How to Reduce Risk
Risk is not just a vulnerability. Risk is a combination of the likelihood of a vulnerability being exploited and the impact to the system if that vulnerability is exploited. So, what does that mean? When we think about a threat to the system, we look at the events...
Prepare for Compliance
Regulatory compliance has become a regular component of every business industry today. With the relentless barrage of attacks, phishing, and the general inundation of spam and scams, it is a wonder something wasn’t done sooner. And yet, businesses still trudge...
The FTC Safeguards Rule: Have a plan… time is running out
The Federal Trade Commission (FTC) updated GLBA in 2003 with the first Safeguards Rule. Those requirements were updated again in 2021 and now must be met by June of this year. This means time is running out, and we need to get a plan in place. "The FTC Safeguards...
Who is captaining your compliance ship? 5 questions to ask
Most of us will have to meet some form of regulation at some point in our businesses. For cybersecurity, there are several possible ones, depending on your industry. It’s already a nuisance dealing with migration into the cloud, or dealing with remote or hybrid...
The need for virtual compliance officers
The goal for any business is to hire the "perfect fit" with the right expertise and focus. With the unpredictable market and the onslaught of every kind of technical solution, there are several square pegs for every round hole. And now, thanks to COVID, "remote" is...
Ever wonder what happens when you click on a link?
Security Awareness Training (SAT) tells us to never click on a link from some email that we don’t know where it originates. Sound advice. But have you ever wondered what happens when someone does click on that link? The vision is of imminent destruction, and the...
Maryland Businesses – Do you qualify for a cybersecurity tax credit?
The Buy Maryland Cybersecurity (BMC) Tax Credit provides an incentive for Maryland companies to purchase cybersecurity services from a Qualified Maryland Cybersecurity Seller (QMCS). Maryland companies that qualify may claim a tax credit for 50% of the net purchase...
CMMC Level 2 – It can be less complex than you think
If you're a defense industrial base (DIB) contractor, you're already aware you need to meet compliance requirements in the new CMMC system, which goes live May 2023. Most government contractors are required to meet CMMC Level 2. The bad news is that it can be a...
Security Topic: Data Protection
Is there any organization with sensitive data that someone else isn’t trying to collect? We create processes, methodologies, and technical know-how. Even if we don’t have secret source-code or a cool product with intellectual property, every organization maintains...