Press Release 彙整 - 頁94，共769

What is the Principle of Least Privilege (PoLP)?

How does the principle of least privilege work?

Technically speaking, the principle of least privilege—often called the minimum privilege principle—is rooted in the Zero Trust security philosophy. Access is restricted not only to specific resources and data but also to application functions, so users see only the features they need.

Identify essential job functions and map out the precise permissions required for each role.
Allocate minimal privileges to users, granting access only to the data, systems, and application features critical for their tasks.
Monitor and adjust privileges over time, especially as roles evolve or employees join and leave.

By integrating PoLP with Zero Trust Network Access (ZTNA) 2.0, organizations can dynamically verify every access request, reducing the risk of privilege misuse and lateral movement by threat actors.

Why is the principle of least privilege important?

Let’s look at a hypothetical situation. Say an HR employee has access to the human resources management system to update employee records. But if they also have access rights to access the IT infrastructure, which are not essential for their HR-related tasks, the risk of a full-blown data breach increases significantly in the event their account is compromised.

The hypothetical above showcases the principle of least privilege benefits, which include:

Reduce the potential attack surface: Limiting user access privileges means fewer opportunities for bad actors to exploit those privileges.
Minimize the impact of exploits: Even if a hacker can gain unauthorized access to the user’s account, the security principle of least privilege confines the possible damage.
Come closer to adhering to regulatory frameworks such as GDPR and HIPAA: Regulatory frameworks such as GDPR and HIPAA require strict access controls. By applying PoLP and ensuring users have access only to the information and systems essential for their tasks, an organization can get closer to being compliant with various regulations.
Improve security within the hybrid work environment: In a hybrid work environment, where employees access systems remotely, maintaining strict access controls becomes even more important. Implementing the principle of least privilege ensures that the security risks associated with remote access are reduced significantly.

Zero Trust vs Least Privilege

In modern digital security, Zero Trust and the principle of least privilege in cybersecurity are the two sides of the same coin. Zero Trust demands that every access attempt be continuously monitored and verified, while PoLP ensures that, once granted, access remains narrow and appropriate.

Zero Trust is a cybersecurity concept built on another simple idea: never trust, always verify. Unlike the traditional security frameworks, Zero Trust Security assumes that threats can come from within as well as outside the network.

At its core, Zero Trust embodies the principle of least privilege by enforcing strict access controls and permissions. Every access or connection request, regardless of origin, is treated as untrusted until verified otherwise. This stringent verification process is an extension of PoLP’s main idea — to provide users with only the necessary access levels.

In practice, Zero Trust treats every access request as if it’s the first request coming from an untrusted network. Each request is always re-authenticated regardless of previous requests or connections. In this sense, you can think of Zero Trust as a dynamic framework while PoLP can be considered static because it provides users with specific access rights that remain the same unless adjusted.

To make the distinction between Zero Trust and PoLP clearer, let’s imagine a high-end office building. In this case, Zero Trust would be the foundation of the building’s security system, which requires employees, regardless of their position, to use an access card to enter the office building and other facilities. The principle of least privilege, in this scenario, could be likened to the specific programming of access cards based on the employee’s role: for instance, providing the IT staff with access to server rooms, while not granting the same privileges to, say, the marketing team.

What is Privilege Creep?

Privilege creep is a term that refers to a user who gradually accumulates more access rights than are required to execute their function. Privilege creeps most often comes into being due to role changes that do not trigger an adjustment concerning access privileges. When thinking about organizational cybersecurity, privilege creeps pose a serious risk where unauthorized access to a single account could lead to an enterprise-wide data breach.

Here are best practices when it comes to the principle of least privilege, helping to prevent privilege creeps from materializing:

Implement role-based access controls: Clearly define roles and associated permissions to make sure access rights are granted based on the necessities of the job.
Conduct regular access reviews: Schedule periodic reviews of user privileges to identify and rectify any discrepancies or excessive access rights.
Enforce a Zero-Trust security approach: Adopt a zero-trust policy where no user is trusted by default. Verify every access request, regardless of the user’s position within the organization.
Make use of automated tools: Leverage automation for managing access rights. Tools like Privileged Access Management (PAM) systems can help in monitoring and controlling access rights efficiently.
Promote security awareness: Educate employees about the risks of privilege creep and the importance of adhering to cyber security protocols.

By proactively managing user permissions and educating employees, you can significantly mitigate the risk of privilege creep and enhance your organization’s overall security posture.

