How can your Third Party Vendor help or hurt your SOC 2 status?

Are you tracking the moving target of your third party vendors’ privacy and security practices? You may want to get on that. If you’re one of the many organizations about to tackle the SOC 2 assessment process, familiarize yourself with the AICPA’s 2017 Trust Service Criteria document (formerly Trust Service Principles). You’ll quickly notice the … Read more

5 Ways You Can Reduce Phishing Risk

reduce phishing risk

Malware attacks via phishing knocked it out of the park in 2018. Phishing attacks account for an inordinate number of the data breaches and compromised networks. In fact, the Identity Theft Resource Center (ITRC) reported that “one-third of all security incidents last year began with a phishing email.” As the cyberattacks get sneakier, everyone – … Read more

Data Privacy & Security: 2018 Reflections & the Year Ahead

2018 its a wrap data privacy

It’s been a tumultuous 2018 for data privacy and information security. New regulations here and abroad show that data privacy will continue to be a hot topic as we move into 2019. We’re seeing the OCR’s investigations and penalties aren’t limited to large entities or to large breaches. Expect that will continue. Over 60 organizations … Read more

Communication Disconnect: Sales Promises & the Information Security Audit

Has this happened to your company? The sales team has a hot prospect who wants them to conduct an information security audit. Sales promises that not only can that happen, but also that it will happen by a specific deadline. The problem? No one checked with the C-suite or operations management before committing. This communication … Read more

What the Russian Indictment teaches us about cybersecurity.

cybercrime and cybersecurity

Aside from the sensationalism of alleged espionage by a foreign power, the cybercrime accusations listed in the Mueller investigation’s indictment document should be a warning to businesses everywhere. It’s an object lesson in “this could happen to you” cybersecurity. Russian cyberwarfare notwithstanding, nation state attacks on US entities are common. The US CERT site has … Read more

Phishing: Help Good Employees Avoid the Hook of a Cybersecurity Nightmare

The sneakiest of cyber-attacks, phishing has grown in sophistication even as organizations work to tighten cybersecurity programs. Phishing attacks have always been an easy backdoor into an organization’s – or individual’s – network. With one click as you rush through daily emails, you can unleash malicious software into the system. Phishing fools the best employees. … Read more

What could ever go wrong with people using portable media? 

Well, the royal family’s security could be compromised, for one. If you missed it, Heathrow Airport, one of the busiest airports and Britain’s largest, is scrambling to understand how a memory stick (aka thumb drive) with extremely sensitive information ended up on a busy west London street. The documents on the unencrypted drive detailed airport … Read more

WiFi Vulnerability & the KRACK Infiltration: Tips from Techs

By now, you’ve heard of the KRACK WPA2 infiltration of WiFi. Basically, a vulnerability in the WPA2, the standard for most WiFi communications between your mobile phone, computer and anything else that connects to a wireless access point, is a wide-open door for cyber attackers. When a cyber attacker exploits the WiFi vulnerability, they can … Read more

IoT Attacks: What are you doing to protect & prepare?

Product and gadget creators get in a tight spot when IoT (the Internet of Things) security takes a back seat. It sounds harmless: “Let’s get to market then release security updates.” Getting market share vs taking care of security seems like a matter of course. Until someone uses that security gap to shut down a power plant. … Read more