The broad term "data breach" is spouted regularly in the news, in company communications, and in financial and health care forums. Although this umbrella term was used before the digital age; since then, it has evolved from niche discussions to ubiquity.
Read MoreDespite the fact that they’ve been around since the 90s, SQL injection attacks are still making headlines. Well-documented by security organizations like the Open Web Application Security Project (OWASP), SQL injection attacks should be well-known territory to any IT security professional.
Read MoreDrive-by-download attacks sound like the made-up ranting of a conspiracy theorist. Is it really possible for your computer to become malware infected simply from visiting a legitimate website that has been hacked?
Read MoreSecuring electronic personal health information (ePHI) to maintain Health Insurance Portability and Accountability Act (HIPAA) and other regulatory compliance can be a challenging task. Doing so while ensuring patients feel welcome and confident in your organization’s data security practices is even more challenging.
Read MoreA quick search on “electronic protected health information (ePHI) breach” and it’s clear why ePHI protection remains one of the top concerns for many organizations—within and beyond the healthcare industry. Learn how to avoid ePHI data breaches and keep your reputation safe.
Read MoreIn our two previous posts on cyber resilience (CR)—how you manage operational risk and protect your assets—we explored how a holistic approach is best practice for a security-minded organization. Continuing to build on that knowledge foundation, this third part in the series explores risk management, external dependencies management, training and situational awareness.
Read MoreIT security and vulnerability management are broad terms that encompass a vast array of tools, practices, and approaches, with plenty of space to make mistakes.
Read MoreAccess control is a complex undertaking, which leaves it ripe for vulnerabilities and risks. Consider these five ways to shore-up your access control security approach and ensure your user permissions and settings aren’t putting you at risk.
Read MoreCyber resilience (CR)—how you manage operational risk and protect your assets—is, or should be, the goal of every security-minded organization. Building on our previous CR post, let’s explore additional tenets of CR, including vulnerability, incident, and service continuity management.
Read MoreNetworks are often protected with security implementations that are developed using external service providers. So, how are you supposed to know if these providers have compromised your data? How do you go about auditing the security posture of external service providers? Here are a few best practices to help examine your risk exposure and, if necessary, take action.
Read MoreIf the headlines are any indication, data breaches seem to be happening at a nearly continuous rate among companies large and small, costing millions of dollars—and those are just the reported incidents.
Read MoreBusiness email compromise (BEC) attacks are increasing at a staggering rate. These social engineering attacks are cleverly disguised and can fool even the best of them. So, what exactly is a BEC attack and how can you protect your company from falling victim?
Read MoreSo much confusion surrounds the roles, activities, and approaches involved with compliance management and security risk management. Where does one end and the other begin?
Read MoreAt the beginning of last year, dozens of businesses began to report similar attacks—social engineering attacks looking to acquire W-2 information. As the year progressed, additional attacks were reported, and now, in the midst of the 2017 tax season, businesses should brace for W-2 phishers.
Read MoreThe news is covered with headlines of successful social engineering attacks that have affected companies large and small. So, what exactly is a social engineering attack and how do you protect your organization?
Read MoreAccording to the Ponemon Institute’s fourth annual study on data breach corporate preparedness, Is Your Company Ready for a Big Data Breach?, 52 percent of companies experienced data breaches in 2016. This is an increase of 33 since in 2013. A data security breach is an incident in which an unauthorized individual steals, uses, or views protected, sensitive, or confidential data, and data breaches affect organizations small and large across all industries. Learn about the biggest 2017 cybersecurity trends and how to mitigate breaches below.
Read MoreThe Health Insurance Portability and Accountability Act (HIPAA) regulates covered entities that include most health care organizations and professionals as well as the businesses they associate with, holding those entities to reporting and security requirements. HIPAA audits, including performance and security audits, ensure those entities effectively and efficiently remain in compliance with the regulation.
Read MoreThe transition from IPv4 to IPv6 can open your organization to security risks and threats. With awareness of these potential issues, you can prepare and protect your business accordingly. Educate yourself about the following vulnerabilities to safeguard your organization.
Read MoreSocial media phishing attempts continue to increase at an alarming rate, putting your staff and your organization at risk. To protect your business, educate yourself and your employees about what to look for to avoid social media phishing attacks. Through education and diligence, you can prevent costly outcomes to avoidable attacks.
Read MoreThe release of the next version of the Payment Card Industry (PCI) Data Security Standard (DSS) is upon us. Version 3.2 was published in late spring 2016 and will be considered best practice until the end of January 2018—and effective as a requirement starting February 2018. Follow these PCI DSS 3.2 Requirements and Security Assessment Procedures to ensure your organization is prepared.
Read MoreSign up with your email address to receive news and updates.
