Third Rock

CCPA enforcement has begun

Cathy Diehl — Mon, 20 Jul 2020 13:19:47 +0000

The California Attorney General’s office recently confirmed that July 1 remained the start of enforcement for the new California Consumer Privacy Act (CCPA). The office has already sent it’s first round of compliance letters to businesses, giving them 30 days to cure any violations before facing an investigation or lawsuit.

With the disruptions that occurred due to the COVID-19 pandemic in the United States, many may have thought CCPA would be pushed back to allow businesses to deal with other issues. However, with the exponential increase in cyber threats, better data protection is exactly what we need.

The focus of CCPA is giving consumers more control of their data. Consumers must be clearly notified when their data will be collected, have the option to opt out, request information about how their data is used and sold, and require their data to be deleted.

There is also a provision for consumers to bring allegations against a company if they feel their data was not properly managed. Though some small lawsuits have been filed, one of the largest to date was recently brought against Walmart by a San Francisco resident, claiming they “Failed to implement and maintain reasonable security procedures and practices”.

Will this set the tone for businesses to be sued by customers looking for a payout? Hard to say but no doubt there will be many more complaints and lawsuits. Is your business both complaint and protected? Our CCPA compliance packages offer a range of services to meet your needs rapidly and protect your business. Contact us today.

The post CCPA enforcement has begun appeared first on Third Rock.

Taylor Hersom added to CompTIA Cybersecurity Advisory Board

Kathleen Hadaway — Tue, 14 Jul 2020 18:10:36 +0000

Taylor Hersom, Vice President of Business Development for CyberCompass® and head of virtual services for Third Rock, has been asked to serve on the very prestigious CompTIA Cybersecurity Advisory Board (CCAB). CompTIA is the world’s leading tech association as well as a thought and action leader. CCAB addresses many of the most pressing cybersecurity concerns facing business and government. The board works to identify opportunities for CompTIA to develop cybersecurity initiatives that advance our nation’s cybersecurity readiness. In addition, the CCAB assesses current CompTIA activities relating to cybersecurity and recommends how to integrate those efforts with other thought leaders on the topic, while also identifying gaps in the cybersecurity ecosystem that CompTIA might consider filling.

Hersom will be working with thought leaders from higher education, legal and cybersecurity fields. The CCAB’s main purpose is to provide a venue where these members can discuss the most critical issues the industry faces, leading to prioritized projects and actionable results. Recently, CompTIA has been actively involved in working with Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to maintain critical functions throughout the COVID-19 pandemic (see full article here) as well to providing thought leadership with emerging transformational technologies such as 5G. See all of their latest news and press releases.

The post Taylor Hersom added to CompTIA Cybersecurity Advisory Board appeared first on Third Rock.

Is it time for an upgrade?

Robert Felps — Tue, 16 Jun 2020 15:30:00 +0000

When it comes to the cybersecurity of our devices, many of us turn a blind eye because the complexity can seem overwhelming. Questions like:

What operating system are you running?
Do you have anti-virus AND anti-malware security?
What’s the difference between anti-virus and anti-malware?
When was your last update?

The list can be longer, but a few “I don’t knows” will make anyone stop wanting to try. Keeping your operating system, antivirus and antimalware up to date is your best front line defense for cybersecurity. Vast improvements have been made to make it easier and less complicated for your PC or Mac to stay well protected. Here is a simple step by step guide to check your computer status.

Windows Users

The operating system of most PCs is Windows. That’s the easy part. The important question is, what version of Windows is on your computer? To find out, follow these simple steps:

Hold the Windows logo key + R. A search box appears in the bottom corner of your screen.
Type winverin the Open box, and then select OK.
A new box will pop up showing you the version of windows your computer is running.

I’ll give you a minute to check it out.

If your box shows anything other than Windows 10, you need a major upgrade.

Mac Users

Macs are believed to be inherently safer than Windows because of the operating system. However, cybercriminals are not shying away from finding loopholes to attack your Mac. You still need diligence and the most up-to-date OS for best protection.

