An alternative approach to the cyber security talent shortage

Our CEO would contend there is an alternative approach to the cyber security talent shortage.  Most breaches occur because computer systems are easy to breach and people make mistakes.  Compare the number of breaches based on operating systems.  Linux and UNIX variants are more difficult to breach than Windows, especially, if you keep them patched.  Which means we need to focus some time and effort on Windows, shoring up its weak defenses.  The good news is, Windows and Linux can be hardened far m ...

How to Grow Cyber Security Awareness Heroes

The top threat facing any organization today is the staff member working from a computer!  Not because this person intends to do malicious harm to the organization, but because of lack of cyber security awareness and training.  Confirmation of this is MediaPro’s 2017 State of Privacy and Security Awareness Report in which they surveyed over 1,000 people and rated their responses to real-world cyber security questions. Respondents were grouped into 3 “risk profiles” based on their correct answers; ...

Cybersecurity and The Endless List of Compliance

I recently wrote about insurance companies raising the bar on business to protect their valuable data to acquire cyber liability insurance.  But, it's not just insurance companies that are raising the bar. Governments around the globe are now requiring all types of companies to be compliant with some type of standard to better protect the data they possess.  What many people don't realize is these standards are all based on the protection of personal/private/confidential/sensitive/valuable informatio ...

Phishing with Ransomware – Don’t take the bait!

Phishing is a hacking technique that uses phony emails to trick users into revealing sensitive account information (e.g., account password) and/or installing malicious software (“malware”). With ransomware hogging the headlines, non-technical staff may have gotten the impression that the phishing threat is over. News flash – 97% of phishing messages now act as carriers for ransomware!  (Barkly Stats & Trends) Aaghh! So now, it’s more important than ever that staff be trained to anticipa ...

Lack of Awareness – Still a Barrier to Cybersecurity Effectiveness

A recent study conducted by HIMSS Analytics and reported in the HIPAA Journal indicated that more than 78% of the IT executives, managers, and staff surveyed identified employees’ lack of security awareness as a primary concern – despite 85% of the same survey respondents claiming to have an educational program in place designed to create awareness! Clearly a one-time – or even annual – training program isn’t enough. So how can healthcare executives improve information security awareness withou ...

Why your Meaningful Use SRA is not enough

Many covered entities had a high level Security Risk Analysis (SRA) performed to "check the box" for meeting the Meaningful Use requirement.  The HHS OCR has now performed enough audits, however, to know that a risk assessment isn't enough - Covered Entities need to take corrective action. With MACRA and HIPAA both requiring an SRA and HIPAA requiring a prioritized list of risks, corrective action plans, and a risk management process, it's time to have a proper risk assessment performed and take cor ...

Knock, Knock – We’re here to perform an onsite HIPAA audit.

  Welcome to 2017.  If you haven't heard, the Health and Human Services Office of Civil Rights (OCR) will perform several hundred on-site HIPAA audits this year. The possibility of being selected is highly unlikely, but if you are one of the "lucky" covered entities that is audited you had better be ready - with all your ducks in a row. Current HIPAA training is only one duck, you need at least four more.  So, prepare to go duck hunting and get them in order sooner rather than later. Ther ...