Blog Archives

Testing MFA Controls: Learning from the CISA Cybersecurity Advisory

by Hannah Grace Holladay / June 14, 2023

You thought you did everything right. You enabled multi-factor authentication (MFA) on all of your accounts and configured it so that all employees and customers are required to use it. You have automated checks set up to make sure MFA is still required. And yet you still experience a data breach. This is exactly what happened to the non-governmental organization (NGO) described in the Federal Bureau of Investigation (FBI) and…

How to Prevent Ransomware

by Hannah Grace Holladay / June 14, 2023

Ransomware is perhaps the most disruptive and infuriating security threat facing businesses in 2022. A ransomware infection is a symptom of an information and infrastructure security failure that may hurt a business’s reputation and pose a compliance risk. Ransomware not only deprives a business of data essential to its operations; it also forces business leaders to decide whether to pay off criminals—an action that has ethical, financial, and legal implications.…

6 Steps to Prevent Data Breaches

by Hannah Grace Holladay / June 14, 2023

As we enter a new year, it’s traditional to look back at the successes and failures of the last twelve months. The information security world is no different, and as the year draws to a close, information security writers publish a flurry of articles with titles like The Top Data Breaches of 2021 and The Top 5 Scariest Data Breaches in 2021. They are sobering reading: each listicle entry represents…

How to Achieve PCI DSS Compliance on AWS

by Hannah Grace Holladay / February 15, 2023

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard merchants and service providers must comply with if they store, process, or transmit cardholder data. PCI DSS includes over 400 information security requirements, including requirements that apply to cloud infrastructure such as Amazon Web Services (AWS). Organizations that use AWS to store and process credit card data must ensure their cloud infrastructure is compliant. But maintaining…

Net Friends Receives SOC 2 Type II Attestation for Third Year, Adding Confidentiality Trust Services Criteria

by Hannah Grace Holladay / February 15, 2023

Independent Audit Verifies Net Friends’ Internal Controls & Processes, Adding Confidentiality Trust Services Criteria DURHAM — Net Friends, Inc., a North Carolina-based IT company and managed services provider, announced today that it has completed its annual SOC 2 Type II audit, performed by Kirkpatrick Price. For the third year in a row, this attestation presents independent, third-party validation that Net Friends demonstrates a strong commitment to information security practices. By exhibiting the necessary internal…

Blog

Blog

Testing MFA Controls: Learning from the CISA Cybersecurity Advisory

How to Prevent Ransomware

6 Steps to Prevent Data Breaches

How to Achieve PCI DSS Compliance on AWS

Net Friends Receives SOC 2 Type II Attestation for Third Year, Adding Confidentiality Trust Services Criteria

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.