From the Apple menu in the corner of your screen, choose About This Mac.
You’ll see the macOS name followed by its version number.

What is the latest version? As of the day of this publication, macOS Catalina 10.15.5 is what you should see. You can reference Apple support for the most up to date list here.

How to update your Windows computer

So you need an update. Let’s look at options.

For Windows 10 users, updates to the operating system are pushed through from Microsoft. Follow their directions (click here) to make sure you have Microsoft Updates configured correctly to keep your PC updated automatically or at least with reminders.

Windows users running anything less than Windows 10 should visit Microsoft’s site (click here) to evaluate the best next step. Your out of date operating system is at very high risk for a cyber breach.

If your device is too old, it may not have the built in features you need to run Windows 10, meaning you will need a computer upgrade. If it is compatible, you will have to purchase the new operating system. Whatever your need, check with your IT department before you purchase. You may be able to get the upgrade from them if you use your personal computer for work purposes.

How to update your Mac computer

For Mac users, updates to the operating system are pushed through from the Apple. Follow their directions (click here) to make sure you have updates configured correctly to keep your computer updated automatically or at least with reminders. If you are running an older device, at some point the company updates will not be compatible. If that is the case, you need to contact your IT point person about upgrading your computer or consider purchasing a new Mac. Your out of date computer is at very high risk for a cyber breach.

Benefits of Updating = Cost savings for you and your company

If you want to tap out because I just mentioned spending money, stay with me a little longer. The number one reason to have the most up to date operating system is the built in security. While nothing will be full proof, Windows and Apple are constantly learning of threats and vulnerabilities. They create patches and protections to stop cybercriminals from getting in. The catch is that they only do this for their latest product.

While it might cost some money upfront, you will save money too. For years, the expectation was that you needed to purchase a 3^rd party software to protect your computer from being infected with viruses and malware. That is no longer the case. Both Windows 10 and macOS systems have built in antivirus and anti-malware software. When compared to 3^rd party options, the difference in security level is minimal. There is a slight argument for layering your protection, but that is not a guarantee to block everything. If you want to read more about this, Windows users can click here and Mac users can click here.

More importantly, a breach can cost your company dearly. In fact, 60% of small businesses go out of business within six months of falling victim to cyber crime. Cybersecurity is not about latest technology, it is about safety of your customers and company data.

The Human Firewall is Required

Mike Moran, with Third Rock, put it this way; “Vigilant employees are still the best defense. If you are running Office365, assume that it is only going to catch 40% of the bad things coming through, you still have to be smart enough to recognize the other 60% and not click on them.”

No matter how much you pay for antivirus, anti-malware and top of the line cybersecurity, you still have to be a smart user. Use best practices for passwords that are hard to crack, tips to recognize phishing attempts and smart choices when searching the internet. You can’t prevent a breach, but you can reduce your chances. Train ALL of your employees at least once a year on cybersecurity awareness.

Download our Cyber Hygiene Checklist for updating your device to share with friends, family and coworkers.

Download now

The post Is it time for an upgrade? appeared first on Third Rock.

A Resurgence in Pretexting scams

Robert Felps — Fri, 15 May 2020 12:35:26 +0000

Cybercriminals continuously modify to match the “market”: namely you, their targets. Scams cycle in popularity based on their effectiveness with current trends. With “new” remote workforce, we are experiencing a resurgence in pretexting. The lack of personal interaction is making it easier for cybercriminals to impersonate coworkers and company representatives in order to steal your money and your private information.

What is it?

Pretext means false motive. Pretexting is defined as the practice of presenting oneself as someone else in order to gain private information. A scammer attempts to build a connection in one of two ways: impersonate someone you know, such as a coworker, or fabricate an identity of a worker from a trusted company. No matter the means, their end goal is to steal your private information. Unlike a hacker who goes in the back door to steal without you knowing, a good pretext scam has you willingly give them what they want.

