Information Security

Security Considerations for Enterprise Remote Access

By | Data Privacy, Data Protection, Information Security | No Comments

Remote-access technologies are top-of-mind for most IT professionals now, and remote work is a trend which is likely here to stay for the long term. If you’re looking to update your organization’s security policy, NIST has recently published an excellent bulletin outlining some of the unique security challenges posed by remote work.

NIST categorizes remote-access technologies into four main categories: Tunneling, Portals, Direct Application Access, and Remote Desktop Access.  With the rise of BYOD (bring your own device) policies and cloud-based applications, it has become common for organizations to employ multiple solutions for remote access, each with their own unique security considerations.   Regardless of which remote-access technologies your organization is using, it is important to continually ensure each is being used in a way that protects data from compromise.

The NIST bulletin highlights a few important points:

  • Organizations should assume that devices used for remote work will be compromised. Make sure that sensitive data is encrypted, or better yet, implement solutions that don’t store any sensitive data on client devices.
  • Devices used in external environments are under greater risk for compromise than devices in enterprise environments, so tighter security controls are advisable. Security controls can also vary widely by device, so you may need to give more specific security guidance for BYOD devices used for remote work.
  • Each additional form of remote access that is exposed increases the risk of compromise. This can be mitigated by implementing tiers of access for different client devices, and by situating remote access servers so they serve as a single point of entry.

Grey Market Labs is a Public Benefit Corporation with the mission to “protect life online”. Our Advisory services can help you navigate the conflicting and overwhelming enterprise privacy and data protection guidance. Our products provide cost-effective and comprehensive privacy-as-a-service, delivering proactive internet protection for remote work and distributed teams. Simply: we prevent data from being compromised, establish trust between users and protect our customers work, online. CONTACT US to see how we can solve some hard problems together.

Cyber Liability Insurance: Part of a comprehensive security plan

By | Data Privacy, Information Security, Risk and Liability | No Comments

It seems like every day there is a new story about a data breach and how millions of sensitive user records have been exposed.  The financial and healthcare industries are two of the biggest targets with some of the most sensitive data about people’s daily lives.  Theft and exposure of this data can open up these institutions to huge financial losses in the form of lawsuits and lost business.  Companies need ways to prevent and mitigate these potential losses.  Well-designed security protocols and software can prevent many of the data breaches that happen daily.  There will always be some risk of a breach but the use of best practices and strong security software reduces the number of attack vectors and thus significantly diminishes the risk.

Knowing that there always remains the risk of a breach, the question every company should be asking is: Should Your Business Get Cyber Liability Insurance?  As the CEO of (a free consumer resource website covering the credit card industry) points out, “many businesses are now turning to cyber liability insurance to minimize their risk of loss.”  Bill Hardekopf provides a great 101 on Cyber Liability Insurance and why you should consider it.  An important takeaway from the article is that “The insurance provider will evaluate policies, software and hardware to check for potential areas of weakness.”  The provider may even set a minimum standard for obtaining insurance or charge higher premiums for companies with weaker practices and software. Even if the standards aren’t there today, they will be emerging, and they will begin to affect rates and overall liability of a data compromise or a breach.

A good analogy to cyber liability insurance is property insurance, something every business should have.  Basic safety measures like fire extinguishers and smoke detectors are often minimum standards for even obtaining property insurance.  More advanced features like a security alarm system result in discounts on the premium paid for insurance.  In the same way with cyber liability insurance, installing anti-virus software or an advanced counter-exploitation platform could be considered a minimum standard or result in reduced premiums.

Given the importance of preventing a data breach most companies already implement counter measures.  However, given the likelihood a business will be the target of a successful data breach, companies should also consider adding cyber liability insurance.   Having a comprehensive plan for prevention and mitigation will help a company weather any storm that confronts them.



Grey Market Labs is a Public Benefit Corporation founded with the social mission to protect life online for people and organizations. Our software and hardware products are creating a future with privacy-as-a-service, delivering proactive internet protection from the moment of access to countering exploitation of digital behavior and activity. Simply: we prevent data from being compromised, establish trust between users and protect our customers work, online

Contact us to see how we can work together.

