Hackers love it when businesses believe in these common cyber security myths. Let’s debunk them. Like other criminals, hackers take advantage of people’s misconceptions regarding their risk of being victimized. Here are six common cyber security myths that could be putting your enterprise at risk. Security Myth #1: Compliance Equals Cyber Security Compliance with regulatory… Read More
The top cyber security threats your organization may encounter in 2019 The cyber threat environment is becoming more dangerous every day. A recent survey by the World Economic Forum revealed that cyber-attacks were the number-one concern of executives in Europe and other advanced economies. As we approach the winter holidays and the end of the… Read More
The California Consumer Privacy Act may not be the “American GDPR,” but it’s a harbinger of data privacy laws to come. As California goes, so does the rest of the country. While the California Consumer Privacy Act (CCPA), which was passed this summer and goes into effect in 2020, falls short of being an “American… Read More
While digital currencies, particularly bitcoin, are the most common and well-known application of blockchain technology, they are far from being the sole or even the most important use. Blockchain is one of the most important technological advancements of the digital age, and its full potential has barely been tapped. Among the most exciting potential uses… Read More
SEC cyber enforcement action charges Iowa broker-dealer with “deficient cybersecurity procedures” Des Moines-based Voya Financial Advisors (VFA) has agreed to pay the U.S. Securities and Exchange Commission a $1 million penalty in the wake of an April 2016 breach that affected several thousand VFA customers. The SEC cyber enforcement action charged VFA with not having… Read More
NIST 800-171 Compliance Explained If your company is part of the federal supply chain, you likely need to comply with NIST 800-171. NIST 800-171 compliance applies to contractors for the DoD, GSA, NASA, and other federal and state agencies; universities and research institutions that accept federal grants; consulting firms with federal contracts; manufacturers who supply… Read More
Not only is PCI DSS compliance mandatory, it’s also the starting point for solid payment system cyber security PCI DSS compliance is mandatory for any organization that accepts or processes payment cards, yet shockingly, a recent study by SecurityScorecard found that over 90% of U.S. retailers fail to meet four or more PCI DSS requirements.… Read More
As the popularity of medical IoT devices grows, so do security vulnerabilities. There are more connected devices than there are humans on Earth. Organizations have been as quick to embrace the Internet of Things as consumers have, and the healthcare industry is no exception. Medical IoT devices have exploded in popularity and grown in complexity.… Read More
Penetration tests and vulnerability scans are related but different cyber security services The difference between penetration tests and vulnerability scans is a common source of confusion. While both are important tools for cyber risk analysis and are mandated under PCI DSS, HIPAA, and other security standards and frameworks, they are quite different. Let’s examine the… Read More
An SOC 2 Type 2 report is crucial when selecting a cloud service vendor We are living in a cloud-first world; cloud services, including storage services and SaaS providers, are wildly popular. Unfortunately, third-party vendor breaches are at epidemic levels, and new regulations such as the EU GDPR are seeking to hold organizations accountable if… Read More
The biggest social media cyber security risks businesses face and how to avoid them Businesses tend to gloss over social media cyber security, thinking that it’s more of an issue in their employees’ personal lives than a threat to workplace cyber security. However, one in eight enterprises have suffered a security breach that was traced… Read More
How to Protect Yourself on Public WiFi Networks Once a luxury item, free public WiFi has morphed into a standard service that consumers expect when patronizing everything from restaurants and retail stores to airports and hotels. Free WiFi users aren’t just checking Facebook or posting vacation photos to Instagram, either; all of us have sat… Read More
Passwords are no longer enough; your business needs multi-factor authentication Organizations can no longer depend on passwords alone to protect their systems and data, especially since 25% of employees admit to using the same password for all of their accounts, at home and at work, and stolen account credentials are hackers’ preferred way to break… Read More
Size of Exactis Data Leak Could Surpass Equifax Last week’s data leak at Exactis, a Florida-based marketing and data aggregation firm, has cyber security experts and data privacy advocates up in arms. WIRED reports: Earlier this month, security researcher Vinny Troia discovered that Exactis, a data broker based in Palm Coast, Florida, had exposed a… Read More
Industrial Cyber Security is Just as Important as Securing Information Systems Massive data breaches are what grab headlines, but industrial cyber security attacks can be devastating in the real world. Tesla has just learned this lesson the hard way. CEO Elon Musk has accused a malicious company insider of altering product code, stealing data and… Read More
Air gapping is no longer a viable solution for ICS security. There has never been a power outage in the U.S. due to a cyber attack, but it happened in Ukraine over the Christmas holidays in 2015, and there have been attempts to breach U.S. power companies and hack the power grid. In March, the… Read More
Spreadsheets Are Not GRC Tools Despite the availability of modern GRC tools, many organizations still use spreadsheets to conduct IT compliance audits and other GRC activities. While spreadsheets are highly useful for many business functions, especially accounting, they are not GRC tools. Depending on spreadsheets to manage GRC processes is time-consuming, costly, and inefficient at… Read More
Before you send out that next email marketing blast, make sure you’re compliant with the EU GDPR Email marketing is big business. MarTech Advisor reports that it is the best-performing channel for a company’s ROI, and 61% of consumers prefer to receive offers via email, as opposed to only 5% who prefer social media offers.… Read More
WHOIS service in jeopardy as EU authorities reject ICANN’s interim solution to GDPR compliance for vital “internet phonebook” The deadline for compliance with the EU’s General Data Protection Regulation (GDPR) is fast approaching, and an astounding number of organizations are woefully unprepared to meet it. A new survey of IT decision-makers by Crowd Research Partners… Read More
Hardware & Software Supply Chain Cyber Attacks Pose Significant Threats Due to globalization and outsourcing, enterprise supply chains are more intricate than ever. Most products are no longer manufactured by a single entity. Materials, components, and even final products pass through multiple hands before ending up in the hands of end users. Additionally, most companies… Read More
The Under Armour breach provides lessons in the do’s and don’ts of enterprise cyber security and compliance with the EU GDPR Last week, athletic apparel manufacturer Under Armour announced that its popular MyFitnessPal weight loss and fitness tracking app had been hacked, compromising 150 million accounts. The Under Armour breach is the largest data breach… Read More
New CSA Report Reveals the Top 12 Cloud Security Threats in 2018 Cloud computing has opened up a world of opportunities for businesses, but it has also resulted in new cyber security threats. Some of these mirror the threats organizations have been combating on premises for years, while others are unique to the cloud. What… Read More
This Year’s Crop of Tax Phishing Scams Target Individuals, Employers, and Tax Preparers Tax season is stressful enough without having to worry about becoming the victim of a cyber crime. Here are three different tax phishing scams targeting employers, individuals, and even tax preparers that are currently making the rounds. Employers: W-2 Phishing Emails The… Read More
Two new reports illustrate the threat of employee carelessness and maliciousness to healthcare data security Healthcare data security is under attack from the inside. While insider threats – due to employee error, carelessness, or malicious intent – are a problem in every industry, they are a particular pox on healthcare data security. Two recent reports… Read More