IT Security Best Practices

Enhance your cybersecurity knowledge and practices with expert insights. Access articles on cyber hygiene, security policy guidelines, and effective incident response strategies to bolster your organization’s defenses.

Cyber Incident Response Playbook

Cyber Incident Response Playbook Now Available to Help Manufacturers of Medical Products

The Healthcare Sector Coordinating Council (HSCC) has published a Medical Product Manufacturer Cyber Incident Playbook (MPM CIRP). This comprehensive guide is designed to help medical product manufacturers prepare for and respond effectively to cyber incidents … Read more

Why ‘one-size’ data protection training does not fit all

Why ‘one-size’ data protection training does not fit all

“Data protection training”  – this phrase will not conjure up a great deal of excitement among the staff of any company. That said, public awareness of data violations and the interests individuals have in protecting … Read more

Data Protection Risks of Working from Home 

The shift towards remote work, accelerated by the COVID-19 pandemic, has introduced various data protection challenges. Although some companies, such as Boeing and UPS have made high-profile calls for workers to come back to the … Read more

F5 BIG-IP Unencrypted Cookie Exploitation

CISA Issues Alert to F5 BIG-IP Users on Unencrypted Cookie Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised concerns for F5 BIG-IP users, warning that malicious actors are exploiting unencrypted cookies to gain information into internal network servers, potentially leading to targeted attacks … Read more

National Cybersecurity Awareness Month

Observing National Cybersecurity Awareness Month in 2024

National Cybersecurity Awareness Month is a month-long event held in October aimed at promoting cybersecurity and sharing best practices to help individuals and organizations protect themselves online. The theme in 2024 is “Secure Our World.” … Read more

cybersecurity fire drills

What are cybersecurity fire drills?

As a cybersecurity professional, you’re asked the same question every time you meet with your executives or Board:  “What’s the worst that can happen, and how prepared are we?” Deep down, you know you don’t … Read more

Lessons from Suffolk County’s Ransomware Attack

In September 2022, Suffolk County, New York, became the victim of a ransomware attack carried out by the AlphV/BlackCat group. This incident crippled government services for months, disrupted emergency operations, and cost the county over … Read more

Planning for a data breach

Cybersecurity is an evolving disciple which faces new threats daily. Despite the best efforts to secure information systems, absolute protection remains an unattainable goal. For any organization, the possibility of a data breach is not … Read more

Back to basics: The importance of staff training in data protection

It is not glamorous, but the simple truth is that perhaps the most important aspect of a Data Protection Officer’s (DPO) mission is to ensure that effective staff training for the safeguarding of sensitive information … Read more

NISTs New Guidelines for Digital Identity Security

The National Institute of Standards and Technology (NIST) has released the second public draft of its updated Digital Identity Guidelines, aiming to improve the way people verify their identity online. The updated guidance focuses on … Read more

Hidden sensitivities: Broadening employee awareness of data security

An often overlooked aspect of data security is the potential for sensitive personal information to be concealed in seemingly mundane data. Companies and organizations need to raise employee awareness to ensure comprehensive protection of all … Read more

OCR Issue Advice on Importance of Facility Access Controls in Latest Cybersecurity Newsletter

The Office for Civil Rights (OCR) has issued a reminder to all HIPAA-regulated entities through its latest cybersecurity newsletter. Facility Access Controls are not a formality, they are a necessary aspect in securing electronic protected … Read more

Understanding HIPAA Training Requirements

Understanding HIPAA Training Requirements The Health Insurance Portability and Accountability Act (HIPAA) training requirements ensure that healthcare organizations and their business associates comply with the regulations designed to protect the privacy and security of Protected … Read more

HIPAA Violation Email Examples

There are thousands of HIPAA violation email examples in the public domain, and likely many more thousands not made public due to the reporting requirements of HHS’ Office for Civil Rights and State Attorneys General. … Read more

What are the HIPAA Email Rules?

