Business Email Compromise Protections and Recovery Actions In June of 2018, Crowdstrike published a blog post which outlines capabilities to pull forensic evidence from Microsoft Outlook after a business email compromise. Shortly after, these capabilities were removed and no longer available. We’ve increasingly been asked to assist with business email compromise and there have been a few key takeaways from … Read More
HIPAA 101: The 30-Minute Guide to Understanding Compliance
On July 18th, Rigid Bits invites agencies that sell Life and Health to join us in an overview of HIPAA and services that can simplify your compliance efforts! This July 18th, we’ll be hosting the webinar discussed below to take a closer look at HIPAA compliance requirements. Learn how to determine if HIPAA regulations apply to your business and educate your … Read More
NAIC Cybersecurity Legislation
Insurance industry regulators (NAIC) push cybersecurity requirements Cybersecurity and insurance providers share one very similar and discerning viewpoint. Our business decisions and services we provide to customers are always based on risk. We help clients understand how threats, vulnerabilities, and their impact may disrupt personal and business continuity. The National Association of Insurance Commissioners (NAIC), a regulating body, has recognized … Read More
Should Venture Capitalists calculate cyber risks before investing? The odds say yes…
VC’s investments are prime targets for cyber attacks Venture Capitalists are serious risk takers. They offer money and consultancy to new companies with potential for significant financial return. Before an injection of capital into a company a VC will analyze the company and idea to determine if their investment is worthwhile. They may calculate the potential ROI, timelines, and risks … Read More
Colorado Legislators Propose Expansion of Cybersecurity Regulations
Newly Proposed Regulations In January of 2018 bi-partisan legislation was proposed to expand Colorado’s current cybersecurity laws. The bill, Protection for Consumer Data Privacy (HB18-1128), would broaden the scope for which companies collecting and storing data must secure personally identifiable information (PII) and report a data breach. If passed, the bill will go into effect September 1, 2018. Additionally, the … Read More
New York enacts cybersecurity regulations. More states to follow.
23 NYCRR Part 500 is law Companies doing business in New York may no longer have a choice; New York legislation “23 NYCRR Part 500” is now law and requirements for minimum cybersecurity practices must be in place. Just this week, the grace period for the transition has ended and, as of February 15, 2018, covered entities are required to … Read More
Get HIPAA Compliant – The Soft and Hard Sides of HIPAA
If your company or organization creates, stores, accesses, or shares electronic personal health information (ePHI), you are required to comply with HIPAA regulations. If you assist these companies as a business associate, you are also required to be HIPAA compliant. The Soft & Hard Sides of HIPAA HIPAA compliance has two complimenting, yet different sides: The soft and the hard. … Read More
Identify threats and respond accordingly
Wrapping up our series, here is the 5th most critical security principle that every business should consider. Identify threats and respond accordingly Attacks come in many different forms and it’s important for businesses to be ready to detect and respond appropriately. For this blog post, we’ll focus on detecting threats from endpoints. In the previous post, we discussed the importance … Read More
Secure your Endpoints
The fourth most critical security principle that every business should employ is the securing of endpoints. Endpoints are the devices that employees use on a daily basis to conduct their work. Think desktops, laptops, tablets, and mobile devices. These devices are critical to protect because they contain sensitive business information, financial data, proprietary information, and potentially sensitive identifiable information. As … Read More
Identify and Mitigate Vulnerabilities
The third most important security principle that every business should employ is the identification and mitigation of vulnerabilities. Vulnerability assessments are a critical exercise that can help a company determine if their software, systems, and applications contain known vulnerabilities. A vulnerability is a fault that can potentially be leveraged by an attacker to compromise IT infrastructure. Specialized tools are used … Read More