What is a company/employee handbook? A company handbook is a document which has all the key information that an employee, and others associated with the company might need for compliance and for understanding the companies vision, policy and procedures for general operations and data protection etc. It helps having a central document easily accessible by […]

Purpose The purpose of this Security Awareness Training Policy is to establish guidelines and requirements for the ongoing education and training of all employees, contractors, and third-party vendors of sapnagroup regarding cybersecurity best practices and threats. This policy aims to ensure that all individuals associated with the organization are well-informed and equipped to protect sensitive […]

Every organization has policies and procedures which are shared with the employees, partners, suppliers etc. In an ideal world everything will be fine, however from experience we all know things can go wrong. The management decides on the topics of a training program without checking with the staff or key players what problems employees face. […]

Why does one need a password manager? Central system for all your passwords One password to access all the others Secure way to store passwords What should one look for in a password manager? Sync across devices if needed Backups Master key or alternative recovery option Allows creating folders Allows performing search Active support and […]

Samsung banned the use of generative AI tools like ChatGPT by its employees after an accidental leak of sensitive internal source code by an engineer.  In January 2023, Amazon warned employees about sharing confidential information with ChatGPT after it noticed responses closely matching its existing material Major banks which include Bank of America, Deutsche Bank, […]

The Git project released new versions to address some  of the security vulnerabilities that affect versions 2.40.0 and older. Git was patched to address to fix CVE-2023-25652, CVE-2023-29007, Windows-specific vulnerabilities: CVE-2023-25815, CVE-2023-29011, and CVE-2023-29012. The Git for Windows project released new versions including the fixes for all five of these vulnerabilities. Recommendation and workaround The […]

WordPress is a really popular content management system and being so prone to attacks. sapnasecurity team has accordingly released a guideline to help secure your WordPress admin environment. Recommendation Implementing Two Factor Authentication to prevent unauthorised access Implementing Password Policy Manager/enforcement plugins and ensuring usage of strong password for backend and changing it every six […]

In January 2023, one of our clients reported that a scammer had registered a similar looking domain as that of our client and was using this spoofed domain to send fake invoices to our client’s clients with the scammer’s bank account details.  As an example assume client’s website had the word ‘group’ in it like […]

Change passwords frequently Don’t share your passwords with anyone Don’t write it down Add symbols and upper lower plus alphabets and numbers Sounds familiar? Security experts feel the world is very different now and while we should still stick to the general recommendations for passwords, there are some things we can let go of. Change […]