IT Security Best Practices
Enhance your cybersecurity knowledge and practices with expert insights. Access articles on cyber hygiene, security policy guidelines, and effective incident response strategies to bolster your organization’s defenses.
Cyber Incident Response Playbook Now Available to Help Manufacturers of Medical Products
The Healthcare Sector Coordinating Council (HSCC) has published a Medical Product Manufacturer Cyber Incident Playbook (MPM CIRP). This comprehensive guide is designed to help medical product manufacturers prepare for and respond effectively to cyber incidents … Read more
Why ‘one-size’ data protection training does not fit all
“Data protection training” – this phrase will not conjure up a great deal of excitement among the staff of any company. That said, public awareness of data violations and the interests individuals have in protecting … Read more
Data Protection Risks of Working from Home
The shift towards remote work, accelerated by the COVID-19 pandemic, has introduced various data protection challenges. Although some companies, such as Boeing and UPS have made high-profile calls for workers to come back to the … Read more
CISA Issues Alert to F5 BIG-IP Users on Unencrypted Cookie Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised concerns for F5 BIG-IP users, warning that malicious actors are exploiting unencrypted cookies to gain information into internal network servers, potentially leading to targeted attacks … Read more
Observing National Cybersecurity Awareness Month in 2024
National Cybersecurity Awareness Month is a month-long event held in October aimed at promoting cybersecurity and sharing best practices to help individuals and organizations protect themselves online. The theme in 2024 is “Secure Our World.” … Read more
What are cybersecurity fire drills?
As a cybersecurity professional, you’re asked the same question every time you meet with your executives or Board: “What’s the worst that can happen, and how prepared are we?” Deep down, you know you don’t … Read more
Lessons from Suffolk County’s Ransomware Attack
In September 2022, Suffolk County, New York, became the victim of a ransomware attack carried out by the AlphV/BlackCat group. This incident crippled government services for months, disrupted emergency operations, and cost the county over … Read more
Planning for a data breach
Cybersecurity is an evolving disciple which faces new threats daily. Despite the best efforts to secure information systems, absolute protection remains an unattainable goal. For any organization, the possibility of a data breach is not … Read more
Back to basics: The importance of staff training in data protection
It is not glamorous, but the simple truth is that perhaps the most important aspect of a Data Protection Officer’s (DPO) mission is to ensure that effective staff training for the safeguarding of sensitive information … Read more
NISTs New Guidelines for Digital Identity Security
The National Institute of Standards and Technology (NIST) has released the second public draft of its updated Digital Identity Guidelines, aiming to improve the way people verify their identity online. The updated guidance focuses on … Read more
Hidden sensitivities: Broadening employee awareness of data security
An often overlooked aspect of data security is the potential for sensitive personal information to be concealed in seemingly mundane data. Companies and organizations need to raise employee awareness to ensure comprehensive protection of all … Read more
OCR Issue Advice on Importance of Facility Access Controls in Latest Cybersecurity Newsletter
The Office for Civil Rights (OCR) has issued a reminder to all HIPAA-regulated entities through its latest cybersecurity newsletter. Facility Access Controls are not a formality, they are a necessary aspect in securing electronic protected … Read more
Understanding HIPAA Training Requirements
Understanding HIPAA Training Requirements The Health Insurance Portability and Accountability Act (HIPAA) training requirements ensure that healthcare organizations and their business associates comply with the regulations designed to protect the privacy and security of Protected … Read more
HIPAA Violation Email Examples
There are thousands of HIPAA violation email examples in the public domain, and likely many more thousands not made public due to the reporting requirements of HHS’ Office for Civil Rights and State Attorneys General. … Read more
What are the HIPAA Email Rules?
