Resources

Categories

Cybersecurity Maturity Model Certification

Preparing for CMMC: A Guide to Getting Certified

  2020 saw a lot of changes, and not just in the personal sector of our lives. At the beginning of the year, the US Department of Defense (DoD) – recognizing a growing need for increased cybersecurity – released a new certification system for all of its contractors and subcontractors. The Cybersecurity Maturity Model Certification…
Read More
Vendor Management | Importance of Actively Managing 3rd Party Vendors

Vendor Management – The Importance of Actively Managing 3rd Party Vendors

Organizations rely on third-party vendors for a variety of services, from payroll processing to HVAC maintenance to information technology services. Every vendor relationship brings potential security risks, and shortfalls in one vendor can compromise sensitive data throughout the supply chain. Vendor management programs, service level agreements, and long-term monitoring are valuable tools for managing vendor…
Read More
Risk Management

Ensure Cyber Risk Management Doesn’t Impede Business Performance

Cyber security has become a priority for most organizations, and rightly so. Data breaches are a real risk, and cybercriminals aren’t going away. The “prohibition” approach (or “zero trust”), which limits access to web pages and applications, is a go-to model for data protection. But are security programs interfering with business performance? Research suggests that…
Read More
Password Security

Your Credentials Have Been Compromised – Now What?

You’ve just discovered there are compromised employee credentials or other sensitive data of your company exposed and available on the Dark Web. The reality is, once exposed on the Dark Web, your information cannot ever be completely removed or hidden. You cannot file a complaint or contact a support line to demand your data be…
Read More
DFARS Interim Rule

DFARS Interim Rule – Need to Act NOW

What Is DFARS Interim Rule? DFARS is a set of legal requirements demanding that all Department of Defense (DoD) contractors meet predefined cyber security standards. In September 2020, the DoD released the DFARS Interim Rule that took effect on November 30, 2020. The new interim rule introduced three additional clauses to DFARS: 7019, 7020, and…
Read More
Cyber Security | A Top Business Risk and Opportunity in 2021

Cyber Security – A Top Business Risk….and Opportunity in 2021

Cyber security remains a critical element to any organization as cyber threats continue to become increasingly sophisticated, expensive, and disruptive.  As detailed below, there are many high-profile examples of cyber breaches, however it’s very important to understand that the same risk level applies to every company equally – regardless of size, industry etc. According to…
Read More
Build a Corporate Privacy Program | Interactive Security

Build a Corporate Privacy Program

In this age of rapidly evolving technology, a corporate privacy program is indispensable to a large organization. Regulations that govern personal data collection and storage are becoming more stringent worldwide. An organization needs a dedicated team to keep everyone up to date on the latest rulings and risks. A formal privacy program establishes leadership and…
Read More
independent-auditors-report

Warning – Assessors should NOT be Assessing Themselves

A lot of businesses today rely upon cloud-based systems to operate. These include the use of cloud-based storage, online marketing systems, digital media, social media marketing, and so on. But as reports of data breaches and security threats continue to increase, clients and customers need some extra reassurance that the company they are doing business…
Read More

Know About the DFARS Interim Rule 11/30/20 Deadline re: CMMC Compliance?

SUMMARY: DoD is issuing an interim rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS) to implement a DoD Assessment Methodology and Cybersecurity Maturity Model Certification (CMMC) framework in order to assess contractor implementation of cybersecurity requirements and enhance the protection of unclassified information within the DoD supply chain. DATES: Effective November 30, 2020.…
Read More
Cybersecurity Maturity Model Certification

Now is the Time to Get Ready for CMMC

On January 31, 2020, the US Department of Defense (DoD) rolled out the long-awaited Cybersecurity Maturity Model Certification (CMMC). So if you’re a DoD contractor, how does the CMMC affect you, and what should you do now to prepare for implementation? Here’s a rundown of everything you need to know. What is the CMMC? The CMMC…
Read More
Understanding SOC 2

Understanding SOC 2 and Deciding Which Principles Are Right Your Company

If you’re a service company such as a cloud or SaaS provider, you need to pass what’s called the System Organization Controls (SOC) 2 audit. Passing the audit shows that you take cybersecurity seriously. But how do you pass? Well, you need to: Choose which of the 5 SOC 2 principles apply Instruct an assessment based on…
Read More
Remote Workers Security