How to Implement the Least Privilege Principle in Your Organization

Adopting the principle of least privilege in your organization can be a lengthy process; however, the juice is well worth the squeeze. Once your organization operates under PoLP, the potential attack surface will shrink significantly. Here are a few best practices when it comes to the implementation of PoLP:

Define access requirements clearly: Before adopting the principle of least privileges in your organization, you need to have a clear understanding of the data access needs of various roles within the organization.
Implement Role-based access control (RBAC): Once you have a clear understanding of access requirements, setting up RBAC will be a lot easier. You’ll need to create roles based on job functions and assign permissions to these roles rather than for individual users.
Utilize Just-In-Time (JIT) privilege access: Enhance security by granting time-limited privileges on a need-to-use basis. Establishing JIT access privileges will restrict the window of opportunity for access to sensitive data, minimizing the risk of insider threats or external breaches that would exploit user access privileges.
Enforce Multi-factor authentication (MFA) and password policies: Strengthen the authentication processes by establishing MFA as an additional layer of security next to company-wide password policies. MFA ensures that even if the password of a critical account is compromised, the attackers will not have a chance to access it as they will not have another authentication factor required.
Implement system monitoring: Establish surveillance of system and user activities to quickly identify and respond to abnormal access patterns or potential security incidents.

How can NordPass help?

These days, when access points seem to multiply as fast as potential security threats, adopting the principle of least privilege within a business setting should be a no-brainer. PoLP implementation can reduce, quite significantly, the organization’s attack surface and generally improve overall cybersecurity. There’s also the added benefit of coming closer to compliance with various regulatory frameworks such as HIPAA or GDPR.

While the adoption of PoLP can be challenging, there are tools that can make this a lot easier and NordPass Enterprise is one of them. It’s an enterprise-grade password manager that’s built on the principle of the Zero-Knowledge architecture and is equipped with the XChaCha20 encryption algorithm.

But that’s just the tip of the iceberg. NordPass’s integration with Single Sign-On (SSO) is a key asset in adopting PoLP. By allowing users to use a single set of credentials to access multiple resources, SSO simplifies authentication and enhances security. NordPass Enterprise is compatible with major identity providers such as Microsoft Azure AD, MS ADFS, and Okta. This centralized management system is effective in preventing unauthorized access and minimizing potential security breaches by assigning user access based on specific roles.

NordPass also helps organizations in managing user access effectively. It allows administrators to assign, revoke, or modify user access to login credentials, personal information, payment card data, and other sensitive data according to specific needs. This flexibility, powered by the Activity log feature, is critical when adopting PoLP. For teams looking to streamline this process and enforce access control across departments, NordPass Teams offers practical, scalable solutions. It’s particularly useful for IT managers and decision makers aiming to balance ease of use with advanced security protocols. Thanks to this functionality, organizations can easily adjust access rights in response to changes in roles or employment status.

Learn more about how NordPass Enterprise can benefit your organization’s overall security strategy by visiting the official NordPass Enterprise website.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

ESET announces major integration with Splunk SIEM

ESET PROTECT, including its Detection and Response capabilities, integrates seamlessly with Splunk SIEM.
This integration empowers security admins to benefit from endpoint protection data correlated with other security insights in Splunk, facilitating rapid investigation and automated workflows.
Easier aggregation of ESET detection events with broader security telemetry within Splunk ensures holistic insight and a way for security teams to do more with fewer tools and less manual work.

BRATISLAVA — April 28, 2025 — ESET, a global leader in cybersecurity solutions, today announced a new major integration of its ESET Endpoint Management Platform (ESET PROTECT) with Splunk, a leading security information and event management (SIEM) platform.

Security professionals often find themselves stretched thin due to a general lack of resources, including talent. This presents opportunities for incomplete visibility and delayed response, which can be devastating in an era of burgeoning cyber-attacks. Thus, there is a demand for simpler workflows and enhanced efficiencies. This though requires a different approach, which is why integrations have become critical.

At ESET, we’ve already integrated our ESET PROTECT Platform or its modules with multiple solutions such as Microsoft Sentinel, Stellar Cyber, or IBM QRadar, and we are continuing this journey with the Splunk SIEM.

Splunk is widely used for IT operations, security, and business analytics, helping organizations gain valuable insights from their data. It is designed for searching, monitoring, and analyzing machine-generated big data via a web-style interface. It captures, indexes, and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards, and visualizations. It supports a wide range of data sources and provides tools for data ingestion, processing, and visualization, making it a versatile solution for managing and interpreting large volumes of data efficiently.

The ESET PROTECT Platform, including its Detection and Response capabilities (ESET Inspect), integrates seamlessly with Splunk SIEM, enabling organizations to consolidate security alerts and telemetry into a single pane of glass by:

Streaming ESET endpoint alerts directly to Splunk in real-time, allowing for immediate correlation with firewall logs, IDS/IPS data, and user activities.
Splunk can also query ESET for deeper endpoint insights and response actions. ESET can leverage Splunk’s advanced analytics and customized detection rules.
Splunk’s alerting and workflow capabilities can automatically trigger containment and remediation actions.

