Blog
Insights for Reasonable Cyber Security and Compliance
What’s happening in the world of cybersecurity? How do you define 'reasonable' security controls? Which cyber threats can be prevented? What steps should you take to make your systems safer? Read our blog posts to gain new insights into cybersecurity news, security awareness, the latest threats and risks, penetration testing, compliance, regulations and so much more.
RANSOMWARE IS THE NEW MULTI-LEVEL MARKETING BUSINESS
By Erik Leach
2016 has proven to be a banner year for Ransomware. The year kicked off with a series of ransomware attacks on a trio of hospitals including the well-publicized incident at Hollywood Presbyterian Medical Center which forced its IT staff to shut down the network while coerced administration officials agreed to pay a $17,000 bitcoin ransom. The year is culminating in dramatic fashion as well as thousands of San Francisco commuters got to ride for free as a result of a ransomware attack on the San Francisco Municipal Transportation Agency which infected 2,112 computers and took its light rail transit system offline for more than 24 hours. (more…)
IoT DEVICES MAKE IDEAL SOLDIERS FOR CYBER CRIMINALS
We all remember gazing in wonder at the armies of elite empirical storm troopers as they collectively marched into battle to subdue the rebel forces in those early Star Wars movies. Many of us recall the machines spotlighted in the Terminator series which led the battle against the humans. Science fiction is good at conjuring up creative visions of the technical forces we may combat in the future, but even the most creative science fiction writer couldn’t have come up with the idea of an army of cameras attacking our Internet infrastructure; Yet, that is what happened. (more…)
EMPLOYEE SOCIAL MEDIA ACCOUNTS MAKING YOUR NETWORK VULNERABLE?
Social media seems harmless enough especially when your employees stick to using it for personal reasons, but it can indirectly be responsible for critical security breaches. With some social engineering and patience, an attacker can use personal social media profile information to gain access to your corporate network. The attack is completely outside of your control and uses a combination of social engineering and phishing attack techniques. (more…)
Chronology of HIPAA, HITECH & the Omnibus Rule
HIPAA is a confusing regulation. Since its enactment on August 21, 1996, it has covered topics as diverse as insurance coverage of unemployed people, efficiency of health care administration, data security, and more recently the improvement of healthcare outcomes. HIPAA has had the complicated history of regulatory revisions, clarifications, and guidance documents from various agencies, and it is still largely misunderstood.
Are Your Security Devices HIPAA Compliant?
By Chris Cronin, ISO 27001 Auditor, Partner
Would you be surprised to learn that there is no HIPAA requirement that tells organizations to use a firewall? How about an intrusion detection system (IDS)? Nope. And no requirements for a data loss prevention tool (DLP) either, or a proxy server, or even a security information and event management system (SIEM).
OVER-SECURING PHI: A DANGEROUS HIPAA VIOLATION | What is reasonable?
By Chris Cronin, ISO 27001 Auditor, Partner
Over-securing protected health information (PHI) means protecting the security of PHI so much that patient care or medical research becomes compromised. It may seem strange to hear this from a cyber security firm. After all, security is where HALOCK makes its living. But if your security controls take priority over your medical mission, then you’re doing HIPAA wrong.
COMMON HIPAA VIOLATIONS THAT ARE EASY TO FIX
THE HIPAA ‘DIRTY DOZEN’ – FIND OUT ABOUT THE MOST COMMON HIPAA VIOLATIONS
By Tod Ferran, CISSP, QSA
Time and time again we see many common HIPAA issues arise in both large and small entities. We’ve compiled a list of the most common HIPAA issues that can lead to violations that we see in the field – and most are relatively easy to fix. Take a look at the following list to see if your organization struggles with any of these common HIPAA violation examples.
DEMYSTIFYING COMPROMISE ASSESSMENTS
As threat technology rapidly advances, hackers and threat actors leverage all the means at their disposal to deliver malware and compromise your systems and information. To expose these threat actors, a lot of organizations rely heavily on experts in the cyber security field to perform penetration tests and compromise assessments. (more…)
PRIVACY VS SECURITY – WHAT’S THE DIFFERENCE?
By Chris Cronin, ISO 27001 Auditor, Partner
The ever-increasing demands from laws and regulations to protect personal information comes with confusion about what exactly our protection responsibilities are. One source of that confusion is in the use of the terms “privacy” and “security.” While “privacy” and “security” are both common terms used in laws, regulations, and security standards, they mean very different things and they are managed very differently. In fact, the difference between the two has a lot to do with what organizations are capable of controlling. (more…)
WHAT KIND OF SECURITY ASSESSMENT DO I NEED?
What kind of security assessment do I need? It’s a question we at HALOCK Security Labs hear all the time. Every regulation and information security standard in existence tells us that we must undergo some kind of regular assessment. But the security field has not been consistent in advising what kinds of assessments fit which purpose best. (more…)