News Archives - Third Rock

CCPA enforcement has begun

Cathy Diehl — Mon, 20 Jul 2020 13:19:47 +0000

The California Attorney General’s office recently confirmed that July 1 remained the start of enforcement for the new California Consumer Privacy Act (CCPA). The office has already sent it’s first round of compliance letters to businesses, giving them 30 days to cure any violations before facing an investigation or lawsuit.

With the disruptions that occurred due to the COVID-19 pandemic in the United States, many may have thought CCPA would be pushed back to allow businesses to deal with other issues. However, with the exponential increase in cyber threats, better data protection is exactly what we need.

The focus of CCPA is giving consumers more control of their data. Consumers must be clearly notified when their data will be collected, have the option to opt out, request information about how their data is used and sold, and require their data to be deleted.

There is also a provision for consumers to bring allegations against a company if they feel their data was not properly managed. Though some small lawsuits have been filed, one of the largest to date was recently brought against Walmart by a San Francisco resident, claiming they “Failed to implement and maintain reasonable security procedures and practices”.

Will this set the tone for businesses to be sued by customers looking for a payout? Hard to say but no doubt there will be many more complaints and lawsuits. Is your business both complaint and protected? Our CCPA compliance packages offer a range of services to meet your needs rapidly and protect your business. Contact us today.

The post CCPA enforcement has begun appeared first on Third Rock.

Third Rock moves to new office

Robert Felps — Mon, 24 Feb 2020 19:58:00 +0000

Since 1995, Third Rock has been creating solutions to help businesses navigate the confusing world of cybersecurity and compliance. We took our combined knowledge and years of experience to build a better way to manage cyber risk.

As our business continues to grow, Third Rock is on the move. In order to better serve our local clients, Third Rock is upgrading its office space. With more room for conferencing, we are ready to help your business work toward cyber resilience. Contact us to set up a time to talk about starting your journey toward Cyber Confidence.

595 Round Rock West Dr Suite 401, Round Rock, Tx 78681

The post Third Rock moves to new office appeared first on Third Rock.

Announcing CyberCompass, LLC

Cathy Diehl — Wed, 01 Jan 2020 16:45:00 +0000

Since 1995, Third Rock has been leading in improving privacy compliance and cybersecurity affordably. Starting with HIPAA compliance and seeing how healthcare was strapped with only spreadsheets as their only tool, Third Rock developed automation tools with built-in expertise to move their clients to faster and more complete cyber risk management.

“Healthcare organizations are highly-targeted by cyber threats yet have the lowest utilization of risk management software to help manage their risks.” stated Robert Felps, Third Rock CEO.

CyberCompass® cloud-based platform was born as a solution to automate the workflow and provide the navigation needed for businesses to protect themselves today and stay current as the cyber landscape and privacy laws evolve. Third Rock quickly saw that its solution was adopted by Texas Medical Liability Trust, the largest insurer of physicians in the country, Texas Health Services Authorization with its SecureTexas certification, and Texas Medical Association.

With the enactment of privacy laws and the expansion of the tool into other industries, CyberCompass has gone through significant and more user-friendly enhancements to save companies up to 70% of work hours. The most powerful enhancement is the capability to do multiple regulations with one streamline assessment. Excess Line Association of New York is currently offering CyberCompass as a free membership benefit so insurance brokers can meet New York Department of Finance 500 cybersecurity compliance certification. CyberCompass includes the following privacy and cybersecurity regulations: CCPA, CIS-20 GDPR, HIPAA, NAIC 668, NYDFS 500, NIST 171 800, and numerous state regulations.

Seeing the increased demand for the software and its ability to simplify cyber risk management, streamline privacy compliance and improve cybersecurity holistically, CyberCompass, LLC becomes effective on January 1, 2020. Spinning off as a separate entity, CyberCompass as well as its other tools such as CyberQuickCheck, will have greater flexibility to establish various distribution opportunities through resellers, value added resellers, strategic alliances, and partnerships.

“With CyberCompass as a separate legal entity, we have simplified the ability for our partners so we can develop more focused leadership and meet changing market demand faster,” stated Felps.

Do you have clients in need of holistic risk management across people, processes, technology and vendors? Learn more about partnering with CyberCompass today to provide the most affordable and complete solution.

The post Announcing CyberCompass, LLC appeared first on Third Rock.

New enhancement greatly simplify managing cyber risk

Clint Eschberger — Mon, 02 Dec 2019 17:13:00 +0000

We are pleased to announce six new enhancements that make using CyberCompass® even easier:

As a main distributor of CyberCompass®, we are excited for how these new enhancements can help our customers better manage their cyber risk.

