Direct deposit is a given for most of us. Until it doesn’t work. I definitely remember the days of getting paper checks in the mail….or not.
Our customer – University of Waterloo – recently relaunched their direct deposit functionality that allows employees to add or update their direct deposit bank account information on-line through myHRinfo self-service.
Here’s a link to an article from their Daily Bulletin newsletter
The implementation of ERP Firewall, which provided UWaterloo with additional layers of security on top of their PeopleSoft HCM system, was foundational to the relaunch.
Appsian has been offering security assessments to both customers and non-customers around the potential of a PS_TOKEN configuration vulnerability. Over the past month, we have posted to our blog that PeopleSoft is arguably the most secure ERP platform on the market. The blog contains links to the PeopleSoft red paper and additional information about proper configuration of PeopleSoft to mitigate potential vulnerabilities of PS_TOKEN configuration.
In this session, Greg Wendt, Executive Director, Security Solutions, talks about numerous takeaways learned from our PS_TOKEN assessments. Topics include:
- Mitigation options
- Best practices
- Lessons learned
- Incident Response
- Defense-in-depth for PeopleSoft
The Sony breach – and virally every other recent high profile breach – has finally driven home what GreyHeller has been saying for some time – that the insider threat vector is as dangerous as the perimeter threat vector.
This survey of Federal IT managers in both civilian and defense sectors supports our view: Survey Cybersecurity priorities-shift insider threats
Security concerns from the survey:
- Cyber hygiene
- Spam tactics
Interestingly, data breaches and cyber espionage were further down the list. Really??!! We couldn’t agree less – data breach (leakage, unintentional disclosure, spillage) – is as serious a threat vector as any.
Finding ways to mitigate and remediate after a breach have got to be on the top of any organization’s cybersecurity priority list.
January 5, 2015 – San Ramon, CA – GreyHeller today announced an Insider Threat Security Webinar Series focused on helping organizations protect their ERP sensitive data from malicious and inadvertent insider threats.
The Insider Threat Series will use recent, high profile breaches at Sony and higher education institutions as examples of what could have been done to prevent insider threat attacks.
“Cyber security priorities have shifted in recent years to insider threats as the top attack vector,” said Greg Wendt, GreyHeller’s Executive Director of Security Solutions. “These types of breaches can be mitigated with rigorous ERP system Credentials Management, strict employee training and implementing two-factor authentication, logging and analytics.”
The Insider Threat Security Webinar Series is part of GreyHeller’s commitment to educate users of major ERP systems on how to fight cyber crime and prevent their organizations from becoming the next news headline.
GreyHeller will deep dive into:
- Two-Factor Authentication
- REN-ISEC Recommendations for HCM
- Logging and Analysis
- Data Masking
- Location Based Security
Each webinar is an hour long and begins at 11:00am PST. For more information and to register, click here.
Insider Threat Security Webinar Series
- January 7th: – Secure Higher Education
- January 14th: – Secure Human Resources
- January 21st: – GreyHeller and Duo Security: Delivering Two-Factor Authentication
GreyHeller’s software solutions help nearly 100 global organizations secure their ERP sensitive data from cyber crime. For more information about GreyHeller, please visit www.greyheller.com.