Blog

What Is the California Consumer Privacy Act (CCPA)?

In 2015 a man named Alastair Mactaggart had a conversation with a friend of his, a Google engineer, about the amount of data Google had on people. The more he thought about it, the more concerned he became. Through his efforts, the California Consumer Privacy Act, also known as the california privacy law, was signed into law by California Governor Jerry Brown in June of 2018.

Sec 2, (i) States:

Therefore, it is the intent of the Legislature to further Californians’ right to privacy by giving consumers an effective way to control their personal information, by ensuring the following rights:

(1) The right of Californians to know what personal information is being collected about them.

(2) The right of Californians to know whether their personal information is sold or disclosed and to whom.

(3) The right of Californians to say no to the sale of personal information.

(4) The right of Californians to access their personal information.

(5) The right of Californians to equal service and price, even if they exercise their privacy rights.

(more…)

April 24, 2019
How to Achieve NYDFS Cybersecurity Compliance

It is a landmark regulation that is seen to have ripple effects on the cybersecurity practices of financial institutions not only in the United States but also worldwide. The New York State Department of Financial Services (NYDFS) Cybersecurity Regulation, commonly referred to as 23 NYCRR 500, is considered as one of the most comprehensive cybersecurity regulations in the financial sector.

This regulation takes on cybersecurity issues for financial institutions head-on by establishing strict requirements for state-chartered banks, private bankers, licensed lenders, mortgage companies, insurance companies, service providers, and foreign banks operating in New York.

This post will detail the various aspects of this landmark regulation, from and more importantly, how concerned or covered entities can do in order to achieve NYDFS cybersecurity compliance.

(more…)

April 10, 2019
How Mobile Security Solutions Can Reduce the Risk of Cyber Threats

Today’s Mobile Environment:

If it is true that time flies, then it must be true that technology rockets. Today, the race for faster, smarter and more sophisticated technology dominates headlines and purportedly will help decide who holds the upper hand for tech supremacy. However, before corporations reap the considerable financial benefits of improved technology, it would greatly behoove them to examine their own mobile cybersecurity solutions.

Yes, all technology is rapidly improving. But one particular sector has seen the most explosive growth and the highest level of utilization of that development: mobile. Today, around the globe, approximately 5 billion people use a mobile device, nearly half of them have smartphones. And what are all these people doing on their smartphones?

The answer: using apps to the point that there are now addiction help guides. To their credit, many businesses saw this coming and created a mobile device security policy for their workers. Regrettably, hackers and the blinding speed of technology had other ideas. Read on to learn about how the mobile security framework became so vital and how RSI security can help maximize productivity and minimize your security risk.

(more…)

April 10, 2019
How to Choose the Best Third-party Risk Management Certification Provider

In today’s business world, effective and efficient risk management is considered a major factor in the overall success of organizations. Businesses are investing heavily in third-party risk management programs to better identify and manage risks before these can affect their operations. The ability to manage risks enable companies and their decision-makers to act on future business decisions.

However, not all companies employ third party risk management specialists. The reasons may vary from organizational size to budgetary issues. Instead of employing full-time third-party risk management specialists, many firms choose to outsource their risk management functions to third parties.

Engaging the services of third-party risk management certifications firm is not as simple as it appears. There are many factors that can come into play in choosing a third-party risk management certification provider. This post will look at how a company looking to outsource risk management functions can select the best third-party risks.

(more…)

April 10, 2019
The Importance of Third-Party Risk Management Guidance

Security risks come in all shapes and sizes and affect all manner of companies. For small businesses, like a local computer repair shop, security is important, but requires only a small-scale operation. In contrast, large corporations, like many banks, turn to third-party contracts to better delegate resources and improve efficiency. However, implementing and maintaining security measures for external companies is challenging. Managing them takes significant time and human resources, as well as organization. Learn about third-party risk management regulations and guidelines with our complete guide below.

(more…)

April 5, 2019
What Is The Purpose Of An Enterprise Information Security Policy?

Information security policy is an extremely important topic of discussion that is often not discussed at all due to a number of reasons. Organizations often find that after they create and implement their Enterprise Information Security Policy (EISP) security architecture, they tend to put it on the back burner until the time comes to update it for compliance purposes. This shouldn’t be the case though.

Ponemon detailed in a 2018 report that a single ransomware attack costs companies an average of roughly $5 million, with $1.25 million being attributed to system downtime, and another $1.5 million to IT and end-user productivity loss. Sure, ransomware attacks can happen in a myriad of unique ways, but when an organization is collectively on the same page, it can help drive growth while protecting critical information within your network. Let’s discuss how to configure a comprehensive, yet easy to understand EISP that can be regularly updated as your company continues to successfully scale.

(more…)

April 5, 2019
What to Expect When You’re Expecting… a PCI DSS Assessment

(more…)

April 1, 2019
DFARS Compliance Checklist

What is the DFARS Checklist?

DFARS stands for Defense Federal Acquisition Regulation Supplement. Despite its best intentions, the acronym doesn’t give the layman much of a hint to its actual purpose. In simpler terms, the DFARS checklist is a security standard set forth by the Department of Defense (DoD).

Any business or entity that holds Controlled Unclassified Information (CUI) is required to meet the DFARS minimum security standards or runs the risk of losing all of their DoD contracts. This supplemental regulation summary comes from NIST Handbook 162. A complete breakdown of cybersecurity requirements and a step-by-step guide is available for your perusal. Be forewarned that the NIST handbook 162 is not the easiest read. However, it is very useful.

Companies with defense contracts may be interested to know that within NIST Handbook 162 is also information regarding NIST SP 800-171. NIST SP 800-171 and DFARS compliance are closely related but have separate requirements that all must be met in order to maintain DoD contracts.

The most recent DFARS compliance update deadline was the last day of 2017. Due to the nature of digital security, continual updates of DFARS are to be expected every few years.

DFARS are complicated security requirements that involve following some confusing instructions. RSI Security has been helping businesses of all sizes with all types of security obligations. Read on to learn how you can cross off the DFARS checklist or contact us today for more personal help.

(more…)

March 29, 2019
Third Party Risk Management Best Practices

Understanding and managing the risk that third-party service providers or suppliers pose to your operations should be an essential component of any comprehensive cybersecurity risk program. The risk that third-party vendors pose organizations is often not well understood. This leads to organizations exposing themselves to unnecessary risk that is otherwise avoidable.

Third-party entities can pose risks in a variety of ways. From the poor implementation of required security protocols to a lack of in-depth personnel vetting, there are many ways that security vulnerabilities with third-party vendors can translate to a security incident for your organization. Understanding the scope of security risk and cyber risk that you face from third-party providers can help you make calculated organizational and operational decisions that are fully informed. The creation of a third party risk management policy should be a necessary component of your cybersecurity strategy and should be fully backed by senior management.

(more…)

March 22, 2019
What Is the NYDFS Cybersecurity Regulation?

While breaches revealing public information (like pictures or emails) are concerning, the prospect of a financial breach tends to instill a higher level of panic. Additionally, accountability becomes even more important as more of these breaches occur. People want guarantees that their financial information is protected to the greatest extent possible.

Consequently, New York took a step toward greater security by enacting the 23 NYCRR 500 regulation, which focuses on cybersecurity for financial institutions. Do you know about the NYDFS cybersecurity regulations or how they affect you? Find out now with our comprehensive blog post.

(more…)

March 22, 2019