Xantrion Logo
510-272-4701
GET STARTED

Cybersecurity and Compliance

Law Firm Compliance: Requirements, Risks & Regulatory Solutions

Modern law firms face responsibilities that extend well beyond traditional legal ethics. Today, effective governance and cybersecurity maturity are equally essential—because protecting client data is no longer optional, it is an ethical obligation. To meet this standard, firms must implement strong technology controls aligned with established regulatory frameworks. Here’s how these pieces fit together—and how law firms can successfully navigate…

Threat and Vulnerability Management Explained

Organizations face thousands of new security weaknesses each year. The challenge isn’t just finding these gaps, but also determining which pose the greatest risk and addressing them before attackers can exploit them. Attackers now exploit new vulnerabilities within hours of disclosure, making structured threat and vulnerability management essential for risk reduction. Threat and vulnerability management (TVM) provides a structured approach…

What Is IAM? A Cyber Security Guide to Identity & Access Management

Identity and Access Management (IAM) is the framework of policies, processes, and technologies that ensures the right people have the right access to the right resources at the right time. IAM answers three questions: Who are you? Can you prove it? What are you allowed to do? As corporate resources spread across cloud providers, mobile devices, and hybrid environments, identity…
Laptop with a digital shield symbol onscreen signifies cybersecurity concept, blended with an office interior background. Explore what NIST Cybersecurity Framework is and what it means

What Is the NIST Cybersecurity Framework (CSF)?

The NIST Cybersecurity Framework (CSF) offers a structured, flexible approach to managing cybersecurity risks. Created by the National Institute of Standards and Technology, the NIST CSF has become a globally recognized standard for cyber risk management across all industries. Organizations worldwide reference the NIST framework because it translates complex cybersecurity concepts into practical, actionable steps. Whether you’re building your first…
title text reads What is SOC 2. Background of a man's arm checking items off a virtual list.

What Is SOC 2? Understanding SOC 2 Compliance, the Framework & Requirements

SOC 2 provides a framework for service organizations to show customers and stakeholders that they take data security seriously. Understanding SOC 2 can help you build trust, win more business, and strengthen your security posture. In this article will answer essential questions, including: What is SOC 2 compliance? What are the 5 SOC 2 Trust Services Criteria? How does the…

Should I Outsource Cybersecurity?

Many organizations are turning to outside cybersecurity experts to protect their digital assets. But is outsourced cybersecurity the right choice for your business? Keep reading to learn what cybersecurity outsourcing is, its benefits and limitations, and how to determine if it fits your organization’s security needs.

AI in Cybersecurity: 2025 & Beyond

The AI transformation is changing the game and offering new hope in the battle to protect our digital assets. This article offers advice on how to choose the right AI tools for your company.

HIPAA Security Rule is about to get an upgrade!

To combat an increasing number of breaches in healthcare organizations, a 393-page proposed update to the HIPAA Security Rule, titled “The HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information,” has been introduced

100 Million Patient Records at Risk: Lessons from the Change Healthcare Breach

Earlier this year, the United Health/Change Healthcare data breach impacted approximately 100 million Americans, making it the largest cybersecurity incident in US healthcare history.  Overview of the United Health Data Breach In the Change Healthcare ransomware attack, hackers compromised multiple systems containing sensitive patient data. Timeline of the Breach The attack on Change Healthcare occurred in February 2024, disrupting healthcare…

Cyber Insurance: What You Need to Know

The recent CrowdStrike incident, which impacted millions of systems globally and led to billions in losses, highlights the unpredictable risks in the IT landscape. Today, having the right cyber insurance coverage is no longer optional—it’s essential and a smart investment, particularly for small to mid-sized businesses and companies in regulated sectors.

Boosting SEC Readiness with Tabletop Exercises

Tabletop exercises are among the most effective tools in a company’s security arsenal. These simulations provide invaluable insights into how prepared a company is to handle real-world cyber incidents.

The CrowdStrike Incident: A Wake-Up Call for Operational Resilience

By Christian Kelly, CTO, Xantrion Inc. As Xantrion’s CTO, I’ve seen my fair share of IT incidents and system outages over the years. But the recent CrowdStrike incident stands out as a stark reminder of the risks inherent in our interconnected digital world. This event, which some are calling “the largest outage in the history of information technology,” offers crucial…

4 Critical Questions to Ask Your IT Security Company

According to a recent RSM report, 40% of midsized companies outsource IT services to obtain cost-effective expertise and keep current with rapidly changing technology and threats. The critical issue these companies face is determining which IT outsourcing company to trust, since the report also found that many mid-market companies are worried about a cyberattack on a supplier. As an industry…

Cybersecurity Assessments: Why Your Company Needs One and Where to Start

What does it take to protect your company from cybercriminals and data breaches? For a long time, a strong password and a hardened firewall was the simple answer. Not anymore. Now, it takes a host of different measures to prevent bad actors from accessing your systems. But how do you know you’ve got the right measures in place? Enter cybersecurity…