The HIPAA email rules are that email can only be used to send, receive, or store Protected Health Information (PHI) if the reason for PHI being disclosed is consistent with the Privacy Rule, and if … Read more
Legal Issues Around Paying Ransomware
Ransomware attacks are one of the most serious cybersecurity threats facing businesses 2024. This kind of attack involves a malicious actor encrypting a victim’s data and then making a demand for a ransom payment in … Read more
The Increasing Complexity of Privacy Laws in the USA
As far back as 2017, it was estimated that the world was producing some 2.5 quintillion bytes of data each day. Fueled by the explosion of internet use and the digitisation of all aspects of … Read more
Password Guidelines and Recommendations
World Password Day is celebrated on the first Thursday of May. It was founded in 2013 with the objective of increasing awareness of the significance of using complex and unique passwords and implementing password guidelines … Read more
Incident Response Playbook: our guidelines for 2024
Incident response playbooks establish standardized procedures for dealing with IT security incidents. These procedures detail explicit actions that an organization should undertake in preparation for, response to, and recovery from these specific incident types. In … Read more
The Mandiant incident: A wake-up call in cybersecurity
In a recent and significant cybersecurity event, Mandiant, a Google-owned cybersecurity firm, fell victim to a sophisticated cyberattack. This breach, part of a larger cryptocurrency phishing operation, not only exposed security vulnerabilities but also led … Read more
Safeguarding IoT security : Best practices in 2024
As we venture deeper into the Internet of Things (IoT) era, the security of these interconnected systems becomes increasingly vital. In 2024, IoT ecosystems are more complex and widespread, touching virtually every aspect of our … Read more
Warning Against LokiBot Malware and Increasing Remote Access Software Threats
HHS Publishes Alert Against LokiBot Malware The Health Sector Cybersecurity Coordination Center (hC3) has publicized an Analyst Note regarding LokiBot – one of the most common and persistent malware variants. LokiBot, also known as Loki … Read more
Finding the Common Causes of Hacking/IT Incidents
The common source of healthcare data breach data is HHS Office for Civil Rights Breach Report. Although it is an important source of data to know the developments in data breaches, the Breach Report has … Read more
Delaware’s Comprehensive Data Privacy Law and HSCC’s Coordinated Healthcare Incident Response Plan Template
Comprehensive Data Privacy Law Passed by the Delaware Legislature The Delaware legislature passed a comprehensive new data privacy law. Delaware Governor John Charles Carney Jr is likely to sign the Personal Data Privacy Act making … Read more
Trends in Data Breaches According to the 2023 Verizon Data Breach Investigations Report
Trends in Data Breaches According to the 2023 Verizon Data Breach Investigations Report Verizon 2023 DBIR: Rising Social Engineering Attacks While Ransomware Plateaus The Verizon 2023 Data Breach Investigations Report (DBIR) was published to offer … Read more
How the Federal Government Can Strengthen Healthcare Cybersecurity
The U.S. Senate Committee on Homeland Security and Governmental Affairs conducted a hearing to look at cybersecurity threats to the healthcare industry, what healthcare companies and the federal government are doing to overcome those risks, … Read more
Applications of AI in Healthcare
The subject of AI in healthcare frequently gets different responses. Although a number of people believe in the advantages of using AI in healthcare and the substantial rewards to patients, other people have worries concerning … Read more
Feds Publish Guidance on Responding and Lowering Impact of DDoS Attacks
The Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Cybersecurity and Infrastructure Security Agency (CISA) just released guidance for government and private institutions on the avoidance and mitigation … Read more
CISA Director Encourage All Healthcare Providers to Use FIDO Authentication
The Director of the Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, is traveling across the country as part of the Cybersecurity Awareness Month. She’s been promoting the best practices of cybersecurity, telling everyone the … Read more
HC3 Advisory About Growing Vishing Attacks and the Risks of Social Engineering
The Health Sector Cybersecurity Coordination Center has alerted the healthcare and public health (HPH) sector regarding the growing social engineering and voice phishing (vishing) attacks. In cybersecurity terminology, social engineering is the control of people … Read more
Google Tells About New Ways to Secure User Privacy on Healthcare Stuff
Google has reported that it is going to do something to enhance the privacy security for consumers of its services. Google has always favored a complete, national privacy law that covers consumer data to make … Read more
HHS Alerts HPH Sector Concerning Insider Threats in Medical Care
A lot of healthcare data breaches are taking place, however, not all privacy and security issues arise from outside the company. The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HCC) has … Read more
How Small Healthcare Organizations Differ from Large Healthcare Providers with Regards to Security
The latest Software Advice survey of healthcare companies gives information on healthcare data breaches, their underlying causes, and the distinct security strategies at small and big healthcare organizations. The survey engaged 130 small practices with … Read more
Highlighting the Importance of Cybersecurity This Cybersecurity Awareness Month
The topic of the 4th week of Cybersecurity Awareness Month is “Cybersecurity First.” The emphasis is on letting businesses know about the importance of cybersecurity steps to handle vulnerabilities in products, operations, and individuals. Cybersecurity … Read more
CISA Released Insider Threat Self-Assessment Tool
Public and private industry companies have a new tool that can be used to evaluate how much they are vulnerable to insider threats. The Cybersecurity and Infrastructure Security Agency (CISA) created this new Insider Threat … Read more
Is Bitwarden the Easiest Password Manager to Use?
