Top 10 Mistakes Companies Make in GDPR Preparation


This article appeared in the March 14, 2018 issue of ITBusinessEdge 


With the EU’s General Data Protection Regulation (GDPR) only less than three months away from enforcement, organizations are (hopefully) pulling together their GDPR strategy. However, the nuances of GDPR are something most of us are still trying to understand – and we probably won’t grasp until the regulation is in effect and tested. In the rush to meet the compliance standards, errors will likely be made. I talked to security experts, and here are some of the more common GDPR prep mistakes.

“When it comes to GDPR compliance, the primary focus for most enterprises is on determining customer, partner, and employee-held data elements by the organization. Unfortunately, most have overlooked the significant amount of data collection activities occurring via the organization’s websites and mobile apps,” explained Chris Olson, CEO of The Media Trust. “This is a critical oversight since there are anywhere between tens to hundreds of unknown vendors not only executing code but also collecting personally identifiable information on website visitors. In fact, enterprises tend to find two to three times more vendor-contributed code on their websites than expected.”

Continue Reading

Cryptomining: the new lottery for cybercriminals

This article by Chris Olson, CEO at The Media Trust, was originally published on CSO, March 14, 2018



Cryptomining has surpassed even ransomware as the revenue generator of choice according to a Cisco Talos report, which claims crypto-mining botnets can earn hackers up to $500 dollars a day and a dedicated effort could equate to more than $100,000 dollars a year. Representing the perfect balance of stealth and wealth for cybercriminals and some unscrupulous, but legitimate online businesses, cryptomining is quickly becoming a major concern for enterprise IT who frequently don’t know their digital assets have been compromised.

With stringent privacy laws coming online in 2018, it is imperative that organizations know all partners that execute code on the website. This information is critical for not only identifying the rogue source but also communicating expectations and enforcing compliance—key mitigating factors when it comes to regulatory penalties.

Continue Reading

The Battle to Secure the Digital Environment

This article by Chris Olson, CEO at The Media Trust, was published in “CSO Online” on January 12, 2018.


Read article

There’s no escaping it: costs to recover from a cyber incident continue to mount, projected to reach $8 Trillion by 2022 according to Juniper Research. Enterprises can’t keep pace with the increasing sophistication and cadence of internet-attacks, which are orchestrated by leveraging the components involved in everyday website functionality.

Information security is a growing, multibillion dollar business. Yet, the hits keep coming, with numerous high-profile breaches in 2017 generating unwanted front-page news for Equifax, Dun & Bradstreet, U.S. Securities and Exchange Commission (SEC), Deloitte, Whole Foods Market, Hyatt Hotels, Uber, and Anthem, among others. While there are many facets to the security problem, the digital environment proves to be the most elusive. In fact, the past 12 months bore witness to countless man-in-the-middle attacks, vendor compromises and bots to harm to consumers and employees alike, grabbing credit card data, enslaving system resources, and so much more.

Something is wrong. Could it be that security providers don’t have solutions to address today’s malware problems?

Continue reading


Websites: The Code for Cyberattacks

This article by Alex Calic, Chief Revenue Officer at The Media Trust, was first published in “Home Business Journal” on December 26, 2017.


Read article

Hacktivists, cybercriminals, disgruntled employees and even students deface websites as a satisfying pastime. Much like spraying graffiti across a storefront or government building, cyber attackers deliver in-your-face messages to not only your market but also the internet at large. What’s worse is that you might not even know about it until customer complaints begin to roll in. Clearly, these are high stakes for a small or medium-sized business that relies on the internet as a revenue channel and brand ambassador.

Continue reading

10 Easy-to-Keep Resolutions for Safe Online Shopping

This article by Pat Ciavolella, Head of Malware Desk and Analytics at The Media Trust, was originally published in Fraud & Identity Today on December 18, 2017.

Read article

Let’s admit it; online shopping can sometimes feel like junk food – it’s really good when you “virtual window-shop” but there is some element of guilt when you finally decide to splurge. Unfortunately, just like junk food binges can harm your health, online shopping can hurt you, too—malware and stolen card details are just the tip of the iceberg!

There is proof in the pudding: 2017 bore witness to several unsettling examples of ecommerce website attacks. In the Spring, at least 25 reputable, mid-tier ecommerce sites were compromised to steal customer payment card details. Then, six months later it was revealed that some of the world’s popular websites—a list that includes several brand-name retailers—were found recording your every keystroke.

