Six Steps to Data Security – Forbes
Modernizing Data Security is Key to Successful Enterprises The Problem In 2022, the US Inspector General (IG) has found that the Department of Homeland Security (DHS) OIG Rates DHS Information Security Program ‘Not Effective’ – HS Today, the USPS IG Warns about State of USPS Cybersecurity (fedweek.com), the IRS IRS cyber deficiencies leave taxpayer data […]
If Your Third-Party Vendor is not Cyber Compliant, Neither are You
A Modern-Day Task to Do It is 2022 and you are reporting your third-party contractor’s compliance to your own legal department. Your management team is reporting your adherence to NIST, ISO, HIPAA, PCI or more to your customers who are required to adhere to one or more of these regulations or requirements. How to Ensure […]
Unreported Stolen Devices Lead to Stolen Credentials
Fortune 500 companies acquire sophisticated talents and tools to defend against intrusions and Ransomware. But according to Verizon’s Data Breach Investigative Report (2022-data-breach-investigations-report-dbir.pdf (verizon.com)), theirs and other researchers claim that stolen credentials account for as much as 80% of breaches. How Hackers Acquire Credentials What are the easiest methods used to acquire credentials. What Data […]
Lack of Controls and Verification Result in System Intrusions
Lack of Controls and Verification Result in System Intrusions Vulnerability specialists often say that cybersecurity compliance is not cybersecurity. That can be true with the outdated ITAD, HIPAA, PCI and NERC standards that allow for more exceptions than closing cybersecurity vulnerabilities. Try NIST 800-171 or ISO 27001, where you either meet the standard or lose […]
Ways Cybersecurity Will Change Companies
Some companies work to keep pace with technology and others will wait until Gartner, Deloitte or Forrester explain that consumers and government as their representatives are demanding that products and services along with their supporting supply chain are implementing cybersecurity controls. Gartner Published 2022-2023 Trends. Gartner: 8 Ways Cybersecurity Will Change Companies | CRN Nearly […]
Insider Threat Perpetrators Bypass Physical Security to Acquire Data
The Problem – Poorly Secured IT Assets and Datacenters For every datacenter that is properly secured and managed, there are an equal number of datacenters that have open access server cabinet layouts, cage keys that are unsecured or copied, and most troubling, the unattended datacenter that has little or no surveillance. As enterprises have spent […]
Here’s Why Regulatory Compliance is Important
The Problem – Paper Drill Audits There are large cybersecurity auditing firms that perform cybersecurity paperwork reviews of companies who have access control of their client’s data. They are following a formula like SOC-2, PCI or HIPAA that was developed for a specific industry. The auditors do an excellent job within their framework to check […]
Healthcare Providers Utilize Non-HIPAA Non-NIST Compliant Vendors
Healthcare Under Pressure to Improve Data Security With the Healthcare industry under pressure to improve their data security and protect patient PHI, many medical provider groups are still not providing the adequate service of sanitizing and verifying that the hospital’s myriad of Internet of Things devices and hard drives are truly free of PII and […]
How Hackers Can LEGALLY Get Your Critical Data…
If you’ve been to college, you know the story: you’re walking home and BAM! There it is. The most amazing couch you’ve ever seen in your life, just sitting there on the corner. It is like God himself presented you with the most amazing place to watch TV in the universe. So, you bring it […]
Cybersecurity Laws: Should You Be Worried?
Do federal cybersecurity laws and regulations apply to your business? Well, the answer to that is the same as the answer to most questions worth asking: it depends, but most likely yes. The Local Community Organizations and Supply Chain are Subject to Cybersecurity Laws and Codes Many organizations use uncertified data destruction companies. This is […]