Bitwarden is one of the most popular password managers on the market today and will be a strong contender for anyone wishing to add an additional level of security for their personal/business devices or network. … Read more
Is Bitwarden the Best Place to Store Passwords?
Bitwarden is one of the best password managers available, offering robust security and a great set of features for a very reasonable price, with impressive free tiers for individuals and even small businesses. It is … Read more
What is Best Password Manager for Small Businesses?
It can be a difficult and daunting task deciding what password manager your small business should invest in. While, on one hand, you are probably dealing with a restrictive cybersecurity budget, on the other hand, … Read more
Can Bitwarden be Trusted?
When you are completing your market research to identify the ideal password manager for your business, you will no doubt find yourself asking if each product is trustworthy. After all, if you are going to … Read more
Sharing Passwords Securely
Over the past year, with the onset of the COVID-19 pandemic and the increase in remote working by employees, the need to safely and securely work and collaborate from a distance has been crucial for … Read more
Setting up a Strong Password
One of the most common vulnerabilities exploited by cybercriminals is weak passwords. Hackers use brute force tactics to guess weak passwords, trying various possible passwords until the correct one is guessed. The process is automated … Read more
Best Enterprise Password Manager
Large companies use enterprise-level password management solutions to enforce their password policies, improve productivity, and store the passwords of their employees and third-party contractors safely and securely. There are many different enterprise password management solutions … Read more
Best Password Manager for Android
Identifying the best password manager for android users can be a daunting task as the vast majority of password management solutions are specifically designed for desktop computer use. The onus is on the individual doing … Read more
Is it Safe to Use your Browser to Save Passwords?
It may seem like a great convenience to be able to save all of your most-used passwords in web browsers so that you do not have to continuously enter them every time you use a … Read more
Healthcare Organizations Dealing with Higher Cyber Insurance Costs for Less Coverage
The number of cyberattacks currently being reported is greater than ever before. A few years ago, healthcare cyberattack reports are received at a rate of one each day, however, in 2021, there have been months … Read more
Ransomware Mitigations to Protect Your Business
It has been a particularly bad year for ransomware attacks on businesses. Many of the attacked businesses have been unprepared for a ransomware attack and did not implement sufficient ransomware mitigations. Had proactive steps been … Read more
What Password Manager is the Most Cost Effective between Bitwarden, 1Password vs KeePass?
Bitwarden, 1Password and KeePass are among the best and most secure password managers available for businesses to add to their cybersecurity suite. Deciding which one is the most cost effective for your business will depend … Read more
Best Password Managers for iPhones in 2021
Choosing a secure, reliable password manager for your iPhone can be a daunting task. To assist you with this we have put together a list of the best iPhone password managers available in 2021. A … Read more
Best Practices for Managed Services Providers to Adopt to Prevent Cyberattacks
Managed Service Providers are an attractive target for cybercriminals. If a threat actor succeeds in gaining access to an MSP’s network, they can use the same remote management tools that MSPs use to conduct attacks … Read more
How to Prevent a Man in the Middle Attack
You will no doubt have heard of a man in the middle (MiTM) attack. Here we define this attack method, explain how a MiTM attack occurs, and show you how to prevent a man in … Read more