Blog

CYBERSECURITY AND COMPLIANCE

It’s a New Era for Privacy Compliance

Read time: 50 seconds
As new data privacy regulations like the California Consumer Privacy Act (CCPA) roll out, organizations concerned about compliance are changing how they handle sensitive customer information. One interesting trend we’ve noted is that companies are creating committees to handle customer requests about their personal information, often including someone from the privacy office, someone from the security office, and someone from…

It’s Everyone’s Job to Ensure Online Safety at Work

Read time: 30 seconds
The lines between our work and daily lives are becoming increasingly blurred, and it is more important than ever to be certain that smart cybersecurity practices carry over between the two. When you are on the job – whether it’s at a corporate office, local restaurant, healthcare provider, academic institution or government agency – your organization’s online security is a…

Always on Privacy Basics

Read time: 30 seconds
Your mobile devices – including smartphones, laptops and wearables – are always within reach everywhere you go, and they share substantial information about you and your habits, such as your contacts, photos, videos, location, health and financial data. Follow these basic privacy tips to help you manage your privacy in an always-on world. To learn more about other ways to improve security,…

Prepare for the CCPA

Read time: 60 seconds
The California Consumer Privacy Act (CCPA), modeled in part on GDPR and passed in June 2018, is scheduled to come into effect in January 2020. Although some provisions are still being negotiated, it seems clear at this point that the CCPA will protect the personal data of people within a defined geographic area (in this case California) even when that…

Get Your Board On Board With Cybersecurity

If you’re frustrated by how little your board of directors seems to understand about cybersecurity, take heart: you’re not alone. Recent research by security firm Focal Point Data Risk shows that security pros see their job as guiding the business and preventing loss, while business leaders think of security primarily as a way to protect company data and the corporate…

A Law to Help Strengthen SMB Cybersecurity

There’s a new cybersecurity regulation in town, but your company isn’t on the hook for compliance. The NIST Small Business Cybersecurity Act, signed into law in August, requires the National Institute of Standards and Technology (NIST) to use existing funds to help SMBs identify, assess, manage, and reduce their security risks. It gives NIST up to one year to create…

Beware This New Mac Attack

A new security threat makes it possible to hack a new Mac laptop right out of the box. Wired reports that the exploit targets companies using Apple’s Device Enrollment Program and Mobile Device Management platform to let employees perform their own customized IT setups from a satellite office or home. Researchers discovered a way to install malicious software as soon…

Don’t Bite the Dangling Lure of Free Stuff

Everybody loves to get something for nothing—which is why cyber criminals are having a lot of success convincing people to give away a lot of personal information in exchange for a free gift card. The gift card phishing scam lets criminals get paid for every click as they lure victims to answer a bunch of questions. Then they make more…

Solving the Privacy Paradox

Security and privacy usually go hand in hand, but they can also conflict. For example, encryption keeps sensitive information away from prying eyes, but it can also disguise malware sneaking onto your network. Saving incident data indefinitely can help you analyze security threats in the archived data, but if the data isn’t anonymized, it’s at permanent risk of a privacy…

What Keeps CISOs Up at Night?

When Chief Information Security Officers (CISOs) lie awake at night, they’re most worried about how to find enough cybersecurity pros to keep up with increasing IT security threats. Most believe they’re more likely to suffer a data breach or cyberattack in 2018 than they were in 2017. And most of them expect those breaches and attacks will stem from inadequate…

January 28 Was Data Privacy Day

January 28 was Data Privacy Day, and now’s a great time to check your privacy practices against these best practices: Understand what a data breach is Be aware of environmental risks Deploy multiple layers of protection Collect only the data you need Be prepared to respond to a breach quickly If you need help creating or reinforcing your privacy policies…

Security Compliance is Always a Smart Investment

Yes, it costs a lot to maintain compliance with security regulations. No, you can’t afford to skip it. A new study from Ponemon Institute shows that organizations that are found non-compliant with data protection requirements will spend 2.7 times more money getting into compliance than they would have if they’d been compliant in the first place. That’s no small expense,…

2017 in Cybersecurity: A Cautionary Tale

From Anthem Blue Cross’s historically high $115 million settlement for a breach that exposed patient information to the life-threatening WannaCry malware attack that shut down IT systems at 16 UK hospitals, the repercussions of cybersecurity lapses became more painfully clear in 2017 than ever before. If you were looking for case studies proving the need for more attention to cybersecurity,…

