Article Library


Did you know that every 10 seconds in 2020 a new organization became a victim of ransomware? According to Verizon’s 2020 Data Breach Investigations Report, ransomware accounted for approximately 80% of incidents reported in the educational services sector in 2019.  This was a 48% increase from the previous year.


While Human Resources may not play a significant role in the assessment, the NIST SP 800-171 Security Requirement 9 regarding Personnel Security contains controls that must be implemented and, usually, only HR staff can answer them. 


It is now more important than ever for organizations to ensure all service providers are properly vetted, the appropriate contracts and agreements are in place, and the relationships are monitored and assessed on an ongoing basis.


With shrinking budgets and limited resources, many organizations can be hesitant to schedule a penetration test because of the realization that, once the test formally documents the holes in their environment, they won’t be able to dedicate adequate resources to fix them. Learn key points to consider if your organization is struggling to justify a penetration test:


Hackers are increasingly targeting endpoint devices because they are often less secure and are most likely storing valuable, sensitive data.  Reports show that 70% of security breaches originate at endpoint devices through vulnerabilities like phishing and compromised credentials or out of date systems.


Organizations are constantly changing processes and adding new vendors, various devices, cloud services, and applications to their environment. How can your organization ensure all departments are operating with at least the minimally-accepted security controls in place?


Email is consistently the number one entry point for information security threats, with 90% of breaches beginning with an email attack. How do you protect those accounts before they are phished?


As the expectation is that colleges and universities will continue to be a target of hackers, the U.S. Department of Education has emphasized the importance of taking appropriate measures to protect sensitive data and is now including the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule audit objective in the federal single audit process. Learn the GLBA Committee's roles and responsibilities.


During the initial evaluation of a potential third-party partner, merchants should understand the requirements within your organizational policy and the process for conducting vendor security evaluations. Unfortunately, some vendors may attempt to sidestep the request if they believe they are not required to comply.


new internal and external threats are constantly emerging and hackers are identifying new ways to infiltrate networks via phishing scams, malware, and ransomware. The report detailed ten common data security mistakes.


We tend to focus a lot of attention on third-party payment applications and e-commerce websites due to the increased risks and recent data breaches, but what about those third-party vendors that are physically residing on your campus? 


Asking for forgiveness, not permission, does not apply when it comes to PCI. As part of your organization’s PCI compliance program, you must have a defined process for establishing a new merchant account or a new payment process.


Whether you are transitioning to a new bank as part of a larger system or state contract, or you have contemplated shopping around for other options internally, there are several key factors that should be considered as part of your decision.


Just last week, the FBI, CIA, and HHS released a warning to healthcare providers of the threat of an imminent attack, and to remind the providers to take reasonable precautions to protect their networks from these threats. These experts stressed the importance of having documented business continuity plans in order to minimize service interruptions in the event of an attack.


​For colleges and universities involved in R&D, the switch from DFARS to CMMC is big news. The Cybersecurity Maturity Model Certification (CMMC) is enforced by the US Department of Defense (DoD) and builds upon the existing Defense Federal Acquisition Regulation Supplement (DFARS) regulation.


Typically, an organization's most important security perimeter is the company firewall and related system infrastructure, but with workers now at home, the most important defense really does become the people themselves. 

Humans are the weakest link.


With the every expanding usage of 5G, we have begun seeing major network providers stating that they will be phasing out 3G networks soon. Merchants using cellular payment card terminals will need to upgrade to at least 4G devices in order to have the necessary support and coverage for payment card acceptance. 


PIN Transaction Security (PTS) devices are those devices used by merchants at the point of interaction for capturing payment card data and confirming receipt of transaction approval.  Approved PTS devices may be a requirement from the various card brands in order to protect against fraud and ensure the secure entry and transmission of account data.


With students now spending the majority of their days online, it is never too early to teach cyber awareness to the next generation. Schools can help by mitigating ongoing cybersecurity risks and providing information security best practices within their distance learning plans. 


When you consider the complex environments of campus-based organizations, trying to manage multiple merchants with different payment channels across different locations - it is easy to understand how difficult year-round compliance can be. Learn how Drexel and Tufts Universities accomplish it.


Organizations worldwide have had to quickly figure out how to function with their entire staff working remotely and now the focus is shifting to how, or even if, we can safely re-open. With these more urgent priorities, many organizations were forced to take a risk-based approach towards compliance. What has been the impact to requirements?


The number of insider incidents has been gradually decreasing since 2016, however, the numbers are still staggering. The decrease has been largely attributed to increased employee education but what exactly are the training requirements under the Health Insurance Portability and Accountability Act (HIPAA)?


Read some of the highlights and key findings from the recently released Australian National Data Breach Report.


Many organizations utilize third-party vendor solutions to help outsource compliance and security responsibilities, but a breach of a third-party’s systems can still cause a significant headache and reputational damage for your organization.


By performing numerous remote assessments, CampusGuard has documented best practices for achieving the desired outcome.