03

Dec 2018

Four Ways to Protect Against Insider Threats

Most cybersecurity defenses and strategies are focused on external threats in an effort to make access costlier for a hacker than the value of what they can obtain. However, developing ways to protect against insider threats is an essential part of an organization’s cybersecurity posture. The Internal Threat Landscape Most organizations are focused on the prospect of external threats. Basic security is perimeter-focused, meaning that the primary...

Read More


12

Nov 2018

Hacking Humans: The Social Engineering Threat

When most people think of cyberattacks and the social engineering threat, they picture a scene from an action movie in which a teenage computer whiz spends thirty seconds furiously typing on a computer keyboard and gaining complete access to the Pentagon’s databases. In the real world, this isn’t how hacking actually works. The good news is that hacking the Pentagon is a lot harder than...

Read More


05

Nov 2018

The Importance of Configuration Standards for Regulatory Compliance

Developing and implementing strong configuration standards for regulatory compliance is an important aspect of an organization’s cybersecurity strategy. Privacy regulations commonly require configuration standards. Therefore, knowing how to create strong ones is an important part of achieving and maintaining regulatory compliance for frameworks such as HIPAA/HITECH, PCI DSS, and NIST. What Are Regulatory Compliance Configuration Standards? All technology comes with a default configuration and, in...

Read More


29

Oct 2018

Minimizing Permissions to Improve Cybersecurity

Minimizing permissions for end user account access by assigning appropriate access levels and setting up account separation is an important aspect of building a cybersecurity program. Admittedly, this can present a challenge in workload and regarding pleasing your end users. The requirement for some users to have multiple accounts increases the burden on the security team for account management. It can also interrupt workflow for...

Read More


29

Oct 2018

Patch Management: Why it’s Important for CyberSecurity

A good patch management strategy is commonly listed as one of the basics of an organizational cybersecurity strategy. In this post, we discuss the importance of strong patch management and how to implement a good patch management strategy. What Is Patch Management? All software has bugs. Whether these are caused by design flaws or implementation flaws, the sheer amount of code in systems that we...

Read More


18

Oct 2018

GDPR Regulators Announce Fines Coming by Year’s End

Recently, an announcement was made stating that the first GDPR fines will be levied before the end of 2018. This article describes what the announcement means and how it can affect your organization. The GDPR Regulation On May 25, 2018, the General Data Privacy Regulation (GDPR) went into effect in the European Union. The purpose of this regulation is to protect the privacy of EU...

Read More


10

Oct 2018

Does HIPAA Apply to Me?

Over the course of Sword & Shield’s years of HIPAA compliance consulting, we have been asked many times, “Does HIPAA apply to me?” In this post, we describe how your organization can determine whether or not you are required to be compliant with the HIPAA regulations for privacy and security of protected health information (PHI). Introduction to HIPAA The Health Insurance Portability and Accountability Act (HIPAA)...

Read More


26

Sep 2018

Personal Information Anyone Can Learn on the Internet

When you think of people collecting personal information about you, you probably think about the data leaked in corporate data breaches and information for sale on the Dark Web. But have you ever wondered what kind of information the average person could learn about you on the Internet? The Internet can make social engineering a past time for some, or a dangerous cybercrime conduit for...

Read More


25

Sep 2018

Eight Considerations for Remote Worker Cybersecurity

Working from your desk in the corporate office is probably the safest way of doing business since you have both physical and technological protections provided by your organization.  However, this may not always be feasible for either personal or business reasons.  By taking the appropriate remote worker cybersecurity precautions, you can work from home or on the go without jeopardizing your personal security or that...

Read More



Page 2 of 2012345...1020...Last »