Get Strong Security and a Good User Experience

An easy-to-use system is pointless if it’s also easy to breach. On the other hand, “perfect” security is no good if it makes the product or service unusable! Unfortunately, conventional wisdom is that the more secure a system is, the more difficult it is to use — but advances in security technology and techniques mean that’s not true any more.…

Beware the Social Engineer

“I can tell a scam when I see one,” your employees say. “I know not to click on links in random emails,” they say. But what if they get a request for network access or credentials that looks totally legit…but isn’t? Read this “white hat” hacker’s detailed description of how he infiltrated a Fortune 500 company with nothing more than…

10 Social Engineering Tricks to Watch Out For

Social engineering attacks accounted for 43 percent of data breaches in the last year, according to Verizon’s Data Breach Investigations Report. To boost your firm’s security, we’re sharing this list of ten social engineering ploys your employees might not recognize: Vishing – voice calls from scammers claiming to be a bank, the IRS, tech support, etc. SEO hijacking – using…

Data Breaches Wallop Customer Confidence

We’ve mentioned before that poor data security has a hefty price tag. The Equifax breach earlier this year shows just how expensive it can get. The company’s third quarter earnings results show that it’s already spent $87.5 million in things like investigation and remediation. More significantly, Equifax’s revenues dropped 42 percent over the quarter, and it’s lost more than 25…

Don’t Pass on Security Patching

The WannaCry ransomware attack and the Equifax breach prove, yet again, something we’ve been saying for a long time: Patching software isn’t exciting, but it’s critical. So why don’t companies do it? Teri Radichel of WatchGuard Technologies says companies don’t patch because it’s hard, technically and organizationally. That’s our experience, too. And we agree with her solution to the challenge:…

Doing Due Diligence for Cybersecurity

Whether you’re protecting your own data or your customers’, it’s more important than ever to evaluate the cybersecurity measures taken by your service providers and vendors. Here are several things to consider: Hyperscale providers like Google or Amazon aren’t likely to let you look around their data centers. Choose a smaller provider that will give you hands-on assurances. Evaluate your…

Lead, Don’t Bleed

As cybersecurity threats become more complex and frequent, it’s critical to keep security tools up to date — but many small and midsize businesses don’t have a security strategy at all, never mind the latest defenses. Don’t leap to the latest and greatest without following these best practices, too: Keep your operating systems and software up to date Shut down…

Blog

CYBERSECURITY AND COMPLIANCE

It’s a New Era for Privacy Compliance

Read time: 50 seconds
As new data privacy regulations like the California Consumer Privacy Act (CCPA) roll out, organizations concerned about compliance are changing how they handle sensitive customer information. One interesting trend we’ve noted is that companies are creating committees to handle customer requests about their personal information, often including someone from the privacy office, someone from the security office, and someone from…

It’s Everyone’s Job to Ensure Online Safety at Work

Read time: 30 seconds
The lines between our work and daily lives are becoming increasingly blurred, and it is more important than ever to be certain that smart cybersecurity practices carry over between the two. When you are on the job – whether it’s at a corporate office, local restaurant, healthcare provider, academic institution or government agency – your organization’s online security is a…

Always on Privacy Basics

Read time: 30 seconds
Your mobile devices – including smartphones, laptops and wearables – are always within reach everywhere you go, and they share substantial information about you and your habits, such as your contacts, photos, videos, location, health and financial data. Follow these basic privacy tips to help you manage your privacy in an always-on world. To learn more about other ways to improve security,…

Prepare for the CCPA

Read time: 60 seconds
The California Consumer Privacy Act (CCPA), modeled in part on GDPR and passed in June 2018, is scheduled to come into effect in January 2020. Although some provisions are still being negotiated, it seems clear at this point that the CCPA will protect the personal data of people within a defined geographic area (in this case California) even when that…

Strategic, Reliable, and Secure. Learn more about our services.

Get Your Board On Board With Cybersecurity

If you’re frustrated by how little your board of directors seems to understand about cybersecurity, take heart: you’re not alone. Recent research by security firm Focal Point Data Risk shows that security pros see their job as guiding the business and preventing loss, while business leaders think of security primarily as a way to protect company data and the corporate…

A Law to Help Strengthen SMB Cybersecurity

There’s a new cybersecurity regulation in town, but your company isn’t on the hook for compliance. The NIST Small Business Cybersecurity Act, signed into law in August, requires the National Institute of Standards and Technology (NIST) to use existing funds to help SMBs identify, assess, manage, and reduce their security risks. It gives NIST up to one year to create…