A cybercriminal contacts HR impersonating a worker. They inform HR that their bank account information has changed and they need to update the information for their direct deposit. Without proper verification, HR begins sending paychecks to a criminal.

An IT representative calls you saying there have been small breaches on company computers. He needs to remotely access your computer to ensure all cybersecurity protocols are in place on your company device. Since everyone is working remotely, he can’t have you bring your device in, which is normal procedure, so this is the next best option. You give him your IP address and he has access to control your computer. You see random windows beginning to pop up and realize too late he is stealing your information.

How does this scam work?

A successful pretexting scam is built on trust. The scammer represents themselves in a legitimate way, gains your trust and then asks for the information they are looking for. Believing you are talking to a real representative, you give over your information willingly. The scammer takes their time researching the target (you) which allows them to build a persona that will have the most chance of success. Some tools of successful pretexting include:

Connecting with target over similar interests
Keep the scam simple – no complicated reasons or requests
Create a trusted character
Ask for target’s information under the guise of verification
Uses logical conclusions or follow through for the target

How is it being used?

The scam is built on luring you into trusting through impersonation. Cybercriminals use just enough information to make you think they are legitimate so you willingly provide them information. The recent Facebook challenge is a great example. In support of high school seniors who are not getting a normal graduation, people were challenged to post their own graduation pictures. The Better Business Bureau warned this was an opportunity for cyber criminals to find personal information about your high school, age, and school mascot to be used against you. Read more here

An employee in the finance department received a request to transfer a large sum of money to a vendor. Thinking it was from a legitimate client, they authorized the transfer without verification. It was later discovered that the request came from a cybercriminal impersonating the client.

Defend yourself and your company:

Limit the personal information you post on social media
- Remember that these scams involve researching the target. The more information you willingly post, the easier it is for them to create a character that will connect with you
Go to the source
- If a representative from a company contacts you either in person, on the phone or via email, verify their identity directly with the company. If someone shows up at your house, find the corporate company’s phone number and call from your personal phone. It may seem rude and take longer, but you could be protecting yourself from a scam.
Never give out personal information
- Real company representatives will never ask you for your password, full account numbers or credit card numbers. General conversations that steer in a direction asking too many personal questions about your family and job should be a red flag. You can decline answering in a polite way while not giving away information.
Protect your organization
- Do not give out company information, even if the requester appears to be from within the company. Know your company’s procedures for how they communicate when there is an issue, or they need information from you.

Get a copy of our checklist to share with friends, family and coworkers

Download now

The post A Resurgence in Pretexting scams appeared first on Third Rock.

Cyber Safety for working at home

Cathy Diehl — Thu, 23 Apr 2020 18:20:32 +0000

Our work environments have been turned upside down. We are all in a place of creating new work routines. Having left the cyber safety net of a central office designed to protect company cybersecurity, IT departments are juggling a dispersed workforce while maintaining cybersecurity standards that protect private data.

Before COVID-19 forced a remote workforce, anywhere from 60 – 90% of breaches were caused by human error. We are seeing cyber criminals take advantage of extra vulnerabilities created with employees working from home. Cybersecurity is no longer just an IT thing. Protecting your company and their private data has never been closer to home, literally. Mistakes that could hurt the company start on your own network, which could also affect your personal security. Your business, IT department and your family are relying on your vigilance to be cyber safe.

Cyber safety habits to put into practice

Separate work and personal devices
If your company provides you a device, use it only for work purposes. Have a separate device for family and personal use. If separate devices are not a possibility, create separate profiles with different security settings. Use your work profile only for work purposes. If you have children who need to use the same computer, create separate profiles with parental controls that limit their ability to access and/or download content that could infect your computer.

Lockdown your device
You may feel that your device is physically safe in your home office, but you still need to protect data safety. Set a unique password for your device and lock it every time you walk away. If you are using one device for multiple profiles, have a private, unique password for your work profile that no one in your household can access. This is good practice for after quarantine as well.