The HIPAA email rules are that email can only be used to send, receive, or store Protected Health Information (PHI) if the reason for PHI being disclosed is consistent with the Privacy Rule, and if … Read more

Legal Issues Around Paying Ransomware

Ransomware attacks are one of the most serious cybersecurity threats facing businesses 2024. This kind of attack involves a malicious actor encrypting a victim’s data and then making a demand for a ransom payment in … Read more

The Increasing Complexity of Privacy Laws in the USA

As far back as 2017, it was estimated that the world was producing some 2.5 quintillion bytes of data each day. Fueled by the explosion of internet use and the digitisation of all aspects of … Read more

Password Guidelines and Recommendations

World Password Day is celebrated on the first Thursday of May. It was founded in 2013 with the objective of increasing awareness of the significance of using complex and unique passwords and implementing password guidelines … Read more

Incident Response Playbook: our guidelines for 2024

Incident response playbooks establish standardized procedures for dealing with IT security incidents. These procedures detail explicit actions that an organization should undertake in preparation for, response to, and recovery from these specific incident types. In … Read more

The Mandiant incident: A wake-up call in cybersecurity

In a recent and significant cybersecurity event, Mandiant, a Google-owned cybersecurity firm, fell victim to a sophisticated cyberattack. This breach, part of a larger cryptocurrency phishing operation, not only exposed security vulnerabilities but also led … Read more

Safeguarding IoT security : Best practices in 2024

As we venture deeper into the Internet of Things (IoT) era, the security of these interconnected systems becomes increasingly vital. In 2024, IoT ecosystems are more complex and widespread, touching virtually every aspect of our … Read more

Warning Against LokiBot Malware and Increasing Remote Access Software Threats

HHS Publishes Alert Against LokiBot Malware The Health Sector Cybersecurity Coordination Center (hC3) has publicized an Analyst Note regarding LokiBot – one of the most common and persistent malware variants. LokiBot, also known as Loki … Read more

Finding the Common Causes of Hacking/IT Incidents

The common source of healthcare data breach data is HHS Office for Civil Rights Breach Report. Although it is an important source of data to know the developments in data breaches, the Breach Report has … Read more

Delaware’s Comprehensive Data Privacy Law and HSCC’s Coordinated Healthcare Incident Response Plan Template

Comprehensive Data Privacy Law Passed by the Delaware Legislature The Delaware legislature passed a comprehensive new data privacy law. Delaware Governor John Charles Carney Jr is likely to sign the Personal Data Privacy Act making … Read more

Trends in Data Breaches According to the 2023 Verizon Data Breach Investigations Report

Trends in Data Breaches According to the 2023 Verizon Data Breach Investigations Report Verizon 2023 DBIR: Rising Social Engineering Attacks While Ransomware Plateaus The Verizon 2023 Data Breach Investigations Report (DBIR) was published to offer … Read more

How the Federal Government Can Strengthen Healthcare Cybersecurity

The U.S. Senate Committee on Homeland Security and Governmental Affairs conducted a hearing to look at cybersecurity threats to the healthcare industry, what healthcare companies and the federal government are doing to overcome those risks, … Read more

Applications of AI in Healthcare

The subject of AI in healthcare frequently gets different responses. Although a number of people believe in the advantages of using AI in healthcare and the substantial rewards to patients, other people have worries concerning … Read more

Feds Publish Guidance on Responding and Lowering Impact of DDoS Attacks

The Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Cybersecurity and Infrastructure Security Agency (CISA) just released guidance for government and private institutions on the avoidance and mitigation … Read more

CISA Director Encourage All Healthcare Providers to Use FIDO Authentication

The Director of the Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, is traveling across the country as part of the Cybersecurity Awareness Month. She’s been promoting the best practices of cybersecurity, telling everyone the … Read more

HC3 Advisory About Growing Vishing Attacks and the Risks of Social Engineering

The Health Sector Cybersecurity Coordination Center has alerted the healthcare and public health (HPH) sector regarding the growing social engineering and voice phishing (vishing) attacks. In cybersecurity terminology, social engineering is the control of people … Read more

Google Tells About New Ways to Secure User Privacy on Healthcare Stuff

Google has reported that it is going to do something to enhance the privacy security for consumers of its services. Google has always favored a complete, national privacy law that covers consumer data to make … Read more

HHS Alerts HPH Sector Concerning Insider Threats in Medical Care

A lot of healthcare data breaches are taking place, however, not all privacy and security issues arise from outside the company. The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HCC) has … Read more

