RSI Security

Blog

  • Vulnerability Scanning vs. Patch Management: What’s the Difference?

    Vulnerability Scanning vs. Patch Management: What’s the Difference?

    In September 2017, Equifax, a consumer credit reporting agency, has suffered a major data breach that exposed the personal data of 148 million American consumers. This data breach is related to the “critical vulnerability” in the Apache Struts software that was publicly disclosed in March 2017. According to a report by the U.S. House Committee on Oversight and Reform released in December of 2018, “Equifax used Apache Struts to run certain applications on legacy operating systems. The following day, the Department of Homeland Security alerted Equifax to this critical vulnerability.”

    On March 9, the Global Threat and Vulnerability Management team of Equifax sent this alert via email to more than 400 individuals. They told anyone who had Apache Struts to apply the necessary patch within 48 hours.

    Equifax, however, didn’t apply the necessary patch. This led to the exposure of their system and data for 76 days. The report implies the need for any business to reinforce, emphasize and enhance the vulnerability scanning and patch management processes and procedures.

    Vulnerability scanning and patch management are two terms that are seemingly identical, but that is not the case. While they have a compatible relationship, they are not the same. It is important for a business to learn the difference between these terms or else it could suffer from a cybersecurity attack similar to that of Equifax.

    Let’s define these two terms and see the difference.

    (more…)

  • Email Security Tips For Employees: How to Keep Your Organization Protected

    Email Security Tips For Employees: How to Keep Your Organization Protected

    Since slightly after the dawn of the internet, many companies have transitioned to using an email client for sending regular communications in-house.  This transition has opened up a world full of productive conversations that have optimized the time of organizations large a small. Unfortunately, it also has opened them all up to increased risk.

    Since 92.4% of malware is delivered via email and that the average cost of a cyber-attack is nearly $3 million, we can see the need to spend considerably more time and resources on keeping these cyber-attacks at bay. Using your organization’s cyber resources wisely to combat these threats takes implementing a series of strategies outlined in the rest of this article. Let’s walk through the email guidelines in the workplace that employees can use to help ensure the safety and security of their company’s data.

    (more…)

  • Why Is Cyber Hygiene Important?

    Why Is Cyber Hygiene Important?

    The key to keeping your network in the clear from security threats is to remain in a constant state of perpetual forward motion when it comes to your cyber hygiene. Many modern companies rely almost exclusively on cyber functions to carry out day-to-day tasks, making it incredibly important for leadership and employees to understand how to work smarter and safer when dealing with cyber entities

    Being more cyber aware and practicing healthy cyber hygiene, is what will ultimately help you keep your business in the green when you need it most. Let’s look at the benefits of cyber hygiene and how you can begin adopting these strategies into your organization immediately.

    (more…)

  • HITRUST Scoring Guide: What is it and How Does it Work?

    HITRUST Scoring Guide: What is it and How Does it Work?

    In 2007, the Health Information Trust Alliance (HITRUST) took the world of healthcare security by storm when it introduced a framework that does not only protect sensitive information but also manage risks for global organizations across third-party supply chains. 

    Technically-speaking, the HITRUST Common Security Framework (CSF) characterizes and transforms HITECH and HIPAA requirements into a standard functional procedure which is subsequently documented and compared to other data privacy and security regulations. 

    This allows healthcare organizations to effectively cultivate compliance and be able to meet an extensive range of regulatory requirements. Apart from bringing together HIPAA and HITECH, the HITRUST CSF also boasts globally-recognized security standards such as PCI, COBIT, FTC, ISO, Red Flags, and NIST which work together to take a visionary approach to risk mitigation and data protection.

    (more…)

  • Best Practices For FINTECH Compliance

    Best Practices For FINTECH Compliance

    Today, you can snap a photo of a check and deposit it without ever leaving your couch, making banking and investing more convenient than ever. This revolution is largely thanks to the rise of Financial Technology or Fintech. Fintech’s impact reaches beyond ordinary people, allowing companies to improve operational efficiency and customer convenience.  With this new technology comes a greater responsibility to protect consumers’ financial and personal information by keeping up-to-date on Fintech compliance regulations

    Are you a financial institution or startup trying to achieve Fintech compliance? Read on to find out how to comply with the rules and regulations. 

