The New York State Department of Financial Services (DFS) has been closely monitoring the ever-growing threat posed to information and financial systems by nation-states, terrorist organizations, and independent criminal actors, particularly against financial services organizations. In response, DFS established a set of rules and regulations...
In order to protect their supply chain and its sensitive data, the United States Department of Defense (DoD) developed a cybersecurity standard, the Cybersecurity Maturity Model Certification (CMMC). The original version has been updated to CMMC 2.0, which replaced the original requirements. While it will take...
In 2013, the National Institute of Standards and Technology (NIST) was directed to create a “voluntary framework—based on existing standards, guidelines, and practices — for reducing cyber risks to critical infrastructure.” Government agencies and contractors were required to implement cybersecurity programs defined in NIST Special Publications...
Cyber Essentials is a UK government-based scheme that helps participating organizations protect themselves, regardless of size, against a range of common cyberattacks. Cyberattacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals. They’re the...
HIPAA (Health Insurance Portability and Accountability Act of 1996) is nothing new for healthcare organizations. The legislation ensures patient data is secure and kept private due to its sensitive nature. Therefore, it’s an obvious and natural concern for the 800,000 or so organizations across the...
See if this story one of our MSP customers relayed to us sounds familiar. I could hear the fear in her voice. One of our clients, subject to the HIPAA rules, called to say she had just received a letter saying that her company was being randomly...
IT compliance management isn’t rocket science, but it does require knowledge and information specific to each industry and regulatory body that has standards so you can guarantee the client is following the prescribed rules. Failure to adhere to standards can result in fines, security breaches,...
Specific industry IT security and privacy regulations such as PCI, HIPAA and GDPR apply to millions of organizations, with more regulations being enacted every month. But even those not REQUIRED to be in compliance with any standards should act as if they are – being...
If you’re an IT professional that works for an organization covered by HIPAA -- or you’re an MSP with clients who are covered --there’s a lot that you need to know...
The financial and legal industries are among the most highly regulated in the country – typically bound to both government laws and industry regulations. Yet, financial firms expose more than 60% of all leaked records. Law firms, certified public accountants (CPAs), and financial institutions often have...