The public servants and educators that keep state and local governments and higher education institutions running stand at the nexus of change. They’re tasked with providing citizens with new services that account for rapid changes in the tech landscape and societal processes, while maintaining the same rock-solid dependability, security, and safety that people have expected of governing bodies for generations.

In part 1 of this series, we discussed data privacy, the related laws, and the data collection practices that help comply with those laws. In this blog, we’ll take a look at the challenges in securing customer data and five effective steps to overcome them. Many countries deem data privacy a fundamental human right and have implemented data protection laws.

For the next installment in our series of interviews asking leading security and compliance specialists about their achievements in their field, we’ve welcomed Rhia Dancel, Lead Auditor and CMMC Registered Practitioner with the NSF. Rhia Dancel is an ISO/IEC 27001 and 9001 Lead Auditor for NSF-ISR as well as a CMMC Registered Practitioner and has previously held several auditing and technical positions in information security and pharma quality sectors.

The Center for Internet Security (CIS) controls are a relatively short list of high-priority, highly effective defensive actions that provide a “must-do, do-first” starting point for every enterprise seeking to improve its cyber defense. Initially developed by the SANS Institute and known as the SANS Critical Controls, these best practices are indispensable to organizations both large and small. By adopting these sets of controls, organizations can prevent the majority of cyberattacks.

More organizations than ever run on Infrastructure-as-Code cloud environments. While migration brings unparalleled scale and flexibility advantages, there are also unique security and ops issues many don’t foresee. So what are the major IaC ops and security vulnerabilities? Configuration drift. Cloud config drift isn’t a niche concern. Both global blue-chips and local SMEs have harnessed Coded Infrastructure.

Password security is crucial to preventing cyberattacks. It is important to find a password manager that enables the zero-trust security model to mitigate the risks of data breaches from compromised user accounts. The U.S. government released a memorandum earlier this year, detailing the requirement for federal agencies to achieve zero trust by the end of Fiscal Year 2024 in an effort to strengthen their cyberdefenses.

Recently, ThreatQuotient hosted an interactive discussion regarding security orchestration and cyber security automation adoption – what it is, what it’s meant to do, and why it can present a challenge for security teams to set up and maintain. What we heard from attendees was that the most common issues preventing them from integrating some form of security automation into their internal processes are the necessary time and resources.

Zenity research team has recently discovered a potential customer data leakage in Storage by Zapier, a service used for simple environment and state storage for Zap workflows. With only a few simple steps and no authentication, we were able to access sensitive customer data. Given the nature of this flaw, it would be easy for bad actors to recreate our approach and access the same sensitive data without significant expertise.