The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a United States Federal Law designed to protect sensitive patient information from unauthorized disclosure, either through accidental data leakage or the result of a planned cyberattack.
Organizations of all sizes that store, process, or transmit credit card data must comply with PCI DSS (Payment Card Industry Data Security Standards). The PCI standard’s 12 principal requirements can prove challenging for organizations to achieve and maintain, especially those in the highly-regulated financial industry. An upcoming PCI compliance audit may be cause for concern for many organizations, who are left scrambling to ensure their cybersecurity practices are up to scratch.
As businesses and organizations scale and grow, their network infrastructure can also grow increasingly large and complex. Using a flat network structure (all devices connected on one server) makes it easier for cybercriminals to roam freely and unimpeded in the system in the event of a successful cyber attack. Implementing network segmentation best practices can limit the scope of an attack, prevent malware from spreading, and disrupt lateral movements across your IT ecosystem.
In recent years, there has been increasing amounts of ransomware attacks on colleges and universities due to poor cybersecurity practices, a higher likelihood of ransom payment, and the value of information involved. The entire education sector performs poorly as a whole compared to other sectors when it comes to data security, and hackers are quickly taking notice.
The internet of things (IoT) is a system of interconnected computers, devices, digital machines, and objects, all marked with unique identifiers (UIDs) and enabled to transfer and share data over a network. It was first coined by Kevin Ashton in 1999 when he envisioned a future where things communicated with each other, apart from human interaction With the evolution of web-enabled smart homes and smart devices in nearly every corner of life, IoT attack surfaces begin to emerge.
Often regarded as the Californian version of the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) aim’s to increase consumer rights by giving California residents greater control over the use of their personal data. The CCPA heavily regulates the use of any data that could potentially link to the identity of a consumer or household, either directly or indirectly.
Two-factor authentication (2FA) is a type of multi-factor authentication (MFA). Both authentication solutions provide additional account security by requiring additional factors of authentication. To understand how exactly 2FA and MFA differ, it’s firstly important to understand the concepts of authentication and factors of authentication.
Shadow IT includes any unsanctioned apps or hardware used by employees that fall outside of those managed by the IT department (sanctioned apps). Shadow IT is often used as a workaround to functionality or usability gaps created by an organization’s known IT resources. Large organizations have multiple departments with widely differing information technology (IT) needs.
The Stop Hacks and Improve Electronic Data Security (SHIELD) Act is designed to protect the personal data of all New York residents. This act broadens the data privacy and protection standards stipulated in the Gramm-Leach-Bliley Act (GLBA) and the New York Department of Financial Services (NYDFS). What makes this particular data protection law unique is its inclusion of biometric information, usernames, and passwords in the category of personal information.
While cybersecurity is deeply rooted in the tech and digital space, you might be surprised to find that many cybersecurity jobs don’t require coding or programming skills. Cybersecurity professionals can find careers with both technical and non-technical backgrounds. To succeed in the field of cybersecurity, it’s far more important to be analytical, solutions-driven, and well-versed with technology.