Leading edge security

Added encryption means whether you’re just working in your account, uploading documents or downloading them, all your data is secure.

Encrypted Attachment Vault:You asked, we delivered!

Seamless ability to upload multiple attachments with ease
More confidence while maintaining your required compliance documentation
Each file is encrypted for greater security
Electronically store and delete attachments at any time

Expedite User Login

Token-based authentication for faster repeat logins

New wider viewpoint with more pixels

The user view area is now wider on the web page
Increase the available real-estate on your screen
See more at one time

New Remediation Issues List Layout

New redesigned issues layout provides more information at your fingertips.
Easier to interpret results with new graphs: provides you more information on true state of the issues at a glance
Updated Issues List provides more details including:
- Threat Rank
- Last Activity
- Assignment information
- Notes Icon
Simplified filtering to get to your information faster: format and filter to get to the issue that meets your business needs

Issues View now has more flexibility to better manage

Traverse through issues using the “Previous” and “Next” buttons
Improved page layout for easier reading and updating.

Are you looking for a solution to provide holistic coverage across your people, processes, technology and vendors? Contact us today to start your journey toward cyber resilience.

The post New enhancement greatly simplify managing cyber risk appeared first on Third Rock.

CyberCompass® integrates CIS Top 20 Controls

Clint Eschberger — Wed, 02 Oct 2019 18:24:00 +0000

CIS Controls were designed to help companies follow a workflow of best practices to proactively defend againt the most common attacks known on the market. With CIS’ recent release of version 7.1, CyberCompass® now integrates these Top 20 controls . Our automated cyber risk management platform simplifies and reduces the effort for our clients needing to comply with CCPA, CIS-20, GDPR, HIPAA, NIST SP800-171, NYDFS and SECURETexas assessments.

Our risk management plan provides:

multiple assessments
prioritized corrective actions
step-by-step guides
cyber training
policies and procedures
strategic plans
vendor compliance

These and other great features will empower your organization to reduce your cyber risk.

CyberCompass® has implemented all three implementation groups, IG1, IG2 and IG3 of the CIS Top 20 Controls in the platform. We have also created IG1.5 for companies in between the IG1 and IG2 needs

If your company is expected to comply with the framework of CIS-20, call us today to plan your assessment and begin your journey toward cyber resilience.

About CIS

CIS^® (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. The CIS Controlsand CIS Benchmarksare the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals. Our CIS Hardened Images™ are virtual machine emulations pre-configured to provide secure, on-demand, and scalable computing environments in the cloud. CIS is home to both the Multi-State Information Sharing and Analysis Center^® (MS-ISAC^®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center™ (EI-ISAC™), which supports the cybersecurity needs of U.S. State, Local and Territorial elections offices. To learn more, visit CISecurity.org or follow us on Twitter: @CISecurity.

The post CyberCompass® integrates CIS Top 20 Controls appeared first on Third Rock.

Nivola HIPAA training added to CyberCompass®

Robert Felps — Wed, 04 Sep 2019 18:39:00 +0000

CyberCompass® offers a new HIPAA training by Nivola Healthcare. Specifically developed by two of the top healthcare law professionals, you get clear and concise information vital to maintaining patient security. With CyberCompass® Nivola HIPAA training, you will

gain a practical understanding for HIPAA regulations.
how to best incorporate them with your staff and throughout the practice
improve your HIPAA compliance with our built in completion tracking

The brief, engaging modules allow you to work at your own pace. With a staff driven to a shared understanding for patient privacy and security, your business gains greater compliance. It allows practices to complete the training without impacting staff productivity through its on-demand feature. By offering the training through the CyberCompass® platform, you also get the exclusive benefit of a built-in learning management system so you can easily track completion of staff members throughout their tenure with your practice – from on-boarding to annual training requirements. All your compliance reporting is easily accessible.

Note: Modules are available for specific Texas laws, including the latest HB300 requirements .

About Nivola training:

Lead by Pegi S. Block, JD and Debbie Elmore, RPh, JD, CHPC, their combined experience from the past 20 years in healthcare law provides a unique perspective to help healthcare providers avoid HIPAA fines and penalties. Before co-founding Nivola Training, Pegi represented healthcare providers both in Texas and in various multi-district litigations across the country. Debbie has represented numerous healthcare providers and medical entities in privacy and cyber law matters, regulatory and compliance matters, governmental investigations, Texas Attorney General proceedings and medical board proceedings.

The post Nivola HIPAA training added to CyberCompass® appeared first on Third Rock.

