WipfliSecurity

WipfliSecurity brings you timely information that affects your organization’s security. Connect with Wipfli’s security experts and get up-to-date guidance on the latest threats and fixes. We’ll discuss new ideas for improving your organization’s security and tips to help you navigate your way through compliance and more.
 

Cyber Criminals Target Law Firms: Are You Next? Probably.

Dec 29, 2016
By
Comments (0)

On December 27, the media reported that federal prosecutors charged three Chinese citizens with cybercrime conducted against law firms. According to The New York Times, the three men made millions of dollars by hacking law firms and stealing the emails of partners who worked on mergers. The men then bought shares of target companies and sold them once those deals were announced.

 More

6 Questions Boards of Directors Should Be Asking About Cybersecurity

Oct 19, 2016
By
Comments (0)

According to the Allianz 2016 Global Risk Report, business interruption and cybersecurity occupied two of the top three risks to businesses. It’s no wonder that with the increased frequency of cyber attacks, data leaks, and computer fraud, cyber risk now nears the top of board and audit committee agendas. Here are the top six questions boards should be asking their security leaders.

 More

Wipfli is a National Cyber Security Awareness Month Champion

Sep 08, 2016
By
Comments (0)

October is National Cyber Security Awareness Month and Wipfli has once again signed on as a champion for 2016.

 More

It’s Time to Ensure Better Cybersecurity Communications to Boards

Jul 27, 2016
By
Comments (0)

More boards of directors are now recognizing that security plays a key role in business operations and strategy. In fact, cyber risk is becoming a top governance priority for boards, landing right up there with financial and legal oversight.

 More

Website Security Updates: Who Is Responsible?

Jul 01, 2016
By
Comments (0)

I recently read an email about a security update available for website maker WordPress. Right in the message they “strongly encourage users to perform this update.” Looking at how organizations manage this issue in their overall patch management begs the question: Who is responsible for maintaining security updates for websites? Oftentimes, there aren't clear lines of responsibility.

 More

Look Out for “Locky”

Mar 03, 2016
By
Comments (0)

In mid-February, officials at Hollywood Presbyterian Medical Center in Los Angeles reported an internal emergency when its systems were hacked and held for ransom. Nicknamed “Locky,” the ransomware likely arrived in an e-mail with a Word document attached. Ultimately, the medical center paid almost $17,000 in Bitcoin to the hackers in exchange for the decryption key to unlock its systems and access its electronic health records. Add to this the cost of operational disruptions and the PR nightmare, and this was quite an expensive attack.

So has Locky got your attention? What are you doing to protect your organization from ransomware?

 
 More

Wipfli Joins Global Effort to Support Data Privacy Day as Champion

Jan 25, 2016
By
Comments (0)

DataPrivacyDayChampionWipfli announced today that it committed to be a champion of Data Privacy Day (DPD), an international effort held annually on January 28 to create awareness about the importance of privacy and protecting personal information. As a DPD champion, Wipfli recognizes and supports the principle that organizations, businesses and government all share the responsibility of being conscientious stewards of personal information by respecting privacy, safeguarding data and enabling trust.

 More

Amazon.com Has Two-Factor Authentication!

Dec 08, 2015
By
Comments (0)

Amazon.com has two-factor authentication! Use of an authenticator app or sms messages for authentication codes is now available.

 More

The Semantics of Business Continuity

Nov 17, 2015
By
Comments (0)

At the recent Disaster Recovery Journal (DRJ) World Conference in September 2015, the idea of common terms we use in the Security and Business Continuity world came to mind, and why they may not be so commonly shared after all. Here's what happened...

 More

The State and Future State of Cybersecurity According to Black Hat & DEF CON

Sep 22, 2015
By
Comments (0)

This summer marked the annual meetings of two key cybersecurity conferences—Black Hat, a professional security conference, and DEF CON, a hacking conference. The events are attended by industry thought leaders from throughout the infosecurity world, including corporate, government, academic, and underground researchers.

Through a series of highly technical presentations and training sessions, conference attendees get a better sense of what today’s security landscape looks like, and what tomorrow’s could hold.