How Small Healthcare Organizations Differ from Large Healthcare Providers with Regards to Security

The latest Software Advice survey of healthcare companies gives information on healthcare data breaches, their underlying causes, and the distinct security strategies at small and big healthcare organizations. The survey engaged 130 small practices with … Read more

Highlighting the Importance of Cybersecurity This Cybersecurity Awareness Month

The topic of the 4th week of Cybersecurity Awareness Month is “Cybersecurity First.” The emphasis is on letting businesses know about the importance of cybersecurity steps to handle vulnerabilities in products, operations, and individuals. Cybersecurity … Read more

CISA Released Insider Threat Self-Assessment Tool

Public and private industry companies have a new tool that can be used to evaluate how much they are vulnerable to insider threats. The Cybersecurity and Infrastructure Security Agency (CISA) created this new Insider Threat … Read more

Is Bitwarden the Easiest Password Manager to Use?

Bitwarden is one of the most popular password managers on the market today and will be a strong contender for anyone wishing to add an additional level of security for their personal/business devices or network. … Read more

Is Bitwarden the Best Place to Store Passwords?

Bitwarden is one of the best password managers available, offering robust security and a great set of features for a very reasonable price, with impressive free tiers for individuals and even small businesses. It is … Read more

What is Best Password Manager for Small Businesses?

It can be a difficult and daunting task deciding what password manager your small business should invest in. While, on one hand, you are probably dealing with a restrictive cybersecurity budget, on the other hand, … Read more

Can Bitwarden be Trusted?

When you are completing your market research to identify the ideal password manager for your business, you will no doubt find yourself asking if each product is trustworthy. After all, if you are going to … Read more

Sharing Passwords Securely

Over the past year, with the onset of the COVID-19 pandemic and the increase in remote working by employees, the need to safely and securely work and collaborate from a distance has been crucial for … Read more

Setting up a Strong Password

One of the most common vulnerabilities exploited by cybercriminals is weak passwords. Hackers use brute force tactics to guess weak passwords, trying various possible passwords until the correct one is guessed. The process is automated … Read more

Best Enterprise Password Manager

Large companies use enterprise-level password management solutions to enforce their password policies, improve productivity, and store the passwords of their employees and third-party contractors safely and securely.  There are many different enterprise password management solutions … Read more

Best Password Manager for Android

Identifying the best password manager for android users can be a daunting task as the vast majority of password management solutions are specifically designed for desktop computer use. The onus is on the individual doing … Read more

Is it Safe to Use your Browser to Save Passwords?

It may seem like a great convenience to be able to save all of your most-used passwords in web browsers so that you do not have to continuously enter them every time you use a … Read more

Healthcare Organizations Dealing with Higher Cyber Insurance Costs for Less Coverage

The number of cyberattacks currently being reported is greater than ever before. A few years ago, healthcare cyberattack reports are received at a rate of one each day, however, in 2021, there have been months … Read more

Ransomware Mitigations to Protect Your Business

It has been a particularly bad year for ransomware attacks on businesses. Many of the attacked businesses have been unprepared for a ransomware attack and did not implement sufficient ransomware mitigations. Had proactive steps been … Read more

What Password Manager is the Most Cost Effective between Bitwarden, 1Password vs KeePass?

Bitwarden, 1Password and KeePass are among the best and most secure password managers available for businesses to add to their cybersecurity suite. Deciding which one is the most cost effective for your business will depend … Read more

Best Password Managers for iPhones in 2021

Choosing a secure, reliable password manager for your iPhone can be a daunting task. To assist you with this we have put together a list of the best iPhone password managers available in 2021. A … Read more

Best Practices for Managed Services Providers to Adopt to Prevent Cyberattacks

Managed Service Providers are an attractive target for cybercriminals. If a threat actor succeeds in gaining access to an MSP’s network, they can use the same remote management tools that MSPs use to conduct attacks … Read more

How to Prevent a Man in the Middle Attack

You will no doubt have heard of a man in the middle (MiTM) attack. Here we define this attack method, explain how a MiTM attack occurs, and show you how to prevent a man in … Read more