Resources

Cybersecurity (risk) assessments and compliance audits are often considered one and the same. However, while related, these two approaches are different cybersecurity evaluation techniques. While compliance audits examine whether an organization’s IT security measures adequately meet a specific Standard (i.e., HIPAA, PCI, SOC, CMMC), cybersecurity assessments look at how effective those measures are and provide a…

Why the ROI Can Be Significant When You Achieve NIST 800-171 Compliance for CMMC The National Institute of Standards and Technology (NIST) is the agency that promotes the highest cybersecurity standards for public and private sector IT networks. This agency has updated Special Publication 800-171 to help protect sensitive government data that may be found…

Can Cyber Insurance Companies Accurately Determine Cyber Risk? Hardly a day goes by when we do not hear about a significant hacking event with serious repercussions. Organizations face downtime, loss of data, potentially significant fines, and issues with reputation. Little wonder that they are looking for protection through insurance policies at the same time as…

Security and compliance awareness training transforms a company’s greatest security risk — its people — into its greatest defensive asset. When companies empower their employees through security awareness training, they gain a host of unbeatable benefits like reduced security costs, increased compliance, and a big edge against cyberattacks. Over our 3 Part Series, each scenario…

Security and compliance awareness training transforms a company’s greatest security risk — its people — into its greatest defensive asset. When companies empower their employees through security awareness training, they gain a host of unbeatable benefits like reduced security costs, increased compliance, and a big edge against cyberattacks. Over our 3 Part Series, each scenario…

Security and compliance awareness training transforms a company’s greatest security risk — its people — into its greatest defensive asset. When companies empower their employees through security awareness training, they gain a host of unbeatable benefits like reduced security costs, increased compliance, and a big edge against cyberattacks. Over our 3 Part Series, each scenario…

10 SMB Data Breach Statistics ~ Small Businesses ARE NOT Immune The number of recorded data breaches in 2021 has exceeded the total number of events 2020 by 17%, with 1,291 breaches in 2021 compared to 1,108 breaches in 2020 More than 60% of breaches result from misused, stolen or purchased credentials An estimated 85% of data breaches involve a human element.…

For better or worse, CMMC is now CMMC 2.0 – this is the result of the Pentagon’s recent CMMC internal review process. It will affect different DoD Contractors in different ways, bringing minor to moderate changes, depending on their individual CMMC compliance aspirations or requirements.    CMMC 2.0 — What’s New? The Department of Defense…

The Confusion between Penetration Testing vs. Vulnerability Assessment There seems to be a certain amount of confusion within the Information Technology arena about the differences between Penetration Testing and Vulnerability Assessment. They are often classified as the same thing, when in fact they are not. Penetration Testing is more aggressive and intrusive, it goes a…

  2020 saw a lot of changes, and not just in the personal sector of our lives. At the beginning of the year, the US Department of Defense (DoD) – recognizing a growing need for increased cybersecurity – released a new certification system for all of its contractors and subcontractors. The Cybersecurity Maturity Model Certification…

Organizations rely on third-party vendors for a variety of services, from payroll processing to HVAC maintenance to information technology services. Every vendor relationship brings potential security risks, and shortfalls in one vendor can compromise sensitive data throughout the supply chain. Vendor management programs, service level agreements, and long-term monitoring are valuable tools for managing vendor…

Cyber security has become a priority for most organizations, and rightly so. Data breaches are a real risk, and cybercriminals aren’t going away. The “prohibition” approach (or “zero trust”), which limits access to web pages and applications, is a go-to model for data protection. But are security programs interfering with business performance? Research suggests that…

You’ve just discovered there are compromised employee credentials or other sensitive data of your company exposed and available on the Dark Web. The reality is, once exposed on the Dark Web, your information cannot ever be completely removed or hidden. You cannot file a complaint or contact a support line to demand your data be…

What Is DFARS Interim Rule? DFARS is a set of legal requirements demanding that all Department of Defense (DoD) contractors meet predefined cyber security standards. In September 2020, the DoD released the DFARS Interim Rule that took effect on November 30, 2020. The new interim rule introduced three additional clauses to DFARS: 7019, 7020, and…

