New York enacts cybersecurity regulations. More states to follow.


23 NYCRR Part 500 is law Companies doing business in New York may no longer have a choice; New York legislation “23 NYCRR Part 500” is now law and requirements for minimum cybersecurity practices must be in place. Just this week, the grace period for the transition has ended and, as of February 15, 2018, covered entities are required to … Read More

Get HIPAA Compliant – The Soft and Hard Sides of HIPAA

adminHIPAA, News

If your company or organization creates, stores, accesses, or shares electronic personal health information (ePHI), you are required to comply with HIPAA regulations. If you assist these companies as a business associate, you are also required to be HIPAA compliant. The Soft & Hard Sides of HIPAA HIPAA compliance has two complimenting, yet different sides: The soft and the hard. … Read More

Identify threats and respond accordingly


Wrapping up our series, here is the 5th most critical security principle that every business should consider. Identify threats and respond accordingly Attacks come in many different forms and it’s important for businesses to be ready to detect and respond appropriately. For this blog post, we’ll focus on detecting threats from endpoints. In the previous post, we discussed the importance … Read More

Secure your Endpoints


The fourth most critical security principle that every business should employ is the securing of endpoints. Endpoints are the devices that employees use on a daily basis to conduct their work. Think desktops, laptops, tablets, and mobile devices. These devices are critical to protect because they contain sensitive business information, financial data, proprietary information, and potentially sensitive identifiable information. As … Read More

Identify and Mitigate Vulnerabilities


The third most important security principle that every business should employ is the identification and mitigation of vulnerabilities. Vulnerability assessments are a critical exercise that can help a company determine if their software, systems, and applications contain known vulnerabilities. A vulnerability is a fault that can potentially be leveraged by an attacker to compromise IT infrastructure. Specialized tools are used … Read More

Train and Test Your Employees


This is the second piece of our five-part series discussing security concepts every business should consider.  Every company, should dedicate time and resources to training and testing employees to identify, react, and respond to IT security related events. It’s no secret in the IT security industry that hackers will attempt to take the path of least resistance. Often, this involves … Read More

Develop and Assess Your Security Program


One of the most important and foundational security principles that every business should employ is the development or assessment of a security program. So, what exactly is a security program? It’s a set of guidelines expressed through documented policies and procedures that your business will follow based on security risks present to your company. As discussed in the first blog … Read More

coreSecurity: The Top 5 Security Concepts Every Business Should Consider


With the turn of the new year, many people and businesses will reflect on their accomplishments over the past 12 months and develop new goals to progress towards for the coming year. During this time of reflection, it’s important to remember what you have built and how you will move forward to protect the fruits of your labor. As an … Read More

3 Social Engineering Attacks to Look Out For


In today’s world, we are constantly on guard against thieves who continue to find new and inventive ways to infiltrate and gain access to our sensitive data. Small and medium businesses are primary targets for these attacks, as they typically do not require rigorous training to prepare employees to identify and respond to these types of attacks. Businesses spend thousands … Read More

Testing Security Awareness


Your organization’s information security program should employ a defense in depth approach to protecting your data. Part of an in-depth approach is ensuring your employees are prepared to respond to security threats when they happen. As industry professionals, we observe time and time again network breaches that begin with an unprepared employee. As your security program strengthens and your employees … Read More