Oct 15, 2021 8:13:46 AM

Fight the Phish with Brad Pierce | HORNE Cyber

This week, we sat down with our Director of Security Operations, Brad Pierce, to get his thoughts on phishing attacks. Below we discuss best practices to fight the phish, phishing trends, why phishing is so lucrative and what to do if you have been caught in a phishing attack.

Topics: cybersecurity, password security, securing your data, Vulnerabilities

Oct 13, 2021 7:15:55 AM

3 Fundamentals for Shoring Up Phishing Defenses

From ransomware to SolarWinds, the cybersecurity space has been as fast-paced as it has ever been over the last 12-24 months. However, for all of the emerging threats and news that are cropping up on the horizon, phishing -- one of the oldest pain points in cybersecurity -- is continuing to quietly wreak havoc and is as big of a threat as it has ever been.    Phishing has been a mainstay in the cybersecurity threat landscape for decades. In fact, 43 percent of cyberattacks in 2020 featured phishing or pre-texting, while 74 percent of US organizations experienced a successful phishing attack last year alone. That means that phishing is one of the most dangerous “action varieties” to an organization’s cybersecurity health. As a result, the need for proper anti-phishing hygiene, a culture of awareness, and best practices is an absolute must.    With that in mind, here are a few quick best practices and tips for dealing with phishing threats:  

Topics: cybersecurity, password security, securing your data, Vulnerabilities, Phishing

Oct 7, 2021 7:00:00 AM

Cyber Basics with Mike Skinner

This week, we sat down with our managing partner, Mike Skinner, to get his opinion on basic cyber hygiene when it comes to protecting yourself while on the internet. Below we discuss password best practices, most commonly seen mistakes, the importance of VPN, and why MFA matters.

Topics: cybersecurity, password security, securing your data, Vulnerabilities

Oct 6, 2021 7:30:00 AM

Get Familiar with the Cyber Basics

At a time when we are more connected than ever, being “cyber smart” is of the utmost importance. This year has already seen more than a fair share of attacks and breaches, including the SolarWinds and Kaseya breaches as well as high-profile attacks on the Colonial Pipeline and other critical infrastructure. Furthermore, as has been underlined by these recent breaches, cyberattacks are becoming more sophisticated with increasingly evolved bad actors. Luckily, there are several steps that we can take on a daily basis to mitigate risks. Here are a few quick tips:

Topics: cybersecurity, password security, securing your data, Vulnerabilities

Sep 16, 2021 12:15:00 PM

