Blog

Cyber Security Data Protection Plan For The Cannabis Industry

The cannabis industry has been booming recently due in part to legalization legislation that has helped to alleviate barriers to market entry. Recent trends tell us that the cannabis marketplace is projected to grow at a staggering rate from $10.3 billion in 2018 to $39.4 billion by 2023. With more and more states opening up their borders for marijuana, many businesses are looking to technology to manage this increase in customers.

As of November 2018, 10 states have legalized recreational cannabis while 33 have approved it for medical uses. As more states are opening their borders to legal cannabis, business owners are beginning to become more digital in their endeavors thanks to this newfound legalization. But digitization isn’t all good if you don’t have a cybersecurity plan to protect your data.

Brands that are able to infuse innovative technology into their network infrastructure can use it to analyze and predict valuable consumer trends that will enable them to make critical decisions in the future. Having a cybersecurity plan in place to supplement this type of innovative undertaking is what will help your cannabis business thrive. Let’s look into the specific areas of interest that you should be focusing on when cultivating your cybersecurity plan and which proactive measures you need to take to avoid being a victim of a cyber-attack.

(more…)

July 17, 2019
What is Service Organization Control (SOC)?

Service Organization Control reports (SOC), in a nutshell, help companies with various aspects of their business. Essentially, these reports outsource different responsibilities within a business, like payroll, medical claims processing, document management and much, much more. Typically, they are aspects of a business that a company or “user entity” is not capable of doing as well as the service organization. It also allows the company or “user entity” to concentrate on other facets of their business. These reports come in various types based on the type of work the user entity does.

In this article, we’ll discuss the different types of reports in detail, as well as why you might choose one Service Organization Control report over another. To best understand how it works, it’s important to make sense of the system that came before SOC. Prior to the implementation of Service Organization Control, CPAs used a system called SAS 70.

(more…)

July 12, 2019
Security Strategies for BYOD in the Workplace

As businesses continue to move at the speed of light in every possible direction, employees must be able to keep up with the expectations presented to them. As such, in an attempt to be more lean in their operational efficiencies, many companies are opting to allow employees (from new hires to executives) more flexibility with the types of devices they use in the office. This innovative approach to business takes its form as a Bring Your Own Device (BYOD) in the workplace policy.

Although this allows companies the freedom to pivot freely without the need to carry unnecessary overhead expenses at all times, it does come with the tradeoff of leaving holes in your network security. If you don’t take the necessary steps to deter a data breach at any possible point of intrusion, it could spell disaster for your organization in the future. Let’s look closer at what BYOD is all about and how you can limit vulnerabilities and prevent a breach from occurring in the future.

(more…)

July 11, 2019
What Are SOC 2 Trust Service Principles?
As a business owner, you are always looking for ways to set yourself apart from the competition. It may be that your exceptional service, incredible products, or perhaps low prices that give you that competitive edge. Just as important as all these things are to the success of your business, so is establishing a deep level of trust with your customers. One good way to establish this trust is to become SOC 2 Compliant.

There are five trust service principles which include:
- Security
- Availability
- Processing integrity
- Confidentiality
- Privacy
(more…)
July 10, 2019
What Is The HITRUST Certification Process?

The Health Information Trust Alliance (HITRUST) is an organization that creates and maintains a common security framework (CSF) for businesses and organizations in the healthcare sector. Founded in 2007, the Texas-based entity has a prescriptive set of controls that organizations can use in creating, accessing, storing, or exchanging sensitive or regulated data.

HITRUST certification is commonly required by organizations handling protected health information (PHI). It provides a holistic approach to managing information security risks. Considered as the gold standard for compliance in the healthcare industry, it combines commonly accepted standards such as:

(more…)

July 2, 2019
What is HITRUST and How Does it Protect the Healthcare Industry?

If you’re a business owner who operates within the healthcare industry, you know that patients are your top priority. Whether it’s protecting their health or their data, you want to meet a high standard of excellence. Read below for more information on the HITRUST Alliance and how they help protect the healthcare industry.

(more…)

July 1, 2019
Privacy Policy Requirements For CCPA

People want privacy when it comes to their personal information; however, sometimes they don’t realize how other companies use their information. Third party involvement and the use of online platforms increase the chances that consumer data will be sold or affected by a data breach. Consequently, California took action to empower consumers. Are you aware of the privacy policy requirements outlined by CCPA? Find out everything you need to know with our complete guide.

(more…)

June 28, 2019
A Detailed SOC 2 Compliance Checklist

Running a business is no easy task. Knowing whether you’re SOC 2 compliant or not is yet another thing on your already full plate of expense reports, hiring, marketing, and so much more. Using the following information will help clear any confusion so you can focus on the things you love about running your business.

(more…)

June 27, 2019
How To Improve Cybersecurity In Financial Institutions

To the cyber-criminal, the world is a list of digital targets. There are two primary methods for selecting those targets. Sometimes the adversaries cast a very large automated digital net, looking for easily exploitable weaknesses wherever they exist. When the system reports one, they decide if the target is worth their time and either pursue it or move on to the next.

The other is a far more dangerous method, in which the target is pre-selected because it is considered high-value. When hackers decided to go after Target Stores in 2013 the attack was complex, methodical, and persistent; eventually compromising over 40 million people’s card data and costing the company over $300 million.

JP Morgan Chase suffered a breach in 2014 in which they reportedly compromised the financial and personal information of more than 76 million households and 7 million small businesses. The total cost of that incident is estimated to reach $1 billion!

According to the IBM X-Force Threat Intelligence Index of 2019, Finance and Insurance was the most frequently targeted industry in 2018 with 19% of the tracked attacks.

(more…)

June 26, 2019
What Are The Penalties For Non-Compliance With CCPA?

It wasn’t long ago when the EU’s General Data Protection Regulation (GDPR) went into effect and caused internet frenzy. The GDPR compelled people to care more about their personal information and how the information is being used by merchants and businesses with or without their consent. The policy actually pushed people to rethink how their internet activities could put them at risk, both financially and emotionally.

(more…)

June 21, 2019