 More

October is National Cyber Security Awareness Month

Sep 16, 2015
By
Comments (0)

October is National Cyber Security Awareness Month (NCSAM). This is a great opportunity to increase awareness and promote safe online practices with your employees, family members, students, and even your customers.

 More

Businesses Beware! Hackers use email as weapon of choice.

Aug 12, 2015
By
Comments (0)
PhishingBogus emails promising ways to make a quick buck have been around for years, but now the criminals’ tactics are improving. We have recently seen a dramatic rise in electronic payment fraud and financial losses as a result of tricking the CFO or Controller to set up a fraudulent wire payment.
 More

The NEW FFIEC Cybersecurity Assessment Tool: Like an Almost-Right Christmas Present

Jul 21, 2015
By
Comments (0)

On June 30, the FFIEC unveiled their Cybersecurity Assessment Tool. There are many things to like about what they have put together. There were a few things that were a bit of a disappointment, however. 

 More

Take a Hard Line on Security with Network Hardening

Jul 02, 2015
By
Comments (0)

Security threats evolve daily and successful attackers exploit the vulnerabilities of environments with out-of-date hardware, software, and security protocols. Attackers search for vulnerable default settings, as well as electronic holes in firewalls, routers, and switches, and use them to penetrate defense. These exploits can allow attackers to access networks where they can redirect traffic and capture information (including sensitive data) while in transit.

 More

Strengthening Password Security Control

Jun 05, 2015
By
Comments (0)
So here’s the question of the day: Is password security attainable? Clearly, the foundations of password-based authentication are flawed because of the countless avenues of exploitation and the level of trust placed in users to responsibly create strong passwords.
 More

On the Password Treasure Path: How Attackers Exploit Weak Passwords

May 28, 2015
By
Comments (0)
It is not a matter of if your password can be cracked, but a matter of when and how long it will take for your password to be cracked. In fact, using attack vectors like phishing and key logging do not require attackers to crack or guess the password at all, since it is captured in clear text at the point of retrieval.
 More

Passwords: Many Organizations in Denial While Foundation Is Seriously Flawed

May 19, 2015
By
Comments (0)
Most organizations are in complete denial over their password security vulnerability. Yet hardly a day goes by without a new data breach making the headlines. One would think that the continued news about breaches would serve as a reminder to finally disassociate the relationship between your dog’s name and access to your retirement savings account.
 
Organizations must come to the harsh realization that they are indeed potential targets (however big or small) and take measures to prevent, detect, and respond to plausible attacks. While there are plenty of useful ways to create strong passwords, the plain truth is that the foundation of password-based security is flawed.
 More

Secure Your Business Against Tornadoes

May 08, 2015
By
Comments (0)
Tornado season is officially here and with each passing year, the outbreak of storms appears to be worsening. A recent study published in Science magazine suggests that the tornado seasons we’re used to could in fact be changing in both severity and greater variability in the timing of seasonal storms.
 More

Mobile Device Management: Exchange ActiveSync vs. Containerization…Which is Right for You?

Apr 27, 2015
By
Comments (0)
Mobile Device Management (MDM) is a priority for any organization with smart phones, tablets and other mobile devices in their environments (these days, that’s nearly all of us). For those wrestling with how best to handle MDM, some vital security questions will need to be addressed...
 More

Welcome to the Wipfli Security Blog!

Apr 15, 2015
By
Comments (0)

The cybersecurity threat landscape continues to change at a dizzying pace. Wipfli’s information security team is on the front line along with our customers to manage and control cybersecurity risk. This blog will provide insights from the front line designed to educate, inform, and inspire conversation with our clients and friends.

 More

Blogs


Bank on Wipfli
Financial Institutions Practice Team
Get Dynamic - the Wipfli GP Blog
Wipfli's Microsoft Dynamics GP Team
INSide Thoughts
Wipfli Insurance Team
Management and Leadership in Nonprofits
Steve Lipton
Manufacturing Tomorrow Blog
Wipfli Manufacturing Technology Team
TaxThink
TaxThink Team Blog
Wipfli's Microsoft Dynamics CRM Team Blog
Wipfli Microsoft Dynamics CRM Team
WipfliSecurity