To achieve all this, ESET is supporting two approaches to data sharing:

Syslog-based integration – ESET PROTECT can export syslog-format events to Splunk.
API-based integration – ESET provides REST APIs allowing Splunk to query and pull relevant security events and telemetry directly.

Thanks to our varied data sharing methods, we can cater to diverse client architectures, leaving no one behind when it comes to their security needs or wants. Businesses of any size can benefit here, achieving a prevention-first security posture with a streamlined approach to threat response.

“At ESET, we are committed to improving our customers’ experience. This integration can augment their existing security toolset, supplying ESET threat data with network and user activity logs, enabling faster threat detection without the need to hop between multiple consoles,” said Pavol Šalátek, Director of Global Business Partnerships and Alliances at ESET. “This is also a boon for MSPs, which can integrate ESET data into their existing Splunk environments, offering advanced detection and response services for their diverse clientele,” he added.

Security analysts, incident responders or IT admins will find that by harnessing the award-winning power of the ESET PROTECT Platform, with its low impact on performance and capability to offer deep insight into devices, can enhance any existing setup, leading to risk reduction, satisfying business leadership and regulatory compliance.

Learn more about the way we approach integrations on our dedicated ESET integrations webpage.

Discover more about the ESET PROTECT Platform’s comprehensive power.

Find out how Splunk enhances threat response.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

About Version 2 Digital

ESET 2025

Cybersecurity in digital marketing: Protecting your campaigns, data, and reputation

Summary: Explore essential cybersecurity strategies to protect digital marketing campaigns, safeguard customer data, and maintain brand reputation in a complex field of security threats.

Effective digital marketing is vital for businesses today, but so is protecting it. However, the rapid expansion of this field also exposes companies to increasing cybersecurity threats. Data breaches, phishing attacks, and malicious ads can jeopardize sensitive information, disrupt digital marketing campaigns, and damage a company’s reputation.

In 2023, cybercrime damages were estimated at $8 trillion globally and are expected to rise to $10.5 trillion annually this year. Marketing platforms are frequent targets due to their access to customer data and advertising networks.

As cybersecurity threats are here to stay, marketers must prioritize cybersecurity to ensure the safety of their campaigns, data, and reputation. Ensuring robust cybersecurity measures in digital marketing is no longer optional—it is essential.

Why cybersecurity is important in digital marketing

As businesses continue to invest heavily in digital marketing, securing these efforts becomes crucial. Without proper cybersecurity measures, brands risk losing sensitive data, damaging their reputation, and experiencing financial losses. Here’s why cyber security should be a top priority if the organization engages in many digital marketing activities:

Protecting customer data

Digital marketers handle vast amounts of personal data, including customer names, email addresses, and payment details. This makes them a prime target for cybercriminals who seek to exploit vulnerabilities in marketing platforms. A single breach can expose thousands—or even millions—of records, leading to financial and legal consequences. Implementing operational security measures helps protect this sensitive information and build customer trust.

Maintaining brand reputation

A security breach can significantly damage a brand’s reputation. When customer data is compromised, trust is lost, which can lead to decreased customer loyalty, negative publicity, and revenue loss. Consumers expect brands to safeguard their personal information, and a failure to do so can have lasting repercussions. Cyber security measures are essential to protect sensitive information and maintain the brand’s credibility.

Ensuring business continuity

Cyber-attacks can disrupt websites, analytics tools, and digital marketing platforms, leading to downtime and financial losses. Marketing teams drive traffic to their websites for conversions, and any disruption to the website can derail key initiatives. If a website crashes, marketers will feel significant turbulence, as their campaigns rely heavily on seamless access to e-commerce stores or SaaS products. Strong security measures can help businesses ensure seamless operations and avoid costly interruptions.

Compliance and regulations

Laws such as GDPR and CCPA require businesses to secure customer information and respect privacy. Failure to comply with these regulations can result in hefty fines, legal battles, and reputational damage. Digital marketers should collaborate closely with infosec teams to align marketing practices with legal requirements, ensuring both compliance and consumer protection.

Main cyber threats in digital marketing

The digital marketing field is full of opportunities—but also risks. While attackers may target vulnerabilities in digital marketing platforms, we have limited control over those weaknesses. Cybercriminals often aim to gain access to platforms containing sensitive customer information by stealing credentials or guessing login details. Focusing on these areas allows us to take proactive measures to protect data and mitigate risks.

