HIPAA has strict rules governing patient data storage and sharing. However in limited circumstances, the HIPAA Privacy Rule allows a covered entity to use or disclose a patient’s Protected Health Information (PHI) without prior written authorization. First in our series of HIPAA in-depth blog posts, this piece looks at circumstances under which you don’t require […]
What is the principle of zero trust security?
Zero trust security is an IT security model centered around the concept that organizations should verify every person and device attempting to access their systems and data, whether they are inside or outside the network perimeter, before permitting access. In essence, it’s the idea that no digital entity can simply be trusted to be who […]
Colonial Pipeline data breach document: Malware likely cause
Colonial Pipeline was hacked recently. The cyberattack that forced the United States’ largest gasoline pipeline shutdown has triggered fresh questions about the vulnerability of the country’s vital infrastructure and businesses at large to cybercriminals. The breach at Alpharetta, Ga.-based company, is the latest high-profile cyberattack reminder that many of the nation’s businesses aren’t prepared to […]
How remote work setups can lead to higher risks of sensitive data leaks
The benefits of a distributed, remote workforce are plentiful for organizations. From low costs to improved employee wellbeing, it’s easy to see why many companies are planning to let their employees work remotely even after the pandemic ends. However, remote working also presents unique cybersecurity challenges. As employees communicate and collaborate across different cities, states […]
Current trends in phishing emails
Phishing is the single most important risk for employees to introduce malware within organizations. Effective training to spot this risk in incoming emails is table stakes for all organizations, no matter the size. This article synthesis the latest research on what phishing email look like and tips on improving your company’s risk posture. According to […]
When documents attack: malware inserted in attachments
Document-based malware is pretty common these days. An email analysis by Barracuda Networks revealed malware hidden in documents accounts for over 50 percent of all malicious files. This trend appears to be gaining momentum as cyber crooks continue to spam documents, according to WatchGuard, a tech security company. While these documents look legit, they come […]
What is sensitive data?
Every time you sign up for a new service, buy something online or, even apply for a job, you automatically share your personal information. If you look back over the hundreds of online interactions you’ve had over the years, it gives you an inkling as to how many businesses have processed information about you. Then, […]
Shadow IT 2.0: New Risks in the PaaS Era
For IT and security leaders, the term ‘shadow IT’ tends to send a shiver down the spine. About ten years ago, it became an epidemic in the corporate world. The consumerization of cloud applications, combined with the rise of bring your own device (BYOD), led to employees downloading non-authorized applications, for work purposes, in their […]
What is data loss prevention (DLP)?
Data breaches have become a regular mainstay of daily life. For every security patch or vulnerability disclosure, it seems there’s a corresponding data loss incident somewhere. Consider the following recent incidents: And those are just over the past week, not even counting the worst data breach incidents that affected Forbes 500 companies like Yahoo, eBay, […]
What is personal identifiable information (PII)?
In a hyper-connected world, individual data footprints can be found everywhere. Each day, millions of people share information like email addresses, banking details and telephone numbers across applications and web browsers. This type of information is known as personally identifiable information (PII), and there’s a 100% chance your organization processes it – either via customers, […]
Monthly cyber risks report for all employees-security culture builder
According to a 2021 PwC report, 71 percent of CEOs in the United States want to know their companies’ day-to-day cyber threats. Still, that doesn’t mean they understand the intrigues of cybersecurity. As a CISO, this translates to three things: You’ll need to keep the C-suite adequately informed about current cyber threats. You must create […]