Did you know that every 10 seconds in 2020 a new organization became a victim of ransomware? According to Verizon’s 2020 Data Breach Investigations Report, ransomware accounted for approximately 80% of incidents reported in the educational services sector in 2019. This was a 48% increase from the previous year.
With shrinking budgets and limited resources, many organizations can be hesitant to schedule a penetration test because of the realization that, once the test formally documents the holes in their environment, they won’t be able to dedicate adequate resources to fix them. Learn key points to consider if your organization is struggling to justify a penetration test:
Hackers are increasingly targeting endpoint devices because they are often less secure and are most likely storing valuable, sensitive data. Reports show that 70% of security breaches originate at endpoint devices through vulnerabilities like phishing and compromised credentials or out of date systems.
Organizations are constantly changing processes and adding new vendors, various devices, cloud services, and applications to their environment. How can your organization ensure all departments are operating with at least the minimally-accepted security controls in place?
As the expectation is that colleges and universities will continue to be a target of hackers, the U.S. Department of Education has emphasized the importance of taking appropriate measures to protect sensitive data and is now including the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule audit objective in the federal single audit process. Learn the GLBA Committee's roles and responsibilities.
During the initial evaluation of a potential third-party partner, merchants should understand the requirements within your organizational policy and the process for conducting vendor security evaluations. Unfortunately, some vendors may attempt to sidestep the request if they believe they are not required to comply.
Just last week, the FBI, CIA, and HHS released a warning to healthcare providers of the threat of an imminent attack, and to remind the providers to take reasonable precautions to protect their networks from these threats. These experts stressed the importance of having documented business continuity plans in order to minimize service interruptions in the event of an attack.
For colleges and universities involved in R&D, the switch from DFARS to CMMC is big news. The Cybersecurity Maturity Model Certification (CMMC) is enforced by the US Department of Defense (DoD) and builds upon the existing Defense Federal Acquisition Regulation Supplement (DFARS) regulation.
With the every expanding usage of 5G, we have begun seeing major network providers stating that they will be phasing out 3G networks soon. Merchants using cellular payment card terminals will need to upgrade to at least 4G devices in order to have the necessary support and coverage for payment card acceptance.
PIN Transaction Security (PTS) devices are those devices used by merchants at the point of interaction for capturing payment card data and confirming receipt of transaction approval. Approved PTS devices may be a requirement from the various card brands in order to protect against fraud and ensure the secure entry and transmission of account data.
With students now spending the majority of their days online, it is never too early to teach cyber awareness to the next generation. Schools can help by mitigating ongoing cybersecurity risks and providing information security best practices within their distance learning plans.
When you consider the complex environments of campus-based organizations, trying to manage multiple merchants with different payment channels across different locations - it is easy to understand how difficult year-round compliance can be. Learn how Drexel and Tufts Universities accomplish it.
Organizations worldwide have had to quickly figure out how to function with their entire staff working remotely and now the focus is shifting to how, or even if, we can safely re-open. With these more urgent priorities, many organizations were forced to take a risk-based approach towards compliance. What has been the impact to requirements?
The number of insider incidents has been gradually decreasing since 2016, however, the numbers are still staggering. The decrease has been largely attributed to increased employee education but what exactly are the training requirements under the Health Insurance Portability and Accountability Act (HIPAA)?