Key cyber threats digital marketing faces today

Phishing attacks

Phishing is one of the most common threats. Cybercriminals use fake emails, messages, and even social media ads to trick marketers into revealing login credentials or downloading malicious attachments. These phishing attacks often appear as legitimate requests from trusted sources, making them difficult to detect. Once attackers gain access to accounts, they can manipulate marketing assets, hijack accounts, send fraudulent emails, and compromise customer information.

Data breaches

Marketing teams rely on CRM systems, email lists, and customer databases to manage relationships and target audiences effectively. Unfortunately, these platforms are prime targets for attackers. A data breach can expose customer information, financial records, and internal business data, leading to financial losses, regulatory penalties, and reputational harm.

Account takeover attacks

In these attacks, cybercriminals steal credentials to gain unauthorized access to your accounts, such as PPC platforms or social media profiles. Once they have control, they can misuse your budget or damage your brand reputation by deleting content and impersonating you.

This type of attack can go unnoticed until significant harm has been done. To prevent them, implement strong authentication measures, use complex passwords, and enable multi-factor authentication (MFA) options.

Website and social media hijacking

Unauthorized access to a company’s website or social media accounts can lead to misinformation, fraudulent promotions, and reputational damage. Bad actors can post misleading content, redirect visitors to malicious sites, or delete valuable digital assets. Enforcing strict access controls and monitoring login activity can help prevent such incidents.

Click fraud

Bots and automated scripts inflate ad metrics by generating fake clicks, leading to wasted ad spend and distorting campaign results. Click fraud can drain digital marketing budgets while providing no real engagement or conversions. Marketers should leverage fraud detection tools to identify suspicious activity and mitigate financial losses.

DDoS Attacks

Distributed Denial of Service (DDoS) attacks can overwhelm a brand’s website, CRM systems, or advertising networks by flooding them with excessive traffic. This results in website downtime, disrupted marketing campaigns, and lost revenue. A well-orchestrated DDoS attack can prevent users from accessing online stores, landing pages, and promotional materials, directly impacting customer engagement and sales.

Recognizing these cybersecurity threats helps marketers take proactive steps to secure their campaigns, ensuring both data integrity and customer trust.

Email marketing threats and how to mitigate them

Email campaigns are powerful tools for engaging customers, nurturing leads, and driving sales. However, they are also one of the most targeted channels for cyber threats, as attackers exploit the trust between brands and their audiences.

One of the biggest risks in email marketing is phishing, where cybercriminals send fraudulent messages that appear to come from a trusted brand. These emails often contain malicious links or attachments designed to steal credentials, infect devices with malware, or trick recipients into making unauthorized transactions.

Business Email Compromise (BEC) is another serious threat, where attackers hijack or spoof official company emails to send fake invoices or payment requests. Additionally, email spoofing—where attackers forge sender information—can mislead recipients into believing that fraudulent messages are legitimate, leading to scams that damage trust in a brand.

To mitigate these risks, businesses should implement authentication protocols like two-factor authentication, SPF, DKIM, and DMARC, which help verify sender identities and prevent spoofing. Secure email gateways can filter out phishing attempts and malware before they reach inboxes, reducing the chances of a breach.

Marketers should also be trained to recognize suspicious emails, avoid clicking unknown links, and report potential scams. Furthermore, encrypting data and monitoring for brand impersonation can help protect both businesses and their audiences. By prioritizing email security, digital marketers can maintain trust, safeguard sensitive information, and prevent costly cyber incidents.

Best cybersecurity practices for digital marketers

From securing confidential data to preventing fraudulent activities, following cybersecurity best practices keeps your marketing campaigns safe and your brand reputation strong. Here are some key measures every marketer should adopt:

1. Implement layered authentication measures

Using multi-factor authentication (MFA) or two-factor authentication (2FA) significantly reduces the risk of unauthorized access to digital marketing platforms. These measures require an additional layer of verification beyond just a password, making it more difficult for cybercriminals to infiltrate accounts.

Additionally, check if your platform supports IP allowlisting, which adds another layer of security by restricting access to specific IP addresses. Effective identity access management, combined with these authentication methods, has been shown to prevent over 50% of potential breaches, showcasing its critical role in protecting sensitive information.

2. Use strong, unique passwords

While MFA provides an extra layer of security, it is not a replacement for strong passwords. Weak or reused passwords remain one of the most exploited vulnerabilities in cyber-attacks. Digital marketers should use complex, unique passwords for each account and change them regularly. Additionally, consider using Single Sign-On (SSO) methods whenever available, as they eliminate the need for traditional email and password combinations—if there’s no password created, it cannot be stolen.

A password manager can also help securely store and manage credentials, reducing the risk of compromised accounts. Encouraging employees to adopt strong password policies protects not only digital marketing data but also the broader business infrastructure.