Cyber security remains a critical element to any organization as cyber threats continue to become increasingly sophisticated, expensive, and disruptive.  As detailed below, there are many high-profile examples of cyber breaches, however it’s very important to understand that the same risk level applies to every company equally – regardless of size, industry etc. According to…

In this age of rapidly evolving technology, a corporate privacy program is indispensable to a large organization. Regulations that govern personal data collection and storage are becoming more stringent worldwide. An organization needs a dedicated team to keep everyone up to date on the latest rulings and risks. A formal privacy program establishes leadership and…

A lot of businesses today rely upon cloud-based systems to operate. These include the use of cloud-based storage, online marketing systems, digital media, social media marketing, and so on. But as reports of data breaches and security threats continue to increase, clients and customers need some extra reassurance that the company they are doing business…

SUMMARY: DoD is issuing an interim rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS) to implement a DoD Assessment Methodology and Cybersecurity Maturity Model Certification (CMMC) framework in order to assess contractor implementation of cybersecurity requirements and enhance the protection of unclassified information within the DoD supply chain. DATES: Effective November 30, 2020.…

On January 31, 2020, the US Department of Defense (DoD) rolled out the long-awaited Cybersecurity Maturity Model Certification (CMMC). So if you’re a DoD contractor, how does the CMMC affect you, and what should you do now to prepare for implementation? Here’s a rundown of everything you need to know. What is the CMMC? The CMMC…

If you’re a service company such as a cloud or SaaS provider, you need to pass what’s called the System Organization Controls (SOC) 2 audit. Passing the audit shows that you take cybersecurity seriously. But how do you pass? Well, you need to: Choose which of the 5 SOC 2 principles apply Instruct an assessment based on…

The COVID-19 era has succeeded in making remote work mainstream, mainly because of quarantine and social distancing policies. While some companies and employees have been able to make the change quite easily, remote work is not without its complications and risk. Many corporate networks are protected by layers of security. However, with most companies having…

All it takes is a single email for hackers to gain access and steal company data. Whenever an email lands in your inbox, there’s a chance it’s a phishing scam. This is because email phishing scams are extremely common. In fact, studies suggest that phishing scams cause 90% of all company data breaches. So how do…

The DoD’s Cybersecurity Maturity Model Certification (CMMC) is now in force, but what does this mean for DoD contractors? Well, every company must now prove they have sufficient cyber security in place to protect sensitive data before they can work for the DoD. So if you plan on bidding for DoD contracts, here’s a brief practical guide…

Cyber security is a constantly changing field with constantly changing requirements. Recently, companies have found increasing technical jargon inserted into their contracts with third parties (ie customers and vendors).  These companies seek to ensure that they are protecting themselves from cyber threats by the way of third parties that they connect to. However, this technical…

Cybercriminals and terrorists never rest, not even during global pandemics. The cost will almost always weigh heavier on smaller businesses and organizations that lack the expertise to protect themselves against online threats. In-house security requires businesses to invest heavily in hiring or training qualified staff. However, many organizations struggle to find sufficient resources to cover their…

Why Application Security Should Begin at Planning As cybersecurity threats become more potent and prevalent, the need to make apps more secure by identifying and fixing vulnerabilities and enhancing their security is critical. Application security has been getting more attention lately, especially after the Veracode “State of Software Security Vol. 10” report revealed that 83…

4 Tips for Managing Cybersecurity Threats from Within Most companies usually develop and implement cybersecurity strategies aimed at external threats. However, according to the Ponemon Institute’s and IBM Security’s “2019 Cost of a Data Breach Report,” cyberattacks from the outside only account for half of data breaches; the other half stems from internal factors, including…

The COVID-19 outbreak has forced many organizations to encourage or instruct their employees to work remotely. Besides the need for social distancing at the moment, remote working is still prevalent in the modern, flexible workplace. A recent survey confirmed that globally, 50 percent of employees work outside their main offices for at least two to…

With the world’s economy and governments disrupted, cybercriminals have reportedly stepped up their efforts to take advantage of the situation. Whether they come from rogue nations, terrorist groups or criminal organizations, cyber-attacks continually evolve in sophistication. They also steadily strive to broaden their field of action. No matter how small or remote your organization, you…

Worldwide health crises like the COVID-19 global pandemic, SARS in 2003 and the avian flu of 2008 are bleak reminders of how governments, social institutions and economies can succumb to biological forces beyond human control. The breakdown in the socio-political and economic fabric of affected nations — both developed and developing — reveal how lack…

How to Ensure Vendor Compliance Data security compliance regulations are designed to help companies ensure the integrity, security and availability of the sensitive data they handle. Organizations must comply with these rules and guidelines to protect their systems and data from security breaches and other types of risks. With the tremendous amount of data handled and…

Cyber Insurance Policies Should Be Customized | Ransomware Insurance Why You Need a Cyber Insurance Policy Tailored to Your Business With the slew of cyberattacks and data breaches escalating in terms of cost and scale of damage through the years, cyber insurance has come to the forefront of discussions. While still a relative newcomer to…

It’s no secret that large corporations and SMBs alike are struggling in the wake of the COVID-19 pandemic as social distancing measures slow global economic activity. Unfortunately, bad actors are not taking time off. In fact, the rapid shift to telework has only made company data more vulnerable, increasing the importance of comprehensive security. When times are tough, no company can afford…

FedRAMP stands for Federal Risk and Authorization Management Program. It is: Designed to make sure that cloud services used by the government and other entities are secure, safe, and reliable Mandatory for all organizations that provide cloud services to government entities A uniform program that deals with security assessment, authorization, and observation for entities dealing…

But First, Why Data Security Needs To Be a Company Priority… Cybersecurity threats and data breaches have haunted establishments the world over since vulnerabilities accessible via the internet were revealed. Earlier tinkering with yet-to-be-discovered computer capabilities led Bob Thomas to invent the Creeper (on the ARPANET), to which Ray Tomlinson (the man who invented email)…

What is Phishing? On January 2, 1996, the “AOHell” cyber threat struck America Online (AOL), at that time the No.1 internet provider in the country. AOHell was the name of one of the thousands of programs created by hackers to be used for stealing passwords and credit card information by using AOL’s instant messenger and email…

NEVADA’S ACT RELATING TO INTERNET PRIVACY Senate Bill 220, or “An Act relating to Internet privacy,” will require organizations who run websites that collect and maintain data to comply months ahead of 2020, by October 1, 2019 THE CALIFORNIA CONSUMER PRIVACY ACT (CCPA) A state statute intended to enhance privacy rights and consumer protection for…

NIST 800-171—All You Need to Know In this day and age, information is king. This means that data handling and recordkeeping are critical processes that help businesses build and maintain the trust and confidence of their vendors, contractors, partners, and customers. Of course, when the federal government gets involved in any way, cybersecurity for the protection…

Achieving NIST 800-171 Compliance For organizations handling controlled unclassified information (CUI), ensuring data protection is paramount as this data can be a target for serious, sophisticated cyberattacks. In fact, past and current orchestrated attacks on programs and assets containing CUI have prompted the Department of Defense (DoD) to work with and get the assistance of…

Why a Focus on Cybersecurity is Critical? Cybersecurity Auditing, data breaches, and other digital era dangers show up in headlines every day.  The even more sobering reality is that most of these events never become public knowledge.  In other words, we only hear about a small percentage of the incidents. Just within the past few…

Managed (IT) Services Providers, or “MSP”s, have increasingly become the target of hackers especially since the beginning of 2019.  And as a result, over the last twelve months, several documented attacks have taken place, with various hacking groups gaining unauthorized access to thousands of computers and the computer networks of MSP’s clients. Once an MSP is breached,…

CCPA Compliance for Businesses The California Consumer Privacy Act (CCPA) comes into effect on January 1, 2020.  Its provisions are focused on the protection of consumer privacy and will affect all companies dealing with consumer data in California.  Companies will be required to ensure that they have comprehensive compliance policies in place to protect both…

The Dark Web—Dangers That Lurk and How to Avoid Them Everyone who has ever been on the internet uses the Surface Web, which is the section of the World Wide Web that’s accessible to the public and searchable using the usual search engines. However, there’s a place on the internet where users are virtually untraceable:…

Whether you want to make your internal and vendor audit programs better or need help creating them, it’s critical to engage an experienced team of professionals to help ensure you have everything in place to meet both your clients’ and your regulatory demands. Reviewing your current audit program may result in needing an upgrade—or even…

ORGANIZATIONS NEED TO ANTICIPATE AREAS OF IT RISK AND STRATEGIZE TO MANAGE IT AT THE EXECUTIVE LEVEL. A virtual CSO can bring both strategic and operational leadership on security to companies that can’t afford a full-time person in the role. Security is crucial in a technological environment, especially with all the complex risks that accompany…

Security Awareness Program – It’s not wise to assume that employees know even the most basic tenets of cybersecurity. To prepare employees for a sophisticated cyberattack, a cybersecurity professional is needed who understands that security requires a proactive approach and is always current on all the latest tactics of cybercriminals. Today’s business leaders may believe…

A best practice for protecting IT systems against everchanging and costly cyber threats Yearly assessments are necessary because no organization in the 21st century can afford for IT systems to face compromise without a plan of defense, response, and recovery. For some organizations, yearly reports are an exercise in box checking. Leadership wants reports, but…

A MUST FOR DOING INTERNATIONAL DIGITAL BUSINESS TODAY. To combat the explosion of digital malefactors aiming to steal and disrupt, Privacy Shield and the General Data Protection Regulation have emerged to protect data and international business. Despite what the media may think, the interconnected global economy is nothing new. The economic collapse of the early…

A cyberattack could mean a significant loss of business, lawsuits or much worse. Performing regular risk assessments help generate a greater sense of trust with clients and investors and as a result, better position companies to win business and strengthen their reputation. Is it ever “OK” for a company to be willing to risk losing…

Interactive Security strives to provide clarity in the complex world of Information Technology. Here, we review 10 of the top myths of IT Security Compliance and Risk Analysis: The security risk analysis is optional for small providers. False. All providers who are “covered entities” under HIPAA are required to perform a risk analysis. In addition,…

Why You Need Both Penetration Testing and Vulnerability Scans Threats to data and system security have never been more numerous or sophisticated. Only last year, the City of Atlanta spent millions to restore their systems after a ransomware attack.  Great Britain reported a 200 percent leap in ransomware attacks from 2018 into 2019.  Even worse,…

Protect Vital Data and Operations Against Ransomware Cyberattacks Ransomware has seized a prime position in global headlines. Major targets, such as the city of Atlanta or an Australian heart hospital, gain most of the attention. Cybercriminals, however, understand that business, government, and nonprofit operations on a smaller scale struggle to pay for defenses against attack.…

Effectively leverage all the SKILLS of a Virtual CISO at a much lower cost. To ensure fulfillment of information security mandates and comply with given standards and laws, some organizations rely on an outsourced Trusted Advisor In 2019 virtually every organization from small startups to large corporations understand the need to focus on information security…

Gain a Competitive Edge with Data Security Compliance The complexities of operating any organization can be quite daunting, especially considering today’s technology-centric world.  Data security and compliance against various industry standards/regulations has become a fundamental business requirement of operating an organization in any industry. Fortunately, along with this new technology challenge of compliance, comes a…

Cybersecurity is growing as a challenge to healthcare, with increasingly frequent breaches occurring at various points along the way.  HIPAA Cybersecurity presents even greater challenges than other industries based on scope alone. The industry is far-reaching, implements a diversity of data, and lacks the sophisticated equipment needed to protect it. HIPAA Cybersecurity is growing as…

Protecting personal and financial information is paramount to the well-being any individual or organization.