Blog

Most Notable Findings from the 2015 CFPB Supervisory Highlights

by Sarah Harvey / December 16, 2022

The CFPB recently released their 2015 Supervisory Highlights noting their observations and findings during their recent supervisory examinations. There are a lot of examples and learning opportunities for us to gain from these findings that we should focus on in order to strengthen our compliance at our own organizations. The first item that really stood out is in regards to consumer reporting. The CFPB found several occasions where dispute-handling obligations…

5 Topics to Include in Your Security Awareness Training Program

by Sarah Harvey / June 14, 2023

Regularly training your employees is a critical component of compliance and security in your organization. The risk of an employee not understanding the potential security threats facing them as a frontline target could be just the opening that an attacker needs to create a security breach. You are only as strong as your weakest link, so implementing a regular security awareness training program is crucial to ensure that you’re doing…

Medical Devices Can Lead to Data Breach at Healthcare Organization

by Sarah Harvey / December 16, 2022

The terms “data breach” and “healthcare organization” aren’t strangers in headlines as of late, but recent studies and investigations done by cybersecurity professionals in the industry have found that cyber hackers are beginning to use medical device vulnerabilities as an intrusion point into the entire organization’s network. It’s quite common for medical devices to run outdated, thus vulnerable, software, and are difficult to mitigate vulnerabilities, putting millions at risk. Recent…

3 Reasons You Should Be Undergoing Regular Penetration Tests

by Sarah Harvey / December 16, 2022

Did you now you could avoid a costly data breach by having regular Penetration Testing and Vulnerability Scans? So why don't we? Every week we hear about an unforgiving hacker who has taken advantage of a security gap to maliciously gain access to tons of irretrievable data, costing them tons of money, and ultimately damaging the reputation of the organization. Not to mention those affected by the stolen data -…

Ask the Auditor: PCI DSS Requirements 3 & 4

by Sarah Harvey / June 13, 2023

We had another chance to interview one of our Information Security Auditors, Tim Cunningham, on some frequently asked questions about PCI DSS Requirements 3 and 4. Here are the highlights from the interview: Q: When we consider the concept of protecting stored cardholder data, what is the first thing to consider when planning compliance with Requirement 3? An organization’s approach to PCI Compliance should be a top-down, management driven approach.…

Most Notable Findings from the 2015 CFPB Supervisory Highlights

5 Topics to Include in Your Security Awareness Training Program

Medical Devices Can Lead to Data Breach at Healthcare Organization

3 Reasons You Should Be Undergoing Regular Penetration Tests

Ask the Auditor: PCI DSS Requirements 3 & 4

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.