Be wary of add-ons and downloads
There are many add-ons and extensions that promise to make your work run faster, smoother and better. Be cautious of downloading these onto your device. Many contain malware that give hackers access to the data on your computer. If you then link to your company network, they could gain access there as well. A good cyber safety practice is to research on trusted sites before downloading a new program or add-on.

Use company approved sharing sites
With your entire team working remotely, there is a greater need to communicate digitally. It may be more comfortable to use data sharing platforms you are used to, they may not be the most secure. Only send private data through company approved sharing sites.

Know signs of a breach

Preventative measures are important to cyber safety, but breaches are still possible. It’s important to know what signs to look for in the event of a breach.

Increase in unwanted pop-ups
Pop-ups are a widely seen by-product of malware. If advertisements or system pop-ups begin appearing outside of any program, you may have been infected.

Processing slows down
Is it taking longer than usual for your computer to boot up or for programs to load? Viruses and malware run in the background, slowing down the programs you are attempting to run.

New programs appear
Computers do not add content on their own. If a new program, app or internet add-on appears on your computer, you may have a virus that inserted content onto your computer.

How do you handle a potential breach?

Report it!
Inform your IT department of what you are experiencing. Send screen shots of error messages, pop-ups and other unwanted content. Be specific about when it started happening and what is going on.

Don’t click
Never click on suspicious content, even to try and close pop-up windows. Malware is the gateway for a virus. Clicking on the content can give them access to the data they are looking for.

Scan with anti-virus software
Company devices should be equipped with anti-virus software. If your company does not provide a device, get with your IT department about them providing access to anti-virus software. While it should do scans in the background, if you notice any of the above issues, tell it to run a full system diagnosis.

Don’t access private data
Until your issue has been resolved, do not attempt to access the company network or open any private data. If a hacker is monitoring your computer through malware, you run the risk of giving them access to that information.

While human error will never be eliminated, we can all take steps to increase our awareness and cyber safety to lower our risk.

Want a reference to share with family, friends and coworkers? Download our checklist to make your most secure home office environment.

Download your checklist

The post Cyber Safety for working at home appeared first on Third Rock.

Third Rock welcomes Taylor Hersom in dual roles

Kathleen Hadaway — Thu, 16 Apr 2020 18:14:41 +0000

Round Rock, TX, April 15, 2020 – Third Rock, a cybersecurity and compliance firm, and creator of CyberCompass® cyber risk management software, is excited to announce the addition of Taylor Hersom to its team to serve in a dual capacity. Mr. Hersom will be heading up CyberCompass® distribution channel development. His specific goal will be to help operationalize channel partners in translating cyber risks to better market their cybersecurity solutions, stated Robert Felps, CEO of Third Rock and CyberCompass® LLC.

Mr. Hersom’s previous experience was with Deloitte risk management practice. He recently served in helping lead business development for a cybersecurity firm that promoted CyberCompass®. His background provides a unique set of skills in translating how cyber risk management can drive the optimization of cybersecurity and compliance solutions. Mr. Hersom has been using CyberCompass® for over a year with his previous customers. “Most cyber risk management tools focus on technology, so that leaves companies with a false sense of security and lack of insights into their cyber risk. I have worked with several software applications, and I haven’t seen anything with the potential and power of CyberCompass® to deliver a complete 360-degree integration across people, processes, technology, and vendors,” said Hersom.

“We are excited to add Taylor to our team, especially during this time when businesses need our help in getting higher levels of cybersecurity and compliance quickly,” stated Felps. “Taylor brings a depth of knowledge and unique insight to rapidly improve our automation and usability in assessing cyber risk, managing remediation, and ultimately improving their cyber protection.”