Third Rock now offers NY DFS 500 Risk Assessments

Robert Felps — Fri, 14 Jun 2019 12:30:00 +0000

Third Rock, powered by CyberCompass®, now includes the NYDFS security risk assessment required by all New York financial entities. The NYDFS Cybersecurity Regulation (23 NYCRR 500) is “designed to promote the protection of customer information as well as the information technology systems of regulated entities”. This regulation requires each company to conduct a risk assessment and then implement a program with security controls for detecting and responding to cyber events.

The NYDFS has supervisory power over banks, insurance companies, and other financial service companies. More specifically, they supervise the following covered entities:

Credit Unions
Health Insurers
Investment Companies
Licensed Lenders
Life Insurance Companies
Mortgage Brokers
Savings and Loans Associations
Private Bankers
Offices of Foreign Banks
Commercial Banks

There are some exceptions to entities that have to meet the regulations.

NYDFS requires entities to complete the following:

Risk Assessments
Audit Trail including updated policy and procedures
Incident Response Plan

CyberCompass® automates the numerous steps to completing a risk assessment with its on-demand, cloud-base software so a security risk assessment can be completed in 70% less time. It offers the unique feature to go beyond technology for information security and add the people, process and vendor compliance for information security.

“We expect what is happening in New York to happen across the country,” stated Robert Felps, CEO. “We have engineered CyberCompass to help companies meet regulations faster and require less work hours through built-in expertise and automated workflow.”

With Third Rock expertise and guidance, we work with you to use CyberCompass® to increase your compliance and manage your cyber risk.

Steps necessary to complete Security Risk Assessments	How CyberCompass® automates workflow to complete a security risk assessment with its built-in expertise.
1. Identify threats and vulnerabilities	By answering our online, on demand risk assessment survey. The questions have been specifically tailored and written in simple language to meet the NYDFS regulations and combined our cyber security risk expertise to assess your employees, processes, technologies and vendors.
2. Qualify the extent of the risk	By answering our online, on demand risk assessment survey. The questions have been specifically tailored and written in simple language to meet the NYDFS regulations and combined our cyber security risk expertise to assess your employees, processes, technologies and vendors.
3. Mitigate the risks to reduce them to an agreed and acceptable level	CyberCompass® automatically provides the corrective actions with a step by step guide that helps you ‘terminate’ the risk by eliminating it entirely, ‘treat’ the risk by applying security controls, ‘transfer’ the risk to a third party, or ‘tolerate’ the risk.
4. Update policies and procedures	CyberCompass® has a built-in template to provide you a complete set of policies and procedures.
5. Create incident response plan	A unique feature, only CyberCompass® can create the required incident response plan
6. Review, monitor and audit.	Utilizing CyberCompass® software subscription and built in notifications, CyberCompass® empowers you to manage cyber risk in one place across the entire organization.

The post Third Rock now offers NY DFS 500 Risk Assessments appeared first on Third Rock.

Ignorance is not Innocence

Robert Felps — Tue, 11 Jun 2019 14:00:30 +0000

Cyber security breaches are constantly in the news. Hundreds, if not thousands, occur across every kind of industry each year. Healthcare has consistently been a prime target for cyber criminals to gain access to personal health information (PHI) which can be sold for high profit on the dark web. In fact, 2018 marked an all-time high of $28.7 million in fines from HIPAA entities and their business associates.

In an effort to encourage healthcare organizations to better protect their patients’ information the Health Information Technology for Economic and Clinical Health (HITECH) Act was instituted, though the wording of the original bill left much open to interpretation. An element of the Act created tiers for HIPAA and breach violations. However, HHS admitted there was inconsistent language in the HITECH Act about the penalty scheme. Due to this, the penalty cap for every tier was set at $1.5 million. Commenters expressed concerns that the “penalty scheme is inconsistent with the HITECH Act’s establishment of different tiers based on culpability.”

So what is the culpability? Webster defines it as the “guilt or blame that is deserved”. HITECH tiers define it like this:

the person did not know (and, by exercising reasonable diligence, would not have known) that the person violated the provision;
the violation was due to reasonable cause, and not willful neglect;
the violation was due to willful neglect that is timely corrected; and
the violation was due to willful neglect that is not timely corrected.

Under the new payment scheme, fines will increase based on which tier your breach falls into:

Culpability	Min Penalty/ Violation	Max Penalty/ Violation	Annual Limit
No Knowledge	$100	$50,000	$25,000
Reasonable Cause	$1,000	$50,000	$100,000
Willful Neglect – Corrected	$10,000	$50,000	$250,000
Willful Neglect – Not Corrected	$50,000	$50,000	$1,500,000

This is all great and nice to know, but what does this look like in practice? It might look something like this:

You have completed a wholistic Security Risk Assessment and have made efforts to improve your cyber security. Even with reasonable policies and procedures in place, a breach still occurred.
You have certain elements of security in place, but a breach got through by a reasonable cause, such as an employee falling for a phishing scheme.
You made no effort to protect your cyber security, but worked to correct the problem after a breach.
You made no effort to protect your cyber security and did not attempt to correct it after a breach.

