Blog

Ransomware Alert: Defend Yourself Against WannaCrypt

by Sarah Harvey / December 19, 2022

On Friday May 12th, 2017, a large ransomware attack was launched, known as WannaCrypt (a.k.a. WannaCry), which infected more than 230,000 computers across 150 countries, and counting. This unprecedented cyberattack has left organizations struggling in the aftermath as they try to recover. WannaCrypt demands payment of ransom in bitcoin and has spread in several ways; phishing emails and as a worm on unpatched computers. The attackers responsible for WannaCrypt used…

The HIPAA Risk Analysis

by Sarah Harvey / December 19, 2022

The HIPAA risk analysis is the starting point for any HIPAA audit, and the most important component for achieving and maintaining HIPAA compliance. If risk analysis is such a critical part of HIPAA compliance, why is it the number one finding by the Office for Civil Rights (OCR)? Unfortunately, this means that a lot of business associates and covered entities, who are required to comply with HIPAA laws, just aren’t…

The Rise of Ransomware: Best Practices for Preventing Ransomware

by Sarah Harvey / June 14, 2023

Ransomware is becoming a buzzword that is showing up in the headlines nearly every day. Some even refer to it as the “billion-dollar nightmare for businesses.” Malicious attackers using ransomware don’t tend to discriminate against the type of data they target, however, recent reports show that healthcare data is quickly becoming the most commonly affected data by ransomware attacks. Understanding how ransomware works and affects organizations can help entities to…

Compliance is Never Enough: Encryption & Key Management

by Sarah Harvey / November 27, 2023

Understanding a Key Management Program The purpose of this presentation is to give you a foundation of understanding encryption. This webinar will not delve into the math involved, but rather, you will learn about the different types of encryption, key management basics, algorithm uses, and encryption attacks. First, let’s define and discuss symmetric versus asymmetric encryption. Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both…

PCI DSS Requirement 1.5: Ensure Security Policies are Known to all Affected Parties

by KirkpatrickPrice / December 22, 2022

Examining PCI Requirement 1.5 At the end of each of the PCI DSS v3.2 Requirements, we have what we like to call a “capstone.” At the end of Requirement 1, there is PCI Requirement 1.5. It states, “Ensure that security policies and operational procedures for managing firewalls are documented, in use, and known to all affected parties.” PCI Requirement 1.5 is not only saying that your organization needs to maintain…

Ransomware Alert: Defend Yourself Against WannaCrypt

The HIPAA Risk Analysis

The Rise of Ransomware: Best Practices for Preventing Ransomware

Compliance is Never Enough: Encryption & Key Management

PCI DSS Requirement 1.5: Ensure Security Policies are Known to all Affected Parties

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.