Hersom has also been tapped to lead Third Rock’s virtual services growing practice. Third Rock developed CyberCompass® software to provide faster, more complete cybersecurity and compliance at an affordable price. Given the impact on businesses with COVID-19, Third Rock clients are seeking to have virtual Chief Information Security Officer and virtual Chief Compliance Officer expertise as they quickly transition their businesses and improve cybersecurity with a dispersed workforce. “Having Taylor lead our virtual practice within Third Rock allows him to be involved with understanding client needs as they change and translating those needs to CyberCompass® enhancements,” stated Felps.

About Third Rock

Third Rock is a cyber risk and compliance management professional services firm. Based in Round Rock, Texas, Third Rock services include risk assessments, remediation, and rapid incident response in less 65% less time than other firms. Third Rock built a turnkey, simplified, best in class cyber risk management, cybersecurity and compliance software CyberCompass®.

About CyberCompass® LLC

CyberCompass® cloud-based software empowers and enables businesses to manage and monitor their cyber risk at a holistic level. It is the only cyber risk management and compliance software with one assessment to meet multi standards for both cybersecurity and government privacy regulation such as HIPAA, CCPA, and GDPR. The platform includes tools and guidance for hardening an organization’s IT systems, refining their operational processes, engaging employees with cyber training, and managing vendor compliance. Excess Line Association of New York (ELANY) offers a complimentary subscription to CyberCompass™ for active members to become compliant. CyberCompass®, LLC was recently established as it’s own legal entity.

The post Third Rock welcomes Taylor Hersom in dual roles appeared first on Third Rock.

Cyber Protection as Your Business Deals with Social Distancing

Cathy Diehl — Tue, 10 Mar 2020 12:00:00 +0000

Cyber Safety Tips for Businesses When Employees Work from Home

With the threat of the Coronavirus, many companies are allowing or requiring employees to work from home. If your company deals with protected information such as healthcare, financial, consumer or personal, you should have policies and procedures in place to protect that data within your normal work environment. However, having your work force suddenly need to access this information from home may not be normal. Systems may be overloaded, sensitive information distributed in a way that you never anticipated and lines of communication disrupted. Do your policies and procedures cover such a situation, like a pandemic? Here are 6 tips to best protect your business and your clients.

Train Your Employees

We are not talking about the once a year standard, boring videos people half heartedly watch so they can print off a certificate proving they did it. Your employees must know key elements of cyber safety that they are regularly reminded of. If nothing else, make sure they know these 3 things.

Anticipate phishing and spear phishing attacks. Word will travel fast that everyone is working from home. Hackers will recognize you are vulnerable and try to take advantage of it. Tell your workforce to anticipate phishing and spear phishing attacks that will attempt to take advantage of pandemic fears. Give visual examples, have your IT on high alert searching for phishing attempts and contact employees immediately when one gets through your firewall.
Do not access sensitive information on unauthorized devices. The biggest culprit: cell phones. Have policies about what devices they are allowed to use to remotely access information and make sure they know. Never store sensitive information unencrypted on a portable device.
Do not access sensitive information on unsecure networks. Like working from Starbucks because they have free WiFi? That may be fine for personal use, but not when you’re accessing sensitive information. Public WiFi makes it easy for a hacker to infiltrate your computer, stealing the information you accessed.

Determine Critical Processes and Access Control

This is a key component to any Pandemic plan. Who is authorized to access sensitive information, and how do you ensure they can actually access sensitive information in a highly distributed environment? Minimize your exposure by controlling access to data. Not everyone working from home needs access to sensitive information. Make sure you lock down access to only essential employees. Follow through by monitoring who is accessing data, what they are accessing and why.

Multifactor Authentication

For those employees who need to access sensitive information, require multifactor authentication every time they remotely access a private server. This is an easy step to implement that can have a big impact on keeping cyber criminals out. Explain to your employees why the two-factor authentication is an important safety capability.

Network Access Control

While you should train your employees not to access sensitive information on unsecure networks (see tip #1), you can implement access controls that actually block a user if they do not meet a certain level of security. You should implement a Virtual Private Network (VPN) which provides higher security for your workers using their home and/or public internet that are not secure. It’s fairly easy and inexpensive to implement. For more information on VPNs, click here.