3. Secure marketing platforms and data

Today, most tools are web-based, which means traditional software updates are less relevant. Instead, it’s crucial to focus on the smart selection of tools. Marketers often get mesmerized by features, capabilities, and pricing, but they must also consider important security factors.

When choosing a platform, check for security certifications, the option to enable multi-factor authentication (MFA), and other security features. Sometimes, it’s necessary to compromise on advanced capabilities in favor of tools that prioritize customer data security over flashy functionalities. This approach ensures that sensitive information remains protected against potential threats.

4. Use enterprise browsers

Enterprise browsers like Chrome Enterprise, Edge for Business, and the upcoming NordLayer’s Enterprise Browser offer built-in security features such as malware protection, phishing prevention, and sandboxing, significantly reducing cyber risks for marketing teams. For IT administrators, these browsers enable policy enforcement, extension management, and data loss prevention (DLP), ensuring company-wide security compliance.

5. Monitor and analyze network traffic

Using security tools such as NordLayer’s network visibility solutions helps detect unauthorized access and anomalies within the network. While marketers typically focus on campaign performance, continuous network monitoring is essential for IT and security teams. It enables them to identify suspicious activity, detect potential breaches early, and take preventive action before serious damage occurs. This proactive approach ensures that marketing data remains secure and protected from cyber threats.

6. Educate teams on cybersecurity

Training marketers to recognize phishing attacks and cybersecurity threats can prevent potential breaches. Many cybersecurity firms offer training programs tailored for digital marketing teams, helping employees stay informed about possible security risks. Awareness and vigilance play a key role in reducing cyber threats.

7. Limit access to sensitive data

Only grant necessary permissions to team members handling digital marketing campaigns. Implementing role-based access control (RBAC) strengthens cyber security by restricting access based on job responsibilities.

Marketing managers should collaborate with the IT and security teams to inform them about new sensitive data locations and ensure that appropriate network segmentation strategies are implemented. By minimizing the number of people with access to confidential data, businesses can reduce the likelihood of insider threats and accidental exposure.

8. Use a secure VPN and Cloud Firewall

A business VPN encrypts internet connections, keeping remote teams and public Wi-Fi users secure. It’s also widely used in marketing for testing ads in different regions. However, it’s important to use the VPN at all times, regardless of specific marketing needs, to enhance overall security. Pairing it with a Firewall-as-a-Service, such as NordLayer’s Cloud Firewall, further strengthens protection by blocking malicious traffic and controlling access to marketing tools.

A cloud firewall ensures that only authorized teams and departments can access specific environments, safeguarding sensitive information such as future campaign plans, customer data, and commercial secrets. By restricting access to only those who need it, businesses can prevent unauthorized exposure and maintain the confidentiality of critical marketing assets. It’s essential for marketers to collaborate with the IT team to ensure proper configuration and management of these security measures.

9. Secure your email workflows

Use authenticated email protocols (SPF, DKIM, DMARC), scan outbound content for risks, and secure your subscriber databases. Educating your team and regularly auditing your email marketing tools can significantly reduce security risks while maintaining trust with your audience.

10. Monitor ad campaigns for fraud

Regularly reviewing ad performance and using fraud detection tools can help identify click fraud and bot traffic, protecting your ad spend. Marketers should work with trusted advertising platforms that offer built-in fraud prevention mechanisms to ensure ad budgets are used effectively.

Strengthen your cybersecurity digital marketing with NordLayer

To protect digital marketing strategies from cybersecurity threats, NordLayer offers comprehensive security solutions that enhance operational security measures:

Business VPN: Ensures encrypted internet connections, protecting personal data from cyber threats.
Cloud Firewall: Provides secure access control to marketing platforms and protects sensitive data from unauthorized users.
Password management: Securely stores and manages credentials, reducing the risk of compromised accounts.
MFA & IP allowlisting: Enforces security measures before users connect to sensitive environments.

By implementing NordLayer’s security solutions, businesses can safeguard data stored in digital marketing tools, protect customer information, and maintain their company’s reputation. Learn more about e-commerce cybersecurity and retail cybersecurity to strengthen your cybersecurity framework today.

Cybersecurity in digital marketing is no longer an afterthought—it’s a necessity. As cyber threats continue to grow, businesses must remain proactive in implementing strong security measures. Taking the right precautions ensures the long-term success of marketing efforts while protecting customers and brands from potential security risks.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

About Version 2 Digital

Nord Security 2025 NordLayer

keepit-and-leading-b2b-platform-company-ingram-micro-announce-strategic-go-to-market-relationship-in-the-uk

Keepit named winner in three categories at the 13th Annual Global InfoSec Awards at #RSAC 2025

Copenhagen, Denmark – April 28 – Keepit, a global provider of a comprehensive cloud backup and recovery platform, today announced it has secured coveted awards at the 2025 Global Infosec Awards, cementing its status as industry leader in cyber resilience. Keepit was named winner in three cybersecurity categories: “Market Innovator Cyber Resilience”, “Cutting Edge Data Protection” and “Editor’s Choice Secure SaaS Backups”.