Permanent Impressions – how what you do online defines you forever

By | Information Security | No Comments

Imagine strolling through the mall, visiting several stores, trying on some clothes, and reading a magazine that you picked up at Barnes & Noble while you sip your coffee from Starbucks.  Each stop you made and each item you purchased left some impression.  Maybe you had a nice conversation with the sales associate that helped you in the fitting room or the barista that made your drink.  Likely, those encounters won’t leave lasting memories.  The most enduring impression may be the credit card or the Starbucks rewards app you used to make a purchase.  You might also be on a few security cameras.  Maybe also, you have some store apps with location tracking that notify you of a deal when you walk in.  All of these things could leave a lasting impression with a store.  Each of these impressions or encounters leaves a trail or fingerprint.

Now, think of the mall as the internet and each store as a website.  Each store is a business trying to sell you as much as they can.  They want to remember what items you look at and what you buy.  All of this is much easier to do through the internet than in a mall.  Some stores are owned by the same corporate conglomerates and some are independent.  Some data is easily shared between stores helping to create a better profile of your shopping behavior.  However, when you visit a website, you are anonymous unless you create an account and make a purchase, right?

Actually, you’re not as anonymous as you might think to that website you are visiting.  Your browser shares a wealth of information about the computer you are using.  It doesn’t share your name but, it does provide information about the resolution of your monitor(s) or handheld device, the operating system you are using, the specific browser version you are using, and even what fonts you have installed.  It also shares many more seemingly mundane details.  All these details add up to make your unique, digital fingerprint (See for yourself).  Unlike with a real fingerprint, nobody is scanning that last item you touched at the mall or running a DNA test on the coffee you drank to better identify you (hopefully).

So why do I care if my digital or real fingerprint is unique and people can see it?  My fingerprint isn’t known to anyone so how does it help a website to track it?  Well, chances are you visited quite a few stores on the internet looking for the best deal and your digital fingerprint is being collected by each of those sites.  Those sites that share information with affiliate sites can now combine that information to begin creating a partial profile of your viewing behavior.  Remember that stop to read a magazine at Barnes & Noble or instead on the web when you went to TMZ to find out what Kim Kardashian was wearing last week so you could buy that dress?  News sites rely on advertising and those advertisers are keen to track who you are and what you read to better target you with the items you want to buy.  The kicker here is that the advertising is typically fed in from a larger advertising network which is distributed across thousands of sites.  Much like the stores with shared owners, these ad networks are collating your profile across many independently owned news sites.  The stores in can turn can pay for this information to better target your profile.

Are we still anonymous at this point?  Let’s say for the sake of argument that we are but that this anonymous profile has grown quite substantially and can be confidently linked together via your unique fingerprint.   Now, you’ve done your homework and you’ve found a great knockoff of that Kardashian dress and you’re ready to buy.  So, you create an account (or you don’t) and you put in your payment method, name, and shipping address.  At this point you are no longer anonymous to the site you are making a purchase from.  Along the way though, you left quite a trail with your unique fingerprint.  Each place that fingerprint was shared via common owners or ad networks has now potentially left an indelible profile of your online behavior.   All of this is now linked to your name and home address.

This is just one very common scenario through which you expose yourself daily on the web.  There are much more complex methods for uniquely identifying users.  Some banks even track biometric factors such as mouse movement and keystrokes for fraud prevention but these same techniques have also been used for more malicious purposes such as gathering insider trading information or compromising information about prominent individuals.



Grey Market Labs is a Public Benefit Corporation founded with the social mission of protecting life online for people and organizations. Focused on building the most comprehensive and realistic counter-exploitation platform for the enterprise, our software and hardware products are creating a future with privacy-as-a-service. Our Opaque platform delivers proactive internet protection from the moment of access to countering exploitation of digital interactions, behavior and activity. Bottom line, we prevent digital exploitation and stop the targeting of corporations, agencies and their employees online.

Contact us to see how we can work together.