by
Sarah Harvey / June 14, 2023
What is a Gap Analysis? When an organization pursues an audit for the first time, we strongly recommend starting with a gap analysis. Why? The truth is: we don’t want you to fail the audit. We want to help you prepare for the audit so that you can meet your challenging compliance goals, and we want to educate you on what you’re getting into when you pursue an information security…
by
Sarah Harvey / June 14, 2023
What would it cost you if your printing business compromised client data because of a printing error? How would your organization be impacted if your printers were hacked? As service organizations and third-party vendors, organizations in the printing industry cater to a variety of organizations such as financial, government, or healthcare and are likely to interact with personally identifiable information (PII) on a regular basis. Because of this, it’s critical…
by
Sarah Harvey / June 14, 2023
What would be the impact to your organization if your information security auditor did not conduct a thorough audit? How would it impact your organization if you partnered with an auditing firm whose quality of services and integrity was questioned by industry regulators? Too often, organizations must deal with the aftermath of receiving an audit that wasn’t thorough enough. This could mean public-facing S3 buckets, active directory policies do not…
by
Sarah Harvey / June 14, 2023
Best Practices for Safe Online Holiday Shopping While businesses are gearing up for the busiest shopping season of the year and consumers are anxiously awaiting the best online deals, malicious hackers will be prepping to get their hands on valuables as well. This makes it increasingly important that consumers practice due diligence while online shopping. Clicking on random links, buying products from unsecure websites, and inputting personally identifiable information where…
by
Sarah Harvey / June 14, 2023
Microsoft’s Password Guidance recommends that passwords be set to never expire. Microsoft argues, “Password expiration policies do more harm than good, because these policies drive users to very predictable passwords composed of sequential words and numbers which are closely related to each other.” NIST’s guidance suggests, “Verifiers should not require memorized secrets [passwords] to be changed arbitrarily. However, verifiers shall force a change if there is evidence of compromise of the…
