business risk has left many businesses clueless But with today’s massive data … [Read more...]

The Lockdown’s 10 Most Popular Blogs of 2017

2017 was a record year for cyber security with breaches and hacks making headlines just about every day.  Thank you for following along with the 2017 chaos as we captured the biggest breaches, security nightmares, and attacks. As a recap, here are the “Top 10” posts from the blog, sorted in increasing order based on readership. Let the countdown begin! #10: How Does Encryption Work?  Going … [Read more...]

5 Free Encryption Tools You Can Use Today to Protect Yourself!

Author Note:  These are all 3rd party tools that I have personally used, and/or have been recommended to me by peers and experts in the field.  With that said, Thycotic does NOT endorse any of these: please explore and use at your own risk.  Email Encryption Tool OpenPGP – An open source encryption protocol used by many clients for providing secure encrypted email transmissions.  Most email … [Read more...]

Stop storing cleartext credentials in the registry for Point of Sale systems

Do you want to enable auto logon on your PoS systems without compromise? Do you need to enable auto logon for a seamless buying experience for your customers, but you’re doing it in an unsecure way? Well, Thycotic’s Secret Server has the answer, with complete automation, and without storing credentials in cleartext. Let’s talk about how auto logon works, why it’s not recommended in most cases, and … [Read more...]