If you read the HHS OCR’s audit summary letters you can conclude that doing number one will keep you from being fined $50,000 for willful neglect regarding a risk assessment, but option four will land you a $50,000 fine.

Which tier best applies to you? Do you even know where to start?

Our Cyber Quick Check can have you on the path to a better understanding of your current cyber security in less than 2 minutes. Because knowing is the first step toward empowering you to manage your cyber risk.

https://cyberquickcheck.com/thirdrock

The post Ignorance is not Innocence appeared first on Third Rock.

Third Rock’s New GDPR Assessment Capabilities Expedite Compliance

Kathleen Hadaway — Thu, 26 Apr 2018 15:00:31 +0000

More than half of companies impacted by GDPR are not ready for May 25^th deadline

Round Rock, TX – April 26, 2018 – Third Rock, a supplier of cyber risk management software, announced today the launch of its General Data Protection Regulation (GDPR) Risk Assessment, the newest enhancement to its cyber risk management software to help companies become GDPR compliant before the May 25, 2018 deadline set by the European Union (EU).

GDPR applies to every company that collects, processes or stores an EU citizen’s data, regardless of sector, size and geographical location. The consulting firm Gartner estimates that more than half of the companies that are subject to the GDPR will not be in compliance this year and will be at risk for fines by the EU. A risk assessment is a required action to meet GDPR compliance regulations for protecting EU citizens’ data.

The full integration of the GDPR assessment into Third Rock’s current web based cyber risk management software platform, CyberCompass™, allows companies to quickly complete the assessment and then automatically generate a prioritized corrective action plan. Robert Felps, CEO of Third Rock, explained, “This software provides rapid benchmarking of an organization’s compliance status, prioritizes needed corrective actions, and maintains the Body of Evidence in the event of an audit by regulatory authorities. Companies can then choose to implement the corrective actions themselves, collaborate with Third Rock, or engage their current compliance consulting firm. Most companies can achieve GDPR compliance in approximately two to twelve weeks.”

Third Rock’s CyberCompass™ GDPR Risk Assessment provides a comprehensive, user-friendly experience. Most companies use a mix of forms and spreadsheets to manage cyber risk. Natan Bradbury, CEO of VITECH Pros who partnered with Third Rock to test the new assessment stated, “You don’t know how long I’ve been looking for an application like this! I’ve been cobbling together Excel and Word documents and some other tools to complete assessments.” CyberCompass™ has been documented to achieve 65% time savings compared to other assessment approaches.

About Third Rock

Third Rock specializes in simplifying cyber risk management to enable organizations to holistically assess and manage their cyber risk by engaging employees, refining processes, and hardening technical systems, creating a culture of Cyber Confidence℠. Third Rock’s CyberCompass™ software includes: HIPAA, GDPR, NIST SP 800-171, and SECURETexas assessments, along with comprehensive workstation and network vulnerability scans. Third Rock is proud to partner with Texas Medical Liability Trust and Texas Health Services Authority. Learn more at ThirdRock.com.

The post Third Rock’s New GDPR Assessment Capabilities Expedite Compliance appeared first on Third Rock.

Protect Your Clients, Your Clients’ Data, and Your Business – a webinar offered by Developmental Services Network

Kathleen Hadaway — Thu, 11 Jan 2018 21:00:29 +0000

Robert Felps, CEO of Third Rock, is proud to present a cybersecurity webinar – Protect Your Clients, Your Clients’ Data, and Your Business – for Developmental Services Network on Thursday, January 18, 2018, 10:30 am – 11:30 am PST.

Did you know your client data is worth 50 times more than a credit card number on the dark web?
A HIPAA approved client management system does not make you HIPAA compliant, nor does it completely protect your client data.
Learn steps to improve your cybersecurity and achieve HIPAA compliance easily and affordably!

For more than 15 years Developmental Services Network (DSN) has served its members as California’s only trade association dedicated exclusively to providers of intermediate care facility (ICF) services for people with developmental disabilities. DSN’s strength comes from its members who recognize the importance of working together, sharing information, conducting and receiving training, and providing critical regulatory and fiscal analysis of the activities of the various governmental entities involved in oversight and funding of the program.

Registration is FREE for Developmental Services Network members. Registration for non-members is $50.

The post Protect Your Clients, Your Clients’ Data, and Your Business – a webinar offered by Developmental Services Network appeared first on Third Rock.