Key Takeaways from the SEC’s Cybersecurity Guidance

by Sarah Harvey / December 16, 2022

In February 2018, the US Securities and Exchange Commission (SEC) affirmed something we know to be true: as organizations rely more and more on technology, the frequency and complexity of cybersecurity threats continue to increase. The SEC issued interpretive cybersecurity guidance, which builds upon the Division of Corporation Finance’s guidance from 2011, for public companies to follow when dealing with cybersecurity incidents and risks. This cybersecurity guidance communicates several major…

Penetration Testing in Support of HIPAA Compliance

by Sarah Harvey / December 16, 2022

According to the Department of Health and Human Services Office for Civil Rights’ “wall of shame,” data breaches and security incidents have impacted more than 450,000 individuals so far this year. With no solution or end to the pervasive threat landscape in sight, this begs the question: what more could the healthcare industry do to protect their patients’ PHI, provide quality healthcare services, and ensure that their security posture remains…

SOC 2 vs. ISO 27001: Which Audit Do You Need?

by Sarah Harvey / June 14, 2023

SOC 2 and ISO 27001 audits are similar in intention; they both help organizations protect the data that they are responsible for. How are they different, though, and which one meets your organization’s needs? What is a SOC 2 Audit? A SOC 2 audit evaluates internal controls, policies, and procedures that directly relate to the AICPA’s Trust Services Criteria. This means that a SOC 2 audit report focuses on a…

Privacy vs. Security: What’s the Difference?

by Sarah Harvey / February 20, 2023

Privacy and security are terms that are often believed to be synonymous, but they’re actually quite different. Understanding what that difference is plays a key role in ensuring that your organization maintains a strong security posture, while also performing your due diligence to protect your customers’ sensitive data. In this webinar, our Director of Regulatory Compliance, Mark Hinely, discusses the differences between privacy and security, why understanding the difference matters,…

The Dangers of End-of-Support Operating Systems

by Sarah Harvey / June 14, 2023

Computer hardware and software is not built to last forever. End-of-support operating systems are one of the most common vulnerabilities discovered on enterprise networks. Why? Typically, it’s for one of two reasons. First, the organization could just lack a refresh of technology. But, end-of-support vulnerabilities could also occur because organizations need legacy software that will only function on an older operating system. Here's some end of support guidance for common…