Encrypt Data

If information is stored locally on a device, make sure it is encrypted. Portable devices are often stolen that contain sensitive information. A simple step of encryption protects your clients’ information and protects you from hefty breach costs and fines.

Provide Company Devices

Laptops and cell phones should always be running the most up to date version of an operating system available (i.e. Windows 10 vs Windows 8). They should also have up to date firewall protections and antivirus software. If employees are permitted to use personal devices, it is difficult to ensure these protections stay up to date. Providing company devices that are properly configured and regularly updated help strengthen the barrier against cyber criminals.

Protection doesn’t have to be complicated, but it does have to be intentional. Simple steps taken by the company and the employees can go a long way. While we want to stay physically safe through this wave of the Coronavirus, let’s make sure we stay cyber safe too.

Concerned if you have the right precautions and planning in place? Contact Third Rock at info@thirdrock.

The post Cyber Protection as Your Business Deals with Social Distancing appeared first on Third Rock.

Third Rock moves to new office

Robert Felps — Mon, 24 Feb 2020 19:58:00 +0000

Since 1995, Third Rock has been creating solutions to help businesses navigate the confusing world of cybersecurity and compliance. We took our combined knowledge and years of experience to build a better way to manage cyber risk.

As our business continues to grow, Third Rock is on the move. In order to better serve our local clients, Third Rock is upgrading its office space. With more room for conferencing, we are ready to help your business work toward cyber resilience. Contact us to set up a time to talk about starting your journey toward Cyber Confidence.

595 Round Rock West Dr Suite 401, Round Rock, Tx 78681

The post Third Rock moves to new office appeared first on Third Rock.

EXEMPT is not a FREE PASS with 23 CRR 500 NY DFS

Robert Felps — Fri, 31 Jan 2020 15:00:00 +0000

Exempt. When we hear that word, we think about being “off the hook” or that we have immunity. We feel free of meeting the same expectation as someone else. We’ve escaped fulfilling requirements.

Not so fast! If you’re an insurance broker with clients in New York, the NY Department of Financial Services (NYDFS) 23 NYCRR 500 cybersecurity regulations still apply to your company. Exempt means most brokers, bankers and all other financial service organizations need to complete a risk assessment and attest to them before April 15, 2020 to avoid fines and penalties.

I’m a small, exempt, business. Why is compliance important?

Often times, small to medium sized companies get the raw end of the deal when it comes to compliance. Higher expectations usually mean more money and more personnel, which is easier said than done.

NYDFS recognizes how cybercrime is wreaking havoc on the financial industry. They want even the smallest companies to have basic security in place to best protect their clients and themselves. Why? Cyber criminals know small and medium sized companies tend to have lower security in place, making them a perfect target. In fact, according to Verizon’s Data Breach Report, 43% of cyber-attacks targeted small businesses. NYDFS is leading the nation in getting the industry more cybersecure at all levels.

IT manages our cyber risk, right?

This is where the false sense of security is with many insurance brokers and organizations. Most IT departments or Manage Service Providers (MSPs) are focused on technology and data access. They don’t know if you are conducting cyber security awareness training for your employees or if you have accurate security measures in place for vendors.

NYDFS wants businesses to move to a holistic and vigilant approach by building a cyber resilient culture that goes beyond technology. To outpace the cyber criminals, you must create a culture of cybersecurity within your company that covers your people, processes, technology and vendors.

Not sure of your next step? Here is a break down and what you need to do before April 15, 2020:

Compliance starts with knowing your risk across your organization

All financial services, regardless of size, must do the following to design and implement a cybersecurity program to meet regulations.

1 – Conduct a proper risk assessment that covers 14 topics around people, processes, technology and vendors.

2 – Make sure you have policies, procedures, and documentation that covers the 14 areas.