Remote Workers – Implementing a Risk Based Cyber Security Plan

The COVID-19 era has succeeded in making remote work mainstream, mainly because of quarantine and social distancing policies. While some companies and employees have been able to make the change quite easily, remote work is not without its complications and risk. Many corporate networks are protected by layers of security. However, with most companies having…
Read More
Email Phishing Cyber Threat

Email Phishing – Your Organization’s Biggest Cyber Threat

All it takes is a single email for hackers to gain access and steal company data. Whenever an email lands in your inbox, there’s a chance it’s a phishing scam. This is because email phishing scams are extremely common. In fact, studies suggest that phishing scams cause 90% of all company data breaches. So how do…
Read More
CMMC compliance

CMMC – Cyber Security Requirement for all DoD Contractors

The DoD’s Cybersecurity Maturity Model Certification (CMMC) is now in force, but what does this mean for DoD contractors? Well, every company must now prove they have sufficient cyber security in place to protect sensitive data before they can work for the DoD. So if you plan on bidding for DoD contracts, here’s a brief practical guide…
Read More
cyber security contracts

Beware – Cyber Security Language in Your Third-Party Contracts

Cyber security is a constantly changing field with constantly changing requirements. Recently, companies have found increasing technical jargon inserted into their contracts with third parties (ie customers and vendors).  These companies seek to ensure that they are protecting themselves from cyber threats by the way of third parties that they connect to. However, this technical…
Read More
Third-Party Cyber Security Service

Benefits of Using a Third-Party Cyber Security Service

Cybercriminals and terrorists never rest, not even during global pandemics. The cost will almost always weigh heavier on smaller businesses and organizations that lack the expertise to protect themselves against online threats. In-house security requires businesses to invest heavily in hiring or training qualified staff. However, many organizations struggle to find sufficient resources to cover their…
Read More
application security planning

Application Security Begins at Planning

Why Application Security Should Begin at Planning As cybersecurity threats become more potent and prevalent, the need to make apps more secure by identifying and fixing vulnerabilities and enhancing their security is critical. Application security has been getting more attention lately, especially after the Veracode “State of Software Security Vol. 10” report revealed that 83…
Read More
Cybersecurity Threats

Managing Security Threats from Within

4 Tips for Managing Cybersecurity Threats from Within Most companies usually develop and implement cybersecurity strategies aimed at external threats. However, according to the Ponemon Institute’s and IBM Security’s “2019 Cost of a Data Breach Report,” cyberattacks from the outside only account for half of data breaches; the other half stems from internal factors, including…
Read More
Cybersecurity and Compliance

Prioritize Cybersecurity & Compliance When Business Operations Are Forced to Rapidly Shift

The COVID-19 outbreak has forced many organizations to encourage or instruct their employees to work remotely. Besides the need for social distancing at the moment, remote working is still prevalent in the modern, flexible workplace. A recent survey confirmed that globally, 50 percent of employees work outside their main offices for at least two to…
Read More
Third-Party Versus First-Party Cyber Insurance Loss

Third-Party Versus First-Party Cyber Insurance Loss

With the world’s economy and governments disrupted, cybercriminals have reportedly stepped up their efforts to take advantage of the situation. Whether they come from rogue nations, terrorist groups or criminal organizations, cyber-attacks continually evolve in sophistication. They also steadily strive to broaden their field of action. No matter how small or remote your organization, you…
Read More
Did your Pandemic Plan Perform

Did your Pandemic Plan Perform?

Worldwide health crises like the COVID-19 global pandemic, SARS in 2003 and the avian flu of 2008 are bleak reminders of how governments, social institutions and economies can succumb to biological forces beyond human control. The breakdown in the socio-political and economic fabric of affected nations — both developed and developing — reveal how lack…
Read More
data security compliance - Vendor Management Program

Data Security Compliance Risk Without Compliant Vendors?

How to Ensure Vendor Compliance Data security compliance regulations are designed to help companies ensure the integrity, security and availability of the sensitive data they handle. Organizations must comply with these rules and guidelines to protect their systems and data from security breaches and other types of risks. With the tremendous amount of data handled and…
Read More
Cyber Insurance Policies

Cyber Insurance Policies Should Be Customized

Cyber Insurance Policies Should Be Customized | Ransomware Insurance Why You Need a Cyber Insurance Policy Tailored to Your Business With the slew of cyberattacks and data breaches escalating in terms of cost and scale of damage through the years, cyber insurance has come to the forefront of discussions. While still a relative newcomer to…
Read More
covid-19 dark web

COVID-19 and The State of the Dark Web (and Your Data) 2020

It’s no secret that large corporations and SMBs alike are struggling in the wake of the COVID-19 pandemic as social distancing measures slow global economic activity. Unfortunately, bad actors are not taking time off. In fact, the rapid shift to telework has only made company data more vulnerable, increasing the importance of comprehensive security. When times are tough, no company can afford…
Read More
what is fedramp

What is FedRAMP?