Keepit protects ever-increasing SaaS data, ensuring business continuity and cyber resilience. With offices and data centers around the globe, Keepit supports over fifteen thousand companies to secure business critical data from cyberthreats and other disruptions.

“We’re excited to receive one of the most prestigious and coveted cybersecurity awards for our Keepit platform. Protecting SaaS data has become more critical than ever and Keepit continues to do its part to support customers in ensuring business continuity. We believe that resilience starts with intelligent choices – choosing the right backup and recovery partner is one of those choices that defines disaster recovery capabilities for companies around the globe,” said Michele Hayes, CMO at Keepit.

“Keepit provides a cost-effective solution that helps mitigate cyber risks. With the Keepit platform, companies can stay one step ahead by future-proofing their cyber resilience strategy. We’re thrilled to name Keepit a winner in three categories at this year’s Global Infosec Awards,” said Gary S. Miliefsky, Publisher of Cyber Defense Magazine.

Keepit has been recognized by the industry

Keepit’s commitment to innovation, security, and reliability has positioned the company as a leader in the cybersecurity industry. The Keepit platform was recently recognized by the Data Breakthrough Awards by naming Keepit “Data Security Solution of the Year”. Keepit also triumphed at the Cloud Awards 2024/25 in the “Best Cloud-Native Project / Solution” and “Best Cloud DR / Business Continuity Solution” categories. Keepit was also awarded at the 2024 Backup and Disaster Recovery Awards, underscoring the company’s commitment to intelligent recovery. A list of Keepit awards and endorsements can be found on the company website.

About Keepit

Keepit provides a next-level SaaS data protection platform purpose-built for the cloud. Securing data in a vendor-independent cloud safeguards essential business applications, boosts cyber resilience, and future-proofs data protection. Unique, separate, and immutable data storage with no sub-processors ensures compliance with local regulations and mitigates the impact of ransomware while guaranteeing continuous data access, business continuity, and fast and effective disaster recovery. Headquartered in Copenhagen with offices and data centers worldwide, over fifteen thousand companies trust Keepit for its ease of use and effortless backup and recovery of cloud data.

Download the report

Defining data governance and data classification

So, what is data governance and how does it relate to cyber resilience?

Existing under the broad umbrella of data management, data governance is a program — implemented via policies and standards — intended to ensure the availability, quality, and security of an organization’s data in accordance with applicable regulations and obligations (e.g., adhering to industry standards, fulfilling requirements for certifications, etc.).

Within data governance, data classification is the process of separating and organizing data into relevant groups (“classes”) based on their shared characteristics, such as the level of sensitivity, risks they present, and the compliance regulations that protect them.

Data governance underpins cyber resilience plans

An intelligent data governance program delivers several beneficial outcomes for organizations:

It helps to ensure the availability, quality, and security of an organization’s data, making it a foundational pillar of business continuity.
Data governance helps improve overall data accuracy and impacts outcomes based on that data — which can range from comparatively simple day-to-day business decisions and operations to more complex, forward-looking initiatives including AI-focused programs.
It helps to support organizational efforts to comply with regulations and other obligations, making it a cornerstone of compliance.
An effective data governance program also permeates the entire organization, increasing data literacy, data accessibility, and data scalability.

Do you know where your data is?

Of course, disaster recovery planning cannot start without a clear understanding and mapping of your data and its significance to your business. What data is crucial for us to continue running our operations? Who needs access to which data to do their job? Where do we store all of this critical data?

Knowing the answers to these questions will start your journey towards ensuring continuity in cases of data loss or cyberattacks. This is achieved through an efficient and effective data governance framework.

I hope that, with our new report in hand, CISOs and CIOs will be able to future-proof their modern, data-driven enterprises through effective data governance.

About Keepit’s new report, “Intelligent data governance: Why taking control of your data is key for operational continuity and innovation.”

Our report takes a practical approach to data governance by offering a resource to organizations for creating or adopting a framework that works best for them.

Key takeaways from the report:

-Major trends shaping enterprise IT

-The importance of “always-on” data

-Resilience against data loss and corruption

-Data governance as an investment

-A practical approach to data governance

-10 questions for board discussions

Get the full report

Data governance Cyber resilience Data protection IT leadership

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

About Version 2 Digital

Keepit 2025

How to capture screenshots and take screen recordings on your Mac

The saying “a picture is worth a thousand words,” may need to be updated to say that a screen capture or screen shot says a thousand words, because so many professionals rely on their Macs to capture an image or video of their screens to share.