The SEC’s Cyber Risk Management Rules: What RIAs Should Know

Since uncertainty still surrounds the Securities and Exchange Commission’s pending cyber risk management rules for registered investment advisers, Xantrion CTO, Christian Kelly, attended the recent 2024 Investment Adviser Compliance Conference, which included remarks from SEC officials. Unfortunately, those officials were limited in how much they could share since the rules have yet to be finalized. The uncertainty notwithstanding, what is…

A Hard Lesson Learned: How a Devastating Malware Attack Transformed a Company’s Approach to Cybersecurity

It’s any business leader’s worst nightmare: A cyberattack that paralyzes their entire company, from top to bottom, leading to work stoppages, delivery delays, and devastatingly high costs. Over the years, Xantrion has been called multiple times to help different companies reeling from cyberattacks. Each time, Xantrion has helped them get back on their feet. In the interview below, Xantrion Chief…

Don’t Gamble with Your Cybersecurity: 7 Lessons From the MGM Casino Breach

Gaps in cybersecurity recently cost MGM Resorts a reported $100 million after cybercriminals hacked the casino giant. Though disastrous for MGM, other companies can learn valuable lessons from the headline-making cyberattack…without paying $100 million to do so. Here are a few key takeaways from this incident: 1. Beware the power of social engineering. Social engineering is the criminal act of…

Why You Need an Incident Response Plan Now More Than Ever

It might happen on a Friday afternoon, or maybe on the day before holiday. Many employees have clocked out early, so an intrusion goes unnoticed…until it’s too late. Suddenly the whole system begins shutting down. Your next step? Panic. A data breach or other cybersecurity incident can be a traumatic, shocking experience, even for a seasoned executive. To avoid freezing…

New Enhanced MFA Experience

You have probably heard of some high-profile network breaches in the news in recent months. Threat actors targeting organizations both large and small and have found success breaching secure environments using a technique called MFA spamming. This is a highly effective tactic because it targets the person, not the technology, to work around an organization’s MFA protections. Companies as large…

Even the Best Security Systems will Fail Without the Right Employee Training

When discussing the importance of adopting a strong cybersecurity strategy, too often the focus is on technology solutions designed to prevent and mitigate cyber-attacks. Certainly, the adoption of tools and solutions is integral to a strong security posture. Yet, as noted in Verizon’s 2022 Data Breach Investigations Report, a staggering 82 percent of data breaches involve some sort of human…

Cybersecurity By the Numbers

In recent years, cybersecurity has been a considerable concern for middle market companies. Threats are far more frequent, diverse, and severe than anyone could have anticipated. It’s crucial that all organizations implement cyber defense measures that better safeguard company and customer information to mitigate financial losses and brand damage. From lingering threats related to the COVID-19 pandemic, to geopolitical conflicts…

Should you Trust Password Managers?

A good password is a critical part of protecting your data. So, when LastPass, a popular password manager solution, announced that its third-party cloud-based storage service had been breached, allowing an unknown attacker to gain access to backups containing customer data including password vaults, a lot of people got nervous.  The bad news is that those customer password vaults are in…

Why Endpoint Detection and Response (EDR) Instead of Anti-Virus Software?

Security remains one of the biggest concerns and most challenging responsibilities facing small and medium-sized businesses (SMBs) today. In 2021, there was a 300% increase in ransomware attacks with over 50% reaching small businesses. To address this challenge, Microsoft is investing in security solutions purposefully designed to help protect them.  Microsoft Defender for Business is a new endpoint security solution…

Ensure your Life Science Company Survives Investor Due Diligence

By Robert Thomas, Audit Senior Manager, WithumSmith+Brown, PC and Christian Kelly, IT Auditor, Xantrion Inc.  Congratulations! Your pharmaceutical, biologic, or medical device startup has developed a promising product, and you’re ready to raise a Series B round of funding. Read on to learn what experts Rob Thomas and Christian Kelly recommend to make it easier to pursue and obtain that…

The Do’s and Don’ts of Preventing MFA Spamming Attacks

Multi-factor authentication (MFA) is a great way to add an extra layer of security to network access. But it’s not foolproof – as Cisco, Microsoft, and Uber all learned recently when cybercriminals breached their network using a technique known as MFA spamming.  Also known as MFA bombing and MFA fatigue, this ploy is used by an attacker who has acquired…

Cybercriminals Like to go Phishing, Don’t Fall for the Bait

Phishing is when criminals use fake emails, social media posts or direct messages with the goal of luring you to click on a bad link or download a malicious attachment. If you click on a phishing link or file, you can hand over your personal information to the cybercriminals. A phishing scheme can also install malware onto your device. No need…

Ransomware Protection: Guaranteed

Last year’s headline-grabbing ransomware attacks on the Colonial Pipeline and meatpacking company JBS show how vital it is to remain vigilant in your efforts to protect yourself from ransomware. For several days, the attacks shut down one of the most vital oil pipelines in the US and disrupted the global meat supply chain. They also cost each company millions of…

Is Penetration Testing Worth the Investment?

1. What is penetration testing and why is it important? A penetration test identifies how a cybercriminal might successfully get into your network and systems in order to steal your data and compromise your operations. Many companies are required to provide the results of a penetration test to regulators or insurers every year, but even without an external requirement, a…

Subscribe to our newsletter and get the latest IT tips.

SUBSCRIBE
Menu
dialpad