FedRAMP stands for Federal Risk and Authorization Management Program. It is: Designed to make sure that cloud services used by the government and other entities are secure, safe, and reliable Mandatory for all organizations that provide cloud services to government entities A uniform program that deals with security assessment, authorization, and observation for entities dealing…
Read More
Critical Data Security Program

Why Executive Buy-in Is Critical for a Successful Data Security Program

But First, Why Data Security Needs To Be a Company Priority… Cybersecurity threats and data breaches have haunted establishments the world over since vulnerabilities accessible via the internet were revealed. Earlier tinkering with yet-to-be-discovered computer capabilities led Bob Thomas to invent the Creeper (on the ARPANET), to which Ray Tomlinson (the man who invented email)…
Read More
what is phishing

The Value of Simulated Phishing Attacks to Organizations

What is Phishing? On January 2, 1996, the “AOHell” cyber threat struck America Online (AOL), at that time the No.1 internet provider in the country. AOHell was the name of one of the thousands of programs created by hackers to be used for stealing passwords and credit card information by using AOL’s instant messenger and email…
Read More
Consumer Privacy Act

States with Consumer Data Privacy Laws

NEVADA’S ACT RELATING TO INTERNET PRIVACY Senate Bill 220, or “An Act relating to Internet privacy,” will require organizations who run websites that collect and maintain data to comply months ahead of 2020, by October 1, 2019 THE CALIFORNIA CONSUMER PRIVACY ACT (CCPA) A state statute intended to enhance privacy rights and consumer protection for…
Read More
Nist 800-171 compliance

Review of NIST 800-171

NIST 800-171—All You Need to Know In this day and age, information is king. This means that data handling and recordkeeping are critical processes that help businesses build and maintain the trust and confidence of their vendors, contractors, partners, and customers. Of course, when the federal government gets involved in any way, cybersecurity for the protection…
Read More
NIST 800-171

Obtaining NIST 800-171 Compliance

Achieving NIST 800-171 Compliance For organizations handling controlled unclassified information (CUI), ensuring data protection is paramount as this data can be a target for serious, sophisticated cyberattacks. In fact, past and current orchestrated attacks on programs and assets containing CUI have prompted the Department of Defense (DoD) to work with and get the assistance of…
Read More
Cybersecurity Auditing

Cybersecurity Auditing – Work with the RIGHT Auditor

Why a Focus on Cybersecurity is Critical? Cybersecurity Auditing, data breaches, and other digital era dangers show up in headlines every day.  The even more sobering reality is that most of these events never become public knowledge.  In other words, we only hear about a small percentage of the incidents. Just within the past few…
Read More
MSPs Are Priority Targets for Hackers

MSPs are Priority Targets for Hackers

Managed (IT) Services Providers, or “MSP”s, have increasingly become the target of hackers especially since the beginning of 2019.  And as a result, over the last twelve months, several documented attacks have taken place, with various hacking groups gaining unauthorized access to thousands of computers and the computer networks of MSP’s clients. Once an MSP is breached,…
Read More
California Consumer Privacy Act (CCPA)

Intro to the California Consumer Privacy Act (CCPA)

CCPA Compliance for Businesses The California Consumer Privacy Act (CCPA) comes into effect on January 1, 2020.  Its provisions are focused on the protection of consumer privacy and will affect all companies dealing with consumer data in California.  Companies will be required to ensure that they have comprehensive compliance policies in place to protect both…
Read More
dark web internet security firm

The Dark Web

The Dark Web—Dangers That Lurk and How to Avoid Them Everyone who has ever been on the internet uses the Surface Web, which is the section of the World Wide Web that’s accessible to the public and searchable using the usual search engines. However, there’s a place on the internet where users are virtually untraceable:…
Read More
Building a Vendor Management Program

Building a Vendor Management Program

Whether you want to make your internal and vendor audit programs better or need help creating them, it’s critical to engage an experienced team of professionals to help ensure you have everything in place to meet both your clients’ and your regulatory demands. Reviewing your current audit program may result in needing an upgrade—or even…
Read More
Benefits of Using a Virtual CSO/CPO