Experiencing the effects of a digital compromise is a likely prospect for the average online shopper; it’s no longer something that only occurs during high-volume shopping periods or on dodgy websites. According to Adobe Analytics, online sales hit a record-breaking $6.59 billion on Cyber Monday, up 16.8 percent from 2016. How much of these record-breaking online sales were safe for you as a consumer? Good question. But, in preparation for 2018, everyone can resolve to be more vigilant.

A good first step is following these 10 easy-to-keep resolutions to protect your online shopping adventures:

 1. Judge loyalty programs: treat as guilty until proven innocent!

Read the fine print when signing up for loyalty programs that enable you to take advantage of additional discounts. Many retailers share your personal information with industry partners to promote seemingly complementary products, but the security of your personal data is not guaranteed.

2. Be a grammar guru: make sure URLs are spelled correctly

Domain spoofing is a widespread issue. It is easy to get enticed by a deal for a new gadget only to end up shopping on a completely fake website that has purposely been setup to entice and trick users, e.g., vs. Also, pay close attention to grammar and spelling on various pages of the website, too. It’s easy to accidentally navigate off a legitimate site to a spoofed site.

3. Do a little detective work: check brand legitimacy

While shopping online, chances are, you are looking at multiple brands of goods. Before hitting the buy button, verify if the brand has a legitimate website, physical address and customer reviews before you splurge. Again, it doesn’t hurt to continuously keep an eye out for spelling errors on the url/domain and also general website text grammar. It’s unlikely a reputable brand would accidentally have these types of errors.

4. Build a routine: change passwords, often

This basic security practice is one that many consumers need to adopt. Changing passwords often, possibly a weekly or monthly basis, and creating strong passwords is important. And, no, your birthday isn’t a good password.

5. Seek trouble: with the payment page

Did you see an error message popup on the payment page? Or, did an error message flash just after you hit submit on your order? Chances are, there is something amiss and threat actors are trying to steal your payment card information. For the most part, the payment page should look “clean”, mimic other pages and contain minimal text – it shouldn’t have too many images, ads or other offers.

6. Confirm credibility: check for security certificates

Review the website’s security certificates, especially those on the payment page. While there is no guarantee that these certificates protect against a website attack, you at least want the ecommerce platform to meet industry security best practices around online payments, e.g., comply with PCI DSS standards.

7. Be perceptive: watch out for abnormal website behavior

Redirects, ad overload, ads that auto-refresh continuously, videos or images that take too long to load could signal some kind of trouble, possibly a compromise. Leave the site immediately by closing the tab and/or browser; you may even want to power off your device.

8. Work on reflexes: steer clear of fake updates and surveys

If the webpage displays a survey promising more discounts on completion or prompts you to update a plugin/ software, close the page down as quickly as possible. These are typical ploys to facilitate phishing or exploit kit drops. Don’t fall for it; some of these “you’ve won” scenarios ask an endless stream of user-identifying questions with a promise of a reward at the end. The reward never appears. Exit the browser right away!

9. Don’t walk and shop: mobile isn’t always safe

You might think you are better off shopping on your mobile phone, but carried-targeted malware is on the rise. This malware is only triggered if a person is visiting an infected website through a mobile device using data, i.e., the malware will not drop if you are on a secure Wi-Fi network.

10. Develop reading habits: start with privacy policies

Learn a little bit more about how cookies are used, how information about you is either shared or protected.


High Court Ruling That Could Reverberate Around the World

U.K. and EU flags

This article first appeared in Corporate Compliance Insights on December 18, 2017

Read Article

In a precedent-setting move, the High Court in the United Kingdom (U.K.) ruled that a company is liable for data breaches caused by employees, shedding insight into the future of data privacy regulatory enforcement. The speed and flexibility of today’s digital world require the adoption of risk strategies that address not only employee behavior but also the vendors executing on enterprise websites and mobile apps. The changing regulatory environment mandates better control of these digital assets and the role they play in collecting, storing and sharing consumer data.

CPO: US Federal Websites in Urgent Need of Web Security Upgrade

Article originally published in CPO Magazine on December 8, 2017

CPO Mag - US-federal-websites-2017-1208

Read article

The U.S. Federal Government is a behemoth that touches every aspect of American life – and today the touchpoints for services and information that each U.S. citizen requires to comply with federal rules and regulations are increasingly found on the Internet. However, the latest report on the state of federal websites indicates that they fail on some key indicators regarding web security.

The problem with federal – and many enterprise – websites is that no one individual is in charge of the entire website operation.

Continue reading