Beware This New Mac Attack

A new security threat makes it possible to hack a new Mac laptop right out of the box. Wired reports that the exploit targets companies using Apple’s Device Enrollment Program and Mobile Device Management platform to let employees perform their own customized IT setups from a satellite office or home. Researchers discovered a way to install malicious software as soon…

Don’t Bite the Dangling Lure of Free Stuff

Everybody loves to get something for nothing—which is why cyber criminals are having a lot of success convincing people to give away a lot of personal information in exchange for a free gift card. The gift card phishing scam lets criminals get paid for every click as they lure victims to answer a bunch of questions. Then they make more…

Solving the Privacy Paradox

Security and privacy usually go hand in hand, but they can also conflict. For example, encryption keeps sensitive information away from prying eyes, but it can also disguise malware sneaking onto your network. Saving incident data indefinitely can help you analyze security threats in the archived data, but if the data isn’t anonymized, it’s at permanent risk of a privacy…

What Keeps CISOs Up at Night?

When Chief Information Security Officers (CISOs) lie awake at night, they’re most worried about how to find enough cybersecurity pros to keep up with increasing IT security threats. Most believe they’re more likely to suffer a data breach or cyberattack in 2018 than they were in 2017. And most of them expect those breaches and attacks will stem from inadequate…

January 28 Was Data Privacy Day

January 28 was Data Privacy Day, and now’s a great time to check your privacy practices against these best practices: Understand what a data breach is Be aware of environmental risks Deploy multiple layers of protection Collect only the data you need Be prepared to respond to a breach quickly If you need help creating or reinforcing your privacy policies…

Security Compliance is Always a Smart Investment

Yes, it costs a lot to maintain compliance with security regulations. No, you can’t afford to skip it. A new study from Ponemon Institute shows that organizations that are found non-compliant with data protection requirements will spend 2.7 times more money getting into compliance than they would have if they’d been compliant in the first place. That’s no small expense,…

2017 in Cybersecurity: A Cautionary Tale

From Anthem Blue Cross’s historically high $115 million settlement for a breach that exposed patient information to the life-threatening WannaCry malware attack that shut down IT systems at 16 UK hospitals, the repercussions of cybersecurity lapses became more painfully clear in 2017 than ever before. If you were looking for case studies proving the need for more attention to cybersecurity,…

Get Strong Security and a Good User Experience

An easy-to-use system is pointless if it’s also easy to breach. On the other hand, “perfect” security is no good if it makes the product or service unusable! Unfortunately, conventional wisdom is that the more secure a system is, the more difficult it is to use — but advances in security technology and techniques mean that’s not true any more.…

Beware the Social Engineer

“I can tell a scam when I see one,” your employees say. “I know not to click on links in random emails,” they say. But what if they get a request for network access or credentials that looks totally legit…but isn’t? Read this “white hat” hacker’s detailed description of how he infiltrated a Fortune 500 company with nothing more than…

10 Social Engineering Tricks to Watch Out For

Social engineering attacks accounted for 43 percent of data breaches in the last year, according to Verizon’s Data Breach Investigations Report. To boost your firm’s security, we’re sharing this list of ten social engineering ploys your employees might not recognize: Vishing – voice calls from scammers claiming to be a bank, the IRS, tech support, etc. SEO hijacking – using…

Data Breaches Wallop Customer Confidence

We’ve mentioned before that poor data security has a hefty price tag. The Equifax breach earlier this year shows just how expensive it can get. The company’s third quarter earnings results show that it’s already spent $87.5 million in things like investigation and remediation. More significantly, Equifax’s revenues dropped 42 percent over the quarter, and it’s lost more than 25…

Don’t Pass on Security Patching

The WannaCry ransomware attack and the Equifax breach prove, yet again, something we’ve been saying for a long time: Patching software isn’t exciting, but it’s critical. So why don’t companies do it? Teri Radichel of WatchGuard Technologies says companies don’t patch because it’s hard, technically and organizationally. That’s our experience, too. And we agree with her solution to the challenge:…

Doing Due Diligence for Cybersecurity

Whether you’re protecting your own data or your customers’, it’s more important than ever to evaluate the cybersecurity measures taken by your service providers and vendors. Here are several things to consider: Hyperscale providers like Google or Amazon aren’t likely to let you look around their data centers. Choose a smaller provider that will give you hands-on assurances. Evaluate your…

Lead, Don’t Bleed

As cybersecurity threats become more complex and frequent, it’s critical to keep security tools up to date — but many small and midsize businesses don’t have a security strategy at all, never mind the latest defenses. Don’t leap to the latest and greatest without following these best practices, too: Keep your operating systems and software up to date Shut down…
Menu