ICSA Labs Security Testing Blog

Lessons from the Eye Doctor: Protecting Your Identity

Earlier this month, I stopped in to my optometrist’s office for a routine appointment. The office is small, situated in a building that’s a bit removed from the main road. As with many of my previous eye appointments, I sat down with the person at the counter so she could pull up my prescription information on the computer and review my insurance benefits for the final pricing.  Apparently a password was required to access this information, which the woman behind the counter helping me didn’t have.

4 Considerations for a Bug Bounty Program

I recently read some of the articles about bug bounties and their relative virtues. Some of the comments were thought provoking, controversial and entertaining as they are a departure from comments that are trying to make a marketing statement rather than an avenue for expressing their true feelings on the subject.

Striking a Balance Between Privacy and Technology -- Navigating the Microsoft 10 “Free” Upgrade

The widely covered launch of Windows 10 has elicited numerous warnings from privacy advocates and online security experts in recent weeks.  Why?

Weighing Firewall and Cloud Security Challenges

Explaining the purpose of a firewall is often very easily answered with a simple analogy: it is like a gatekeeper, border control, or security at the entrance of a building. The firewall’s role is to decide what can pass through your network, and what cannot.

We were asked recently to give a real-world analogy to explain where the cloud resides in this picture – where is the cloud in relation to the firewall? Is it above it? Beside it? Inside it?

Protecting Your Mobile Phone from Ransomware [PART 2]

As consumers increasingly turn to their mobile phones for shopping, banking, working and internet browsing, cybercriminals have similarly begun to evolve their tactics to keep up with the growth in mobile phone usage. 

Protecting your PC from Ransomware [PART 1]

Ransomware is a type of phishing attack that occurs when an attacker sends an email that looks as if it is from a legitimate organization but contains a link or attachment to malware or ransomware.

Once the ransomware is downloaded it restricts access to the computer system it infects and demands a ransom be paid to the creator(s) of the malware in order for the restriction to be removed.

Unfortunately, even when the ‘ransom’ is paid, most often the system remains infected and needs to be wiped clean.

Why Certify? The Significance of ICSA Labs Certification

When it comes to security, many vendors consider certification of its products by an independent organization an option, not a requirement. However, third party testing is an important element when a company is deciding on technology solutions that are part of its security management program.

ICSA Labs Highlights Key Security Trends Affecting Enterprises and Consumers in 2015

Security and privacy challenges are top of mind for everyone, as the Internet of Things and mobile device (and associated application) adoption continues to permeate every major industry. I sat down with our security experts at ICSA Labs to learn more about what major security technology trends they see impacting businesses and their customers in 2015. Here’s what they had to say:

Q&A: George Japak of ICSA Labs Offers Advice around NCSA Month

This month marks the 11th anniversary of National Cyber Security Awareness Month (NCSAM) where raising awareness about cybersecurity is a top priority for both the public and private sector.

Testing Built-In Mobile Device Security Functions

Mobile device manufacturers build an array of security features into smartphones and tablets. I suspect that the majority of us take for granted that these protections function and we assume that they will work properly when needed (e.g., remote wipe). But will they?

For several years, ICSA Labs has performed mobile device security testing on behalf of several mobile device manufacturers and mobile network carriers. Mobile devices are tested before they are available to users.