INSIDER THREAT SECURITY BLOG

Amazon S3 buckets have been at the heart of over a thousand security breaches over the last 4 years alone. Most recently, thousands of cell phone bills for Sprint, AT&T, Verizon, and T-Mobile customers were exposed through an open S3 bucket due to the oversight of a contractor working for one of the cell giants. So what are Amazon S3 buckets and what can organizations using S3 buckets do to avoid being the next headline? In this blog post, we will walk through the basics of Amazon S3, and…

According to a study conducted by Mio, 91% of businesses use at least two messaging apps, of which slack and Microsoft Teams are present in 66% of the organizations surveyed. Teams adoption has been growing quickly due to its interoperability with the rest of the Office 365 suite which makes collaborating easier than ever. While collaboration is great, security is a major concern for organizations who are still considering the move to Teams from Slack, Skype, etc. The great double-edged sword…

Within SharePoint, there are a few groups which can give ‘Open Access’ to a given resource that can leave the environment vulnerable depending on where these groups exist. With open access comes the increased risk of data being ‘lost’ and with data loss comes risks to sales and revenue, lawsuits, IP theft, and subsequently – compliance breaches. What is Open Access? An instance of open access exists whenever one of the large groups described below has access to a resource. It is import…

SharePoint continues to remain one of the most popular content collaboration platforms (CCP) at the enterprise-level, continuing to grow in adoption year over year. This adoption shows not only growth in the expected area of SharePoint Online, but continued expansion in SharePoint On-Premises as well. As SharePoint continues to grow, one of the largest areas of concern is around the security of the platform. A well designed, maintained, and governed SharePoint farm is usually a very safe e…

SharePoint offers options for collecting activity which may prove useful for many different reasons. Whether that reason is for security auditing or fulfilling other compliance requirements, in order to make use of it – it must be turned on and you need to know what you are looking for. The purpose of this blog is to show you what kind of activity is available, how to enable activity auditing and how to make use of that data. Events Available for Logging Opened and downloaded documents,…

The policy of ‘Data protection by design and by default’ in article 25 of the GDPR is driving vendors like Microsoft to align data security with innovation to not only develop better products but also more secure products. Along these lines organizations should adopt the policy of Privacy by Design, that is, organizational processes that are designed with protecting privacy in mind. Just as external sharing is a critical and unavoidable piece of business success, so too is achieving compl…

SharePoint is an extremely useful collaboration and document management platform. Whether you are using SharePoint for hosting wiki articles, running internal project sites or exposing SharePoint to customers and partners for collaboration and document sharing, one of the most important areas to familiarize yourself with is how permission levels work within SharePoint. Improper use of SharePoint permission levels can lead to sensitive documents being widely available to anybody inside or outs…