NIST 800-171 Compliance Explained If your company is part of the federal supply chain, you likely need to comply with NIST 800-171. NIST 800-171 compliance applies to contractors for the DoD, GSA, NASA, and other federal and state agencies; universities and research institutions that accept federal grants; consulting firms with federal contracts; manufacturers who supply… Read More
Not only is PCI DSS compliance mandatory, it’s also the starting point for solid payment system cyber security PCI DSS compliance is mandatory for any organization that accepts or processes payment cards, yet shockingly, a recent study by SecurityScorecard found that over 90% of U.S. retailers fail to meet four or more PCI DSS requirements.… Read More
As the popularity of medical IoT devices grows, so do security vulnerabilities. There are more connected devices than there are humans on Earth. Organizations have been as quick to embrace the Internet of Things as consumers have, and the healthcare industry is no exception. Medical IoT devices have exploded in popularity and grown in complexity.… Read More
Penetration tests and vulnerability scans are related but different cyber security services The difference between penetration tests and vulnerability scans is a common source of confusion. While both are important tools for cyber risk analysis and are mandated under PCI DSS, HIPAA, and other security standards and frameworks, they are quite different. Let’s examine the… Read More
An SOC 2 Type 2 report is crucial when selecting a cloud service vendor We are living in a cloud-first world; cloud services, including storage services and SaaS providers, are wildly popular. Unfortunately, third-party vendor breaches are at epidemic levels, and new regulations such as the EU GDPR are seeking to hold organizations accountable if… Read More
The biggest social media cyber security risks businesses face and how to avoid them Businesses tend to gloss over social media cyber security, thinking that it’s more of an issue in their employees’ personal lives than a threat to workplace cyber security. However, one in eight enterprises have suffered a security breach that was traced… Read More
How to Protect Yourself on Public WiFi Networks Once a luxury item, free public WiFi has morphed into a standard service that consumers expect when patronizing everything from restaurants and retail stores to airports and hotels. Free WiFi users aren’t just checking Facebook or posting vacation photos to Instagram, either; all of us have sat… Read More
Passwords are no longer enough; your business needs multi-factor authentication Organizations can no longer depend on passwords alone to protect their systems and data, especially since 25% of employees admit to using the same password for all of their accounts, at home and at work, and stolen account credentials are hackers’ preferred way to break… Read More
Size of Exactis Data Leak Could Surpass Equifax Last week’s data leak at Exactis, a Florida-based marketing and data aggregation firm, has cyber security experts and data privacy advocates up in arms. WIRED reports: Earlier this month, security researcher Vinny Troia discovered that Exactis, a data broker based in Palm Coast, Florida, had exposed a… Read More
Industrial Cyber Security is Just as Important as Securing Information Systems Massive data breaches are what grab headlines, but industrial cyber security attacks can be devastating in the real world. Tesla has just learned this lesson the hard way. CEO Elon Musk has accused a malicious company insider of altering product code, stealing data and… Read More
Air gapping is no longer a viable solution for ICS security. There has never been a power outage in the U.S. due to a cyber attack, but it happened in Ukraine over the Christmas holidays in 2015, and there have been attempts to breach U.S. power companies and hack the power grid. In March, the… Read More
Spreadsheets Are Not GRC Tools Despite the availability of modern GRC tools, many organizations still use spreadsheets to conduct IT compliance audits and other GRC activities. While spreadsheets are highly useful for many business functions, especially accounting, they are not GRC tools. Depending on spreadsheets to manage GRC processes is time-consuming, costly, and inefficient at… Read More
Before you send out that next email marketing blast, make sure you’re compliant with the EU GDPR Email marketing is big business. MarTech Advisor reports that it is the best-performing channel for a company’s ROI, and 61% of consumers prefer to receive offers via email, as opposed to only 5% who prefer social media offers.… Read More
WHOIS service in jeopardy as EU authorities reject ICANN’s interim solution to GDPR compliance for vital “internet phonebook” The deadline for compliance with the EU’s General Data Protection Regulation (GDPR) is fast approaching, and an astounding number of organizations are woefully unprepared to meet it. A new survey of IT decision-makers by Crowd Research Partners… Read More
Hardware & Software Supply Chain Cyber Attacks Pose Significant Threats Due to globalization and outsourcing, enterprise supply chains are more intricate than ever. Most products are no longer manufactured by a single entity. Materials, components, and even final products pass through multiple hands before ending up in the hands of end users. Additionally, most companies… Read More
The Under Armour breach provides lessons in the do’s and don’ts of enterprise cyber security and compliance with the EU GDPR Last week, athletic apparel manufacturer Under Armour announced that its popular MyFitnessPal weight loss and fitness tracking app had been hacked, compromising 150 million accounts. The Under Armour breach is the largest data breach… Read More
New CSA Report Reveals the Top 12 Cloud Security Threats in 2018 Cloud computing has opened up a world of opportunities for businesses, but it has also resulted in new cyber security threats. Some of these mirror the threats organizations have been combating on premises for years, while others are unique to the cloud. What… Read More
This Year’s Crop of Tax Phishing Scams Target Individuals, Employers, and Tax Preparers Tax season is stressful enough without having to worry about becoming the victim of a cyber crime. Here are three different tax phishing scams targeting employers, individuals, and even tax preparers that are currently making the rounds. Employers: W-2 Phishing Emails The… Read More
Two new reports illustrate the threat of employee carelessness and maliciousness to healthcare data security Healthcare data security is under attack from the inside. While insider threats – due to employee error, carelessness, or malicious intent – are a problem in every industry, they are a particular pox on healthcare data security. Two recent reports… Read More
Two new reports illustrate the threat of employee carelessness and maliciousness to healthcare data security Healthcare data security is under attack from the inside. While insider threats – due to employee error, carelessness, or malicious intent – are a problem in every industry, they are a particular pox on healthcare data security. Two recent reports… Read More
Comprehensive anti-harassment policies are even more important in light of #MeToo movement The #MeToo movement, which was birthed in the wake of sexual abuse allegations against Hollywood mogul Harvey Weinstein, has shined a spotlight on the epidemic of sexual harassment and discrimination in the U.S. According to a nationwide survey by Stop Street Harassment, a… Read More
Comprehensive anti-harassment policies are even more important in light of #MeToo movement The #MeToo movement, which was birthed in the wake of sexual abuse allegations against Hollywood mogul Harvey Weinstein, has shined a spotlight on the epidemic of sexual harassment and discrimination in the U.S. According to a nationwide survey by Stop Street Harassment, a… Read More
Mueller indictments of Russian cyber criminals put election hacking at top of mind State officials expressed grave concerns about election hacking the day after Special Counsel Robert Mueller handed down indictments of 13 Russian nationals on charges of interfering with the 2016 presidential election. The Washington Post reports: At a conference of state secretaries of… Read More
Hackers installed cryptojacking malware by compromising a popular browser extension Thousands of websites, including government sites in the United States, the U.K., and Australia, were ensnared in an international cryptojacking scheme, The Register reports: The affected sites all use a fairly popular plugin called Browsealoud, made by Brit biz Texthelp, which reads out webpages for… Read More