Health care has HIPAA. Credit card merchants have PCI. But if you’re not part of these compliance-heavy industries, how can you know your cybersecurity is up to scratch?
The answer is a cybersecurity framework–a set of practices, policies, and processes that holds your organization accountable for its defenses. Security frameworks provide a calculated approach to determining risk, setting up a security strategy, and allocating security resources. They are measurable, repeatable, and used across many organizations. (more…)
With the ever-increasing number of cyberattacks for both financial gains and political purposes, companies, government agencies, and other organizations are forced to deploy and maintain an expanding depth of security controls. This has led to a breadth of oftentimes independent point solutions that aren’t driven by policies and processes and aren’t created by an experienced information security professional.
Many organizations just aren’t large enough to employ a chief information security officer (CISO), and even the ones that can afford it struggle to find qualified candidates. As a result, security falls by the wayside, becomes secondary to other IT operational concerns, and is more reactive than proactive.
That’s why virtual CISOs are growing more popular. These on-demand experts step in to evaluate, maintain, or repair your security, on-site or remotely, working as a flexible addition to your current IT team and offering the security management you may not be able to find yourself.
But not all virtual CISOs are created equal. To help you navigate the different types and functions—and whether they’re right for you at all—we’ve put together some background to guide your search. (more…)
In 2015, American businesses lost a total of $525 million to cyber attacks. Globally, that number shoots into the billions.
The risks of malicious cyber attacks have become more costly and more real. But there are steps you can take to ensure your network, devices, and data are as secure as possible. One of the best ways is penetration testing, in which you simulate attacks to uncover not only the weak points in your security, but the potential damage hackers could inflict through those vulnerabilities.
Some industries require penetration tests as part of compliance; others do them voluntarily. In either case, there are guidelines such as readiness, type, and value that need to be considered before moving forward. (more…)
Back when managed service providers (MSPs) competed on price, choosing the best option was fairly simple – it was all economics.
But now many organizations are looking for more. Price has taken a back seat to customer service and the overall support model. Companies want an MSP that can become a strategic partner, one they can go to for advice, forecasting, and help with initiatives, goals, and objectives.
That choice is only made harder by the industry’s impressive growth, which has brought a number of new market entrants. By at least one estimate of the global market, MSPs are expected to take in $230 billion each year by 2020. That’s a projected 10 percent growth rate.
If your company is planning on partnering with an MSP, finding the right one is as much about choosing a long-term ally as it is finding one for your current needs. It’s a good idea to cast a wide net in your search, and to go slow when choosing a provider. (more…)
Ransomware and cybercrime hacking have been two of the most common IT security threats in 2016, but many health care organizations aren’t ready to play defense: Only about 60 percent of surveyed organizations had the security capabilities in place to detect and remediate these attacks.
That’s problematic, of course, but is it surprising? After all, many health care organizations place more importance on HIPAA compliance than security, or they aren’t agile enough to protect themselves against the newest threat. Organizations tend to sink their energy into defending against the latest threat of the day, but lag on improving their entire security architecture. (more…)
Only 12.5 percent of e-waste is recycled— let’s change that.
The world’s largest IT hardware manufacturers all have recycling programs. You just need to know where to look. All of these programs strive for the same goal: Safely recycle or dispose of IT hardware and e-waste, saving it from landfills. Many businesses that sell IT equipment, as well as some states, run e-waste recycling programs, too.
Every program is a little different, depending on the manufacturer. So here are the recycling programs from six of the largest IT manufacturers, plus SHI’s “one-size-fits-all” approach to asset recovery. (more…)
Datacate, a regional colocation provider, was recently in the market for new colocation space, but had strict requirements: Space had to come at the right price, but timing was the wrinkle. The entire process – negotiating contracts, ordering hardware, constructing cages, and making everything ready for move-in — would have to be completed in just over a month while keeping costs down. That’s a tight timeframe for a full implementation when constructing cages alone often takes several weeks. (more…)
Lurking in every data center is an unseen enemy: dark data. This unstructured data causes surging storage costs and exposes organizations to a variety of risks.
Win the fight against dark data by developing an information governance program. This plan identifies what dark data exists, how different departments manage data, and when it can be archived and destroyed.
Let’s review the steps organizations must take to create an information governance framework, and learn how organizations can successfully execute it. (more…)
It’s not every day you find $21,000 lying around your office. And no, we’re not talking about fixing improper software licensing or avoiding a ransomware attack. We’re talking about your printers.
When one organization took a closer look at its printers, it uncovered 281 so-called “problem devices” – printers that were too old, too expensive, or weren’t being used to their full potential. Refreshing just 153 of those devices could save the company $21,000 a month. (more…)
This question will be on the final exam, and it’s one you don’t want to get wrong: Are you CIPA compliant?
We’re talking about the Children’s Internet Protection Act (CIPA), the federal legislation that requires schools and libraries to restrict access to obscene or harmful content on the internet.
It’s so important that eligibility for E-Rate funding hinges on schools’ and libraries’ CIPA compliance. They must certify that they’re enforcing a policies relating to internet safety, including blocking or filtering access to material considered obscene, pornographic, and harmful to minors.
Are your students protected? Does your school network fit the letter of the law? Here’s how to make sure you’re CIPA compliant. (more…)