Benefits of Using a Virtual CSO/CPO

ORGANIZATIONS NEED TO ANTICIPATE AREAS OF IT RISK AND STRATEGIZE TO MANAGE IT AT THE EXECUTIVE LEVEL. A virtual CSO can bring both strategic and operational leadership on security to companies that can’t afford a full-time person in the role. Security is crucial in a technological environment, especially with all the complex risks that accompany…
Read More
Security Awareness Program

Building A Security Awareness Program

Security Awareness Program – It’s not wise to assume that employees know even the most basic tenets of cybersecurity. To prepare employees for a sophisticated cyberattack, a cybersecurity professional is needed who understands that security requires a proactive approach and is always current on all the latest tactics of cybercriminals. Today’s business leaders may believe…
Read More
risk assessment

Completing A Yearly Risk Assessment

A best practice for protecting IT systems against everchanging and costly cyber threats Yearly assessments are necessary because no organization in the 21st century can afford for IT systems to face compromise without a plan of defense, response, and recovery. For some organizations, yearly reports are an exercise in box checking. Leadership wants reports, but…
Read More
Complying with Privacy Shield and GDPR Compliance

Complying with Privacy Shield and GDPR

A MUST FOR DOING INTERNATIONAL DIGITAL BUSINESS TODAY. To combat the explosion of digital malefactors aiming to steal and disrupt, Privacy Shield and the General Data Protection Regulation have emerged to protect data and international business. Despite what the media may think, the interconnected global economy is nothing new. The economic collapse of the early…
Read More
HIPAA Risk Assessment

Justifying Regular Risk Assessments

A cyberattack could mean a significant loss of business, lawsuits or much worse. Performing regular risk assessments help generate a greater sense of trust with clients and investors and as a result, better position companies to win business and strengthen their reputation. Is it ever “OK” for a company to be willing to risk losing…
Read More
Security Risk Analysis

Top 10 Myths of Security Risk Analysis

Interactive Security strives to provide clarity in the complex world of Information Technology. Here, we review 10 of the top myths of IT Security Compliance and Risk Analysis: The security risk analysis is optional for small providers. False. All providers who are “covered entities” under HIPAA are required to perform a risk analysis. In addition,…
Read More
Understanding Vulnerability Scans and Penetration Testing

Understanding Vulnerability Scanning and Penetration Testing ~ And why they both are important

Why You Need Both Penetration Testing and Vulnerability Scans Threats to data and system security have never been more numerous or sophisticated. Only last year, the City of Atlanta spent millions to restore their systems after a ransomware attack.  Great Britain reported a 200 percent leap in ransomware attacks from 2018 into 2019.  Even worse,…
Read More
Ransomware Cyberattacks

How to protect against Ransomware Cyberattacks Strikes

Protect Vital Data and Operations Against Ransomware Cyberattacks Ransomware has seized a prime position in global headlines. Major targets, such as the city of Atlanta or an Australian heart hospital, gain most of the attention. Cybercriminals, however, understand that business, government, and nonprofit operations on a smaller scale struggle to pay for defenses against attack.…
Read More
Certified Chief Information Security Officer (CISO)

The Case for Virtual CISO Services

Effectively leverage all the SKILLS of a Virtual CISO at a much lower cost. To ensure fulfillment of information security mandates and comply with given standards and laws, some organizations rely on an outsourced Trusted Advisor In 2019 virtually every organization from small startups to large corporations understand the need to focus on information security…
Read More
Data Security Compliance

Grow Company Revenue Through Data Security Compliance

Gain a Competitive Edge with Data Security Compliance The complexities of operating any organization can be quite daunting, especially considering today’s technology-centric world.  Data security and compliance against various industry standards/regulations has become a fundamental business requirement of operating an organization in any industry. Fortunately, along with this new technology challenge of compliance, comes a…
Read More
HIPAA Cybersecurity for Healthcare Industry

Top 5 Cybersecurity Challenges Faced by the Healthcare Industry

Cybersecurity is growing as a challenge to healthcare, with increasingly frequent breaches occurring at various points along the way.  HIPAA Cybersecurity presents even greater challenges than other industries based on scope alone. The industry is far-reaching, implements a diversity of data, and lacks the sophisticated equipment needed to protect it. HIPAA Cybersecurity is growing as…
Read More
PCI DSS Service Provider

Saving Money with a PCI-DSS Scope Reduction

Protecting personal and financial information is paramount to the well-being any individual or organization.
Read More