3 – NYDFS requires documentation for several plans: (Make sure you check with your IT and/or IT provider you have to make sure these plans are available regarding cyber breach!)

Risk Management Plan	Outlines what you are doing to prevent cybercrime, improve cybersecurity and information protection and reduce cyber risk
Incident Response Plan	Details action to respond to an incident across your organization
Business Continuity/Disaster Recovery Plan	Details actions to minimize and recover from a breach across your organization
Breach Notification Plan	Defines who you need to notify, when to notify and how to notify to avoid penalties and limit liabilities

Lacking resources, time and expertise to get NYDFS 500 compliant by April 15, 2020?

We understand that compliance can feel overwhelming. It seems expensive, difficult, and almost unattainable. The deadline looks like a huge mountain you have to climb. At Third Rock, we offer CyberCompass®, a self-guided automation tool to make your compliance journey easier and affordable while still meeting the deadline.

CyberCompass® is automated, cloud-based compliance software with built-in expertise that translates NYDFS government requirements into layman’s terms. It does most of the heavy lifting for your risk assessment, analysis, remediation and compliance documentation- including updated policies and procedures and all the required plans. There is no software to download or install and it can be accessed anywhere. Click here for a quick video about how CyberCompass® works with NYDFS compliance. Note: If you are an ELANY member, check out this CyberCompass® offer to ELANY members!

Need assistance and want a compliance coach? Third Rock offers affordable expertise to help you get to the deadline. Don’t let cyber uncertainty keep you from protecting your business and your clients. Contact us today and see how we can prepare you for the NYDFS deadline and to best protect your clients and business.

The post EXEMPT is not a FREE PASS with 23 CRR 500 NY DFS appeared first on Third Rock.

Announcing CyberCompass, LLC

Cathy Diehl — Wed, 01 Jan 2020 16:45:00 +0000

Since 1995, Third Rock has been leading in improving privacy compliance and cybersecurity affordably. Starting with HIPAA compliance and seeing how healthcare was strapped with only spreadsheets as their only tool, Third Rock developed automation tools with built-in expertise to move their clients to faster and more complete cyber risk management.

“Healthcare organizations are highly-targeted by cyber threats yet have the lowest utilization of risk management software to help manage their risks.” stated Robert Felps, Third Rock CEO.

CyberCompass® cloud-based platform was born as a solution to automate the workflow and provide the navigation needed for businesses to protect themselves today and stay current as the cyber landscape and privacy laws evolve. Third Rock quickly saw that its solution was adopted by Texas Medical Liability Trust, the largest insurer of physicians in the country, Texas Health Services Authorization with its SecureTexas certification, and Texas Medical Association.

With the enactment of privacy laws and the expansion of the tool into other industries, CyberCompass has gone through significant and more user-friendly enhancements to save companies up to 70% of work hours. The most powerful enhancement is the capability to do multiple regulations with one streamline assessment. Excess Line Association of New York is currently offering CyberCompass as a free membership benefit so insurance brokers can meet New York Department of Finance 500 cybersecurity compliance certification. CyberCompass includes the following privacy and cybersecurity regulations: CCPA, CIS-20 GDPR, HIPAA, NAIC 668, NYDFS 500, NIST 171 800, and numerous state regulations.

Seeing the increased demand for the software and its ability to simplify cyber risk management, streamline privacy compliance and improve cybersecurity holistically, CyberCompass, LLC becomes effective on January 1, 2020. Spinning off as a separate entity, CyberCompass as well as its other tools such as CyberQuickCheck, will have greater flexibility to establish various distribution opportunities through resellers, value added resellers, strategic alliances, and partnerships.

“With CyberCompass as a separate legal entity, we have simplified the ability for our partners so we can develop more focused leadership and meet changing market demand faster,” stated Felps.

Do you have clients in need of holistic risk management across people, processes, technology and vendors? Learn more about partnering with CyberCompass today to provide the most affordable and complete solution.

The post Announcing CyberCompass, LLC appeared first on Third Rock.