The Department of Defense has made a significant push to improve the security of its cyberinfrastructure and supply chain (known as the Defense Industrial Base), and the result of this push is the Cybersecurity Maturity model Certification (CMMC) initiative. This framework uses existing security guidelines to provide an overview of necessary security requirements for federal… Read More
While online retail isn’t a new phenomenon, many retailers are still behind when it comes to proper security measures for this form of business. With fraud claims and chargebacks rising exponentially in 2021 due to quarantine and increased online customers, these security measures related to PCI DSS eCommerce are only becoming more necessary, not less.… Read More
StateRAMP, like any other compliance framework, includes several reports to document a provider’s progress through certification for the Program Management Office (PMO). As of February 2021, however, the PMO is still spinning up its resources and and StateRAMP reports templates. As such, many required report templates are slated for availability on the StateRAMP website but… Read More
As Cloud Service Providers (CSPs) work with State agencies, many of them are undergoing StateRAMP certification. Fortunately, StateRAMP is much like FedRAMP in that it follows several of the same guidelines, requirements, and process structures. Here, we’ll break down one of the basic aspects of StateRAMP Impact Levels. The StateRAMP Impact level directly relates to… Read More
The news cycle for anyone connected with cybersecurity has been dominated by information regarding the SolarWinds hack. This breach, starting with a single cloud and security provider, has now become a national emergency as more and more private institutions have become infected with potentially dangerous results. As this situation unfolds, we wanted to touch base… Read More
In December 2020, Chinese researchers claimed to have developed the fastest quantum computer in the world. This computer, built using quantum particles and using light as a medium, can perform calculations exponentially faster than classical computers. What is currently the bleeding edge of computing and scientific research tends to become the norm at some point,… Read More
The reality of a world of always-connected customers and cloud platforms is that hackers are overwhelmingly targeting managed service providers. The main question posed in that article was how managed service providers could protect their clients with proper security measures. Here, we want to take this a step further to suggest that these managed service… Read More
Managed service providers carry a few additional burdens that many traditional IT companies don’t. Because the products and services of a managed service provider are used by different businesses, often in different industries, there is a balancing act between managing their own security needs and the needs of their clients. Different responsibilities, requirements, and approaches… Read More
Cyber threats aren’t new, but hackers have increasingly turned their attacks on vulnerable managed service providers and their clients. With the data that managed service providers store for those clients, they are a treasure trove for attackers who would use that data to attack those clients, or the MSP itself, with malware and ransomware.
One of the many changes brought by the COVID-19 pandemic may be the permanent expansion of telehealth. According to a recent study, the US telehealth market is expected to witness an 80% year-over-year growth in 2020. Numerous video communications services exist, not all provide sufficient privacy and security to facilitate the provision of health care (and… Read More
FedRAMP is one of the most popular topics on our website and blogs. One big question we often receive from Cloud Service Providers (CSP), is how can a FedRAMP authorization impact their business. Cloud Service Providers and FedRAMP FedRAMP is a program that enables cloud services providers (CSPs) to meet and demonstrate the security requirements… Read More
Coronavirus-related Phishing Scams and Attacks on the rise Cybercriminals have been taking advantage of the coronavirus outbreak to target people with phishing scams and malware in the guise of information relevant to the disease. These attacks typically take the form of malicious apps, phishing emails, and phony websites. In addition, the US government has been… Read More
The Evolving Need for PCI DSS Compliance. The current COVID-19 pandemic has dramatically accelerated a trend that was already on the rise — a move toward many new forms of electronic payment that involve capturing and transmitting credit card data. Businesses have moved online-only transactions during this crisis, and many consumers don’t want to handle… Read More
Real-word viruses and their online counterparts COVID-19 or the Coronavirus is changing life as we know it. From simple handshakes to finding toilet paper, life has changed tremendously over the past several weeks. Not only is this virus a physical threat, but it is also a threat to cyber-security. Different scams, phishing emails, fake news,… Read More
Secure Mobile Device Deployments As we all know, mobile devices have become not an integral part of the workplace, but even in society. Therefore, the safe deployment of these devices is of paramount importance not just for individuals, but businesses and corporations, government agencies, as well as other entities. For example: Mobile devices have indeed… Read More
Dark data doesn’t just cost organizations money; it also damages their cybersecurity and compliance postures Server rooms filled with digital files may look neater than the paper file rooms of old, but they’re not necessarily more organized, and “dark data” lurks around every corner. Sixty percent of respondents to a survey by big data software… Read More
A new Ponemon report on SMB cyber security reveals the top challenges and threats facing global small and medium-sized businesses If you think your company is too small to be hacked, think again. According to a new report on SMB cyber security by the Ponemon Institute and Keeper Security, 66% of small and medium-sized businesses… Read More
The NIST Privacy Framework will complement the popular NIST CSF Data privacy and cyber security have a symbiotic and sometimes conflicting relationship. Without robust cyber security, it is impossible to ensure data privacy, as evidenced by the Equifax hack. However, it’s fully possible for an organization to seriously violate users’ data privacy despite practicing robust… Read More
A robust cyber incident response plan will minimize both damages and recovery time and ensure business continuity. Proactive measures to defend against data breaches, malware, social engineering, and other cyberattacks are crucial to enterprise cybersecurity, but there’s no such thing as a completely impenetrable system. Despite your best efforts, your company could still be hacked;… Read More
Insurers operating in multiple states must comply with a patchwork of state-level legislation patterned after the NAIC’s Insurance Data Security Model Law In 2017, the National Association of Insurance Commissioners (NAIC) developed the Insurance Data Security Model Law in response to a growing number of cyber incidents within the insurance industry. Similar to the NIST… Read More
The California Consumer Privacy Act represents a significant milestone for consumer data privacy in the U.S. Tired of the federal government dragging its feet on consumer data privacy legislation, states have started to take matters into their own hands. The biggest example is the California Consumer Privacy Act (CCPA), which takes effect on January 1,… Read More
The DoD unveiled its proposed Cybersecurity Maturity Model Certification (CMMC) to prevent supply chain attacks Cyberattacks on the U.S. government’s vast network of contractors and subcontractors pose a serious threat to national security, and the DoD is taking action. The agency tasked NIST with developing a set of guidelines addressing advanced persistent threats against contractors… Read More
IT Compliance and Cyber Security: Understanding the Differences IT compliance and cyber security are often used interchangeably, even within the cyber security and compliance fields. This is the basis for the completely incorrect and dangerous notion that achieving compliance automatically equals being secure. While there is some overlap, and the two fields complement each other,… Read More
NIST proposes a Secure Software Development Framework to address software supply chain attacks Applying software updates and patches as soon as possible is a cyber security best practice, but what if an update contains malicious code inserted by a hacker? Software supply chain attacks are a serious and growing problem for both private-sector organizations and… Read More