Does Your Company Need Data Breach Insurance?

Data Breach Insurance: Is It Necessary? edited We know that data/networks can and should be secured more effectively. While no security system will ever be 100% bulletproof, there are glaring issues with bad practice in all of the recent high-profile breaches. We’ll look at why this might be happening in a follow-up post this week, […]

Key Takeaways From The TalkTalk Breach

As you may already have heard, a 15-year-old was arrested for what is being called one of the UK’s biggest cybercrimes to date – the successful attack on British ISP TalkTalk last week. TalkTalk services the consumer and small business markets. The data breach suffered by the company was most likely the result of a […]

Malware 2016

Prevent, detect, and contain: that’s the National Security Agency (NSA) advice for mitigating the damage of malware attacks. The NSA is warning businesses and agencies to prepare for an upswing of attacks in which data is not only stolen/exposed, but is, along with the network systems that house the data,  destroyed or left unusable in […]

Man-In-The Middle Exploits and the IOT

Man-In-The Middle Exploits and the IOT There are roughly 25 billion smart devices and objects busily gathering data and beaming information back to their respective motherships (and business partners). That’s up from 7 billion things a mere five years ago. And five years from now? The consensus is that 50 billion things will be interconnected, […]

Securing Health Care Records

Insider negligence is no longer the number one cause of data breaches in the healthcare industry—cybertheft and physical theft have now claimed the dubious honor. The Ponemon Institute’s Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data shows that healthcare information has become a prime target for malicious hackers, with lone cybercriminals and […]

Data Security Lessons To Learn Right Now

Data Security Lessons To Learn Right Now Much has been said about the recent Ashley Madison (AM) hack attack, and even more was said about the subsequent data dump of highly sensitive customer information. Are there lessons to be learned from AM? To some extent—the consequences would have been worse had card data not been […]

Compliance Audits And Data Security

A random audit program to gauge Phase 2 HIPAA compliance is expected to be underway soon. This round will target business associates, including financial institutions that are typically exempted from HIPAA compliance when they provide what are considered to be typical banking services such as payment processing and credit/loans. But financial institutions that “create, receive, […]

HIPAA and Your Business Associates

The number of claims filed under the Health Insurance Portability and Accountability Act (HIPAA) have spiked recently. The latest figures from the U.S. Department of Health and Human Services (DHS) show that the government is increasing its enforcement efforts regarding the federal privacy law. The U.S. Office of Civil Rights (OCR) has reported that it […]

The Clock Is Ticking – Part 2 Migrate From SSL/TLS Now

It has now been over a month since the Payment Card Industry Data Security Standard (PCI DSS) 3.0 as officially retired on June 30. In part 1 of this series on PCI DSS 3.1 migration, we noted that version 3.1 was swiftly introduced in April 2015 as a response to major security flaws discovered in open […]

Malware Risk Management

Prevent, detect, and contain: that’s the National Security Agency (NSA) advice for mitigating the damage of malware attacks. The NSA’s new report, “Defensive Best Practices Against Destructive Malware,” provides a good proactive baseline for warding off attacks, along with advice on how to keep attackers from running amuck after they have gained some access to […]