If you are a Mac user who’s looking for the quickest, most straightforward way to take screen captures and screenshots on Mac, I’ve got you covered.

Ready to capture screens and snap screenshots on your Mac? Get started with Parallels Desktop with a 14-day free trial.

5 ways to take a screenshot on Mac

There are five ways you can capture screenshots using your Mac.

Unlocking your Mac’s full potential goes beyond knowing how to open a browser and finding your favorite apps.

Learning how to capture and share what’s on your screen effectively can streamline your workflow, improve collaboration, and help you share your creativity.

Let’s look at several methods for capturing screenshots on your Mac like a pro.

1. Capture a portion of your screen

The simplest and most commonly used way to capture a screenshot is to use the Command-Shift-4 keyboard shortcut.

This method is like the snipping tool you may be familiar with from using PCs.

Here is how to take a screenshot of a portion of your screen on Mac:

Press Command-Shift-4 to change the pointer to a crosshair.

Select the area of the screen you want to capture by dragging the cursor.

After releasing the mouse button, the screenshot appears as a PNG image on your desktop.

You can use it as a supporting image in a blog or social media site or send it as an email attachment.

2. Capture your entire screen

This shortcut captures your entire screen, making it useful when you want to show what’s happening on your screen or share an error with IT support.

Other tabs and chat boxes will be visible in the screenshot, so be sure to close out anything that you don’t intend to share.

Here’s how to take a screenshot of your entire screen on Mac:

Press Command-Shift-3 to take a screenshot of the entire screen.

The screenshot will appear as a PNG image on your desktop.

You can then upload it to a messaging platform like Slack or Teams or add it to an email.

3. Take a screenshot of a single active window

Highlight a dynamic feature, like the menu bar with an item selected.

Active screenshots are great for creating tutorials, documenting interactions with software or websites, or similar dynamic processes.

Here’s how to copy a screenshot of an active page on Mac:

Press Command-Shift-4 to change a pointer to a crosshair.

Tap on the spacebar on your keyboard. The cursor will change to the camera icon.

Select the active application window you want to capture by moving your cursor and highlighting the active window.

Click the mouse button on the window you want to capture. The screenshot will appear as a PNG image on your desktop.

Alternatively, you can paste the screenshot by navigating to the location you want to share the image (Slack, Teams, etc.) and press Command-V.

4. Customize your screenshot or record your screen

This shortcut lets you capture a customized screenshot by selecting the size or window to screenshot. It also gives you easy access to the recording button.

Here’s how to customize your screen or record on your screen on Mac:

Press Command-Shift-5. A clip box with a white-gloved hand will appear on your screen

Drag the corners of the box to select the sections you want to screenshot.

Use the options at the bottom to adjust your screenshot. Select the entire screen, choose a different window, or use the recording button to take a video of all or a portion of your screen.

The screenshot or recording file will appear on your desktop.

5. Take a screenshot of your Touch Bar (if available)

In some cases, you may need to take a screenshot of the items in your Touch Bar.

While this is a less common application, it can be helpful if you are working with IT support or writing a detailed tutorial.

Here’s how to take a screenshot of the Touch Bar on a Mac:

Open System Preferences and select Keyboard.

Click on “Customize Control Strip” and drag the Screenshot button to your Touch Bar.

Use this button to take screenshots as needed.

How to screen capture an active window on a Mac

Using the screenshot menu

You can screen capture an active window by performing the following steps:

Open the Mac screenshot menu by pressing Shift + Command + 5.

A small bar will appear at the bottom left of the screen with three icons. Choose whether to screen capture a specific window, a highlighted section, or an entire screen.

Click the “capture” button when you’ve selected the area you want.

Choose where you’d like to save the screen capture, the length of time you want to record, and more in the Options menu.

Without using the screenshot menu

If you’d like to take a screen capture in an active window without using the screenshot menu, follow these steps:

Click Shift + Command + 4.

Click and drag the crosshair cursor to create a highlighted section. When you let go of the mouse, you’ll have the screen capture on your Mac’s desktop.

How to take a screen recording on a Mac

There are several ways to take a screen recording on your Mac.

Using the Screenshot toolbar

Press Shift + Command + 5 to record the entire screen, a portion that you select, or a still image.

Click “Record Entire Screen” or “Record Selected Portion” option.

When you’re ready, click “Record” or press Command + Control + ESC to stop recording.

Using the QuickTime player

You can also take a screen recording using the QuickTime player.

Start by opening the QuickTime player.

Select File > New Screen Recording. This will bring up the screen recording toolbar.

Use the options menu to choose what to record, including the area you want to record or the entire screen. You’ll have to select the area prior to clicking the record button.

You can also choose to use your own voice over with the built-in microphone or if you want mouse clicks to show in the recording.

Choose where to save the recording at this point as well.

To begin, click the record button. To stop the recording, click the stop button or press Command + Control + Esc.

How to use the snipping tool for a Mac Screen capture

To use the built-in snipping tool on a Mac, you can use the following keyboard shortcuts or the Screenshot app.

Keyboard shortcuts

Command + Shift + 3 = capture the entire screen and save to the desktop

Command + Shift + 4 = capture only a selection portion of the screen

Command + Shift + 4 + Space = capture a window.

Press the Control key combined with any of the above screenshot shortcuts to save the screen capture to the clipboard.

Using the Screenshot app

To use the Screenshot app to access the Snipping tool on Mac, open the app and select whether to capture or record.

Click on Options to set a length of time to record and where to save the file.

Click capture or record to start and stop to finish.

Editing screen captures on a Mac

To edit the screen captures you take on a Mac, right click on the screenshot or capture and choose to open it with Preview.

From there, you can crop, mark up, resize, or otherwise annotate the screenshot.

What happens if the screen capture area tool or screenshot app isn’t working on macOS?

Sometimes the keyboard shortcuts may not work on your Mac.

You press the buttons or make the right clicks, but nothing happens.

There are a few reasons why this might happen — and it’s usually related to your settings.

Parallels Desktop users, for example, may find that updating their MacOS makes tools that worked previously stop working.

In this case, you’ll need to give Parallels Desktop permission to record the screen.

If you are a Mac user, the issue might be your system settings. Start by navigating to the Apple menu, then select:

System setting > Keyboard > Keyboard shortcuts > Screenshots

Make sure all the items on the list are checked off. Try the shortcuts above again, and you’ll likely find they work.

How do you take a screenshot on a Mac without pressing buttons?

What if you don’t have a keyboard or your keyboard isn’t working?

Good news—you can still take a screenshot using just your mouse!

Here’s how:

Select the Finder icon in your Dock (that’s the little blue and gray face).

Choose “Applications,” then find the “Utilities” folder.

Within the Utilities folder, you’ll see a camera icon labeled “Screenshot.” Double click.

The tool will open, allowing you to use the same options as Command-Shift-5, including adjusting your screenshot, taking a recording, and other actions.

Another option is to add a screenshot tool to your Touch Bar:

Navigate to System Preferences > Keyboard > Customize Control Strip.

Drag and drop the screenshot button to the Touch Bar.

How to save your screenshots and screen captures directly to your clipboard on Mac

Want to save your screenshots to your clipboard to copy and paste elsewhere? You can save your screenshots directly to your clipboard instead of saving them as files on your desktop.

This is useful if you want to paste the screenshot into another application, such as an email, document, or image editor.

Here’s how to do it:

To capture your entire screen and save it to your clipboard, press Control + Shift + Command + 3.

For a selected portion, press Control + Shift + Command + 4, then select the desired area.

For a specific window, press Control + Shift + Command + 4, then press the Spacebar, then click the window.

Then you can paste the screenshot into your document or image editor using Command + V.

Why would you need to capture your screen or take a screenshot on a Mac?

Taking a screenshot on a Mac is easier than ordering takeout, thanks to the different shortcuts offered.

With just a few taps, you can take a screen capture to share with coworkers, add to a blog post, or save a favorite image or photo.

You can use screenshots, screen captures, or screen recordings to help troubleshoot technical issues, or create tutorials, demos, and how-to guides.

Screen captures facilitate connection and engagement. Your audience sees what you see.

Technical teams, such as developers collaborating on code or app testing, can provide instant feedback and address gaps in performance or functionality.

Sending a screen capture reduces time and frustration attempting to both describe and understand a problem for a team member and the IT department.

Demonstrating workflows, features, and user interfaces in a recording are more effective and appealing for both internal and external users, because they can understand how things are done by seeing it happen.

Streamline your day by mastering the Mac screenshot or screen capture

The screenshot and screen capture option on Macs are a simple but essential process. Knowing how to quickly snag a screen capture helps improve collaboration at work, trouble technical issues, or share moments of creativity. Or just to save a hilarious picture or meme for later!

Knowing these shortcuts and screenshot tricks will help you work faster and more efficiently.

Ready to capture screens and snap screenshots on your Mac? Get started with Parallels Desktop with a 14-day free trial.

About Parallels
Parallels® is a global leader in cross-platform solutions, enabling businesses and individuals to access and use the applications and files they need on any device or operating system. Parallels helps customers leverage the best technology available, whether it’s Windows, Linux, macOS, iOS, Android or the cloud.

About Version 2 Digital

Parallels 2025