    (more…)

  • HITECH Enforcement & Penalties

    HITECH Enforcement & Penalties

    When you’re sick and at the doctor’s office, you have to reveal a lot of personal information for the physician to properly treat you. Within your file contains your demographic information, your personal medical history, mental health, tests and lab results, insurance information, and more. All of this falls under a specific category called protected health information (PHI).

    In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA) in order to protect patients’ PHI. Privacy and security weren’t the only topics covered in HIPAA. It also addressed health insurance prices and changes, encouraged the use of electronic health records (EHRs), and developed the groundwork for a national healthcare standard.

    HIPAA was amended — rather, bolstered — in 2009, when Congress passed the HITECH Act. It addressed many of the problems arising from HIPAA and helped bring the framework into the 21st century. It also brought with it harsher penalties for HIPAA noncompliance. To avoid these fees, healthcare providers and their business associates must understand the HITECH Act penalties and enforcement.

    (more…)

  • What Is HITECH?

    What Is HITECH?

    When asked about the Obama administration’s efforts to reform the American healthcare system, most people will think of the Patient Protection and Affordable Care Act, also known as “Obamacare.” Many forget or fail to realize that a year prior to the ACA’s creation, Congress had already passed the largest healthcare reform measure in decades in the form of the Health Information Technology for Economic and Clinical Health Act (HITECH). 

    One of the reasons why HITECH’s addition went mostly unnoticed and unremarked is that it was a subsection of President Obama’s American Recovery and Reinvestment Act of 2009. Few realized that this stimulus package introduced sweeping changes to the healthcare industry that had far-ranging impacts on the relationship between patients and providers, especially pertaining to healthcare provider treatment of private health information. 

    Do you want to know what is HITECH in healthcare and how it protects your private information? Read on to find out. 

    (more…)

  • How to Make Your Website GDPR Compliant: A Step By Step Guide

    How to Make Your Website GDPR Compliant: A Step By Step Guide

    A website is like the cover of a book. The first thing a customer searches for is a company homepage and, like a book, if it is eye-catching, it warrants further investigation. For this reason, many companies invest heavily in website development, seeking to make their site clean, easily navigable, and, above all, able to capture and retain the attention of potential customers.

     However, in the process of developing a stellar website, security can sometimes be overlooked, particularly when it comes to complying with new privacy, consent, and transparency standards. 

    Is your website compliant with General Data Protection Regulation Standards? Find out now with our GDPR website checklist.

    (more…)

  • Cyber Security Resilience Framework: How to Get Started

    Cyber Security Resilience Framework: How to Get Started

    Cyberattacks and data breaches have now been putting organizations at risk. This is why data security has become the global goal of organizations because data is one of their most valuable assets. It is crucial to an organization to detect, prevent, and recover from cybercrimes — that is why cybersecurity resilience should be the best defense.

    In 2013, President Barack Obama signed an Executive Order requiring organizations to develop a cybersecurity resilience framework to reduce cyber attacks against critical infrastructures. According to the Executive Order, the cybersecurity resilience framework “shall include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks.”

    Therefore, an organization must develop a cybersecurity resilience framework to aid itself in identifying, assessing, and managing when cyber breaches occur.

    (more…)

  • What Is Cyber Resilience and Why Is It Important?

    What Is Cyber Resilience and Why Is It Important?

    It’s hard to imagine life without information technology in this digital age. From business experiences such as selling and buying shares to personal encounters like posting details and photos on social media, information is disseminated incessantly around the cyberspace. It has given the society the chance to become more connected and economies more prosperous. However, just as every system comes with risks, the security of cyberspace information is crucial to every enterprise or organization.

    Risks like cybersecurity breach or cyberattacks can cause companies severe damages. These attacks may attempt to destroy, expose, or obtain unauthorized access to computer networks, personal computer devices, infrastructures, or computer information systems.

    According to a study conducted by the University of Portsmouth, 43% of businesses and 19% of charities represented in the study experienced cyberattacks in 2018. In the UK, more than 2 million businesses or local firms became victims of different forms of cybercrimes and caused damage to £29.1 billion.

    This alarming rate of cyberattacks is the reason why companies should be equipped to manage such risks. Moreover, these attacks could have been dealt with if those businesses have better cyber resilience.

    (more…)