Category: BAI Security Blog
Credit union

What to Know About the FFIEC’s Cybersecurity Assessment Tool FAQ

Back in 2015, the Federal Financial Institutions Examination Council (FFIEC) released its Cybersecurity Assessment Tool. Designed to assist financial institutions of all sizes identify and assess risks and weaknesses in their cybersecurity posture, it has notably been met with widespread confusion and complaints. The FFIEC has recently tried to clear some of this up by releasing a “Frequently Asked Questions” guide to the tool, with mixed results. Original Concerns These complaints include everything from critiques on the effectiveness of the tool to confusion over whether it is truly voluntary or not and frustration over the amount of time needed to collect and input data into the tool itself. Banking institutions have also been wondering exactly how this tool should be

Read More »
BAI Security October 31, 2016
BAI Security Compromise Assessment

Unseen Consequences: The Ripple Effects of a Data Breach

A data breach results in some obvious, immediate impacts. Your customers’ and/or patients’ data is exposed, for one. Even if you don’t lose their business, there will likely be some fences to mend to regain their trust. However, what often gets lost in the aftermath of significant breaches is the ripple effect these attacks can have on all levels of your business. These ripples are currently shaking an in-transition Yahoo to its core. Market Loss As you’ve probably heard, Yahoo recently announced that at least 500 million user accounts were breached in a late 2014 attack, making it potentially one of the largest cyber breaches ever. This news came at a particularly bad time, as Verizon was willing to bid

Read More »
BAI Security October 20, 2016
Banking

The Year of Ransomware

Ransomware is a threat you’ve probably heard a lot about in 2016. That’s not without good reason – it’s one of the main cybersecurity threats facing businesses today. Though preventative steps do exist, this is still an extremely effective attack method you can’t afford to ignore. One successful attack is all it takes to set your business back drastically. The Method Victims of ransomware receive demands for bitcoins, the volatile virtual currency whose value to real world dollars can rapidly change at any moment, making it even more difficult for a business to secure their data’s release. The standard attack goes like this: Online gangs of cyber criminals remotely encrypt and lock computers, leaving victims with a ransom screen they can’t

Read More »
BAI Security October 7, 2016
Breach

The Threat from Within

Previously we’ve written about breaches caused by outside sources: cyber criminals and the virulent programs designed to rob you of valuable information. These are faceless criminals off in the distance. But what happens when the source of the breach is closer to home? A Florida-based pediatric practice recently had to find out, as Bank Info Security reported. Stolen Information The Pediatric Gastroenterology, Hepatology & Nutrition of Florida recently had a former administrative employee indicted in federal court for alleged identity theft and fraud crimes. This employee, along with two other individuals not associated with the medical office, have been accused of stealing patient information. An indictment document cited by Bank Info Security notes that: “It was a part of the

Read More »
BAI Security September 22, 2016
antivirus

Best Practices for Network Security

Cyber-crime is growing at a tremendous rate. It’s become an organized big business opportunity for criminals, and is projected to grow to $600 billion this year, larger than any other form of crime. – Forbes, May 3, 2016 It may seem hard at times to keep pace with the ever-changing and emerging threats posed to your network, and by extension, to your business. The threats are constantly evolving and don’t discriminate based on the size of your business. It’s not a matter of whether your network is at risk; if you have a network, your network – and your business – are at risk. The real question that you need to answer is: are you prepared? So how do you

Read More »
BAI Security September 8, 2016
Data breach

When Your Customers Suffer: The Banner Health Breach

According to Bank Info Security, Arizona-based Banner Health recently suffered a breach large enough to notify their 3.7 million customers. Banner, which operates 29 hospitals, discovered the attack on July 7th. The attackers gained access through payment card processing systems in some of their food and beverage outlets, after doing so the attackers also found a  door left open allowing access to  clients’ healthcare information. As Bank Info Security notes, the hack “exposed cardholders’ names, card numbers, expiration dates and verification codes as the data was being routed through the affected systems. Cards used at affected outlets between June 23 and July 7 were affected. Card transactions used to pay for medical services were not affected.” The full list of

Read More »
BAI Security September 1, 2016
Compliance

The Cost of Lacking Security: OHSU HIPAA Settlement

One data breach is enough to wreak havoc on any organization. The damage one could do to your relationship with customers could be catastrophic for your business, and the fallout can cause you to rethink your entire security strategy. To add insult to injury, there are also typically steep financial penalties. Healthcare Info Security recently reported on data breaches suffered by Oregon Health & Science University (OHSU) and the HIPAA settlement they will have to pay. OHSU now owes $2.7 million stemming from two 2013 data breaches that affected over 7,066 individuals. One breach involved the theft of an unencrypted laptop from a surgeon’s rental vacation home, while the other was from OHSU using a cloud storage system without the

Read More »
BAI Security August 18, 2016
IT Security

Social Engineering: What It Is, and How You Can Prevent It

You’re probably aware of some standard IT security threats, like viruses, ransomware, various different kinds of malware and more. These make headlines and, more importantly, fit our conception of standard cyber-criminal attacks – programs designed to steal our data and information. However, there are arguably more pressing threats to your business that you may not be familiar with. From time to time, your security profile can fall under attack, and you won’t know until it’s too late. Meet one of the most pressing IT security threats facing the world right now: social engineering. The Threat Social engineering is a method of getting people to willingly give out valuable information about either themselves or a company that employs them. Classified as a

Read More »
BAI Security August 4, 2016

Get More From Your Next IT Audit

Periodic IT audits are not only required; they are a necessity for companies looking to keep up with rapidly changing cyber security threats. Allocating funds to these regular IT checks may not sound like the most exciting way to spend the budget, but we have a few tricks to help you get more out of your next audit. Assess Locations We often see businesses addressing security exclusively at their headquarters location. Headquarters generally present the biggest risk for security breaches, but branches may not have the same protection systems and/or the same staff security awareness, which can present serious risks as well. Covering all of your company’s bases and ensuring that each branch passes a security assessment is a good

Read More »
BAI Security July 5, 2016

Modern-Day Bank Robbers Strike From Afar—Is Your Security Up to Date?

Bank heists are the stuff of legends – but the most recent theft of more than $80 million from Bangladesh central bank shows that robbers don’t even need to leave their homes to make off with their loot. Investigators believe the attack, which funneled $81 billion from the bank’s international settlement account at the Federal Reserve Bank in New York to payees in the Philippines and Sri Lanka, was made possible by malware that infiltrated the bank in Bangladesh. Once attackers learned how to withdraw from the central bank’s systems – a process that took a few weeks before the actual theft – they initiated dozens of transactions at the Federal Reserve Bank using stolen SWIFT credentials. While the specific

Read More »
BAI Security March 30, 2016

Recent Posts

Keywords

CONTACT

READY TO LEARN MORE?

We’re here to discuss your upcoming IT security assessment and compliance audit needs.

CONTACT US
SCHEDULE A CALL

Let´s network on

Linkedin Twitter

BAI Security

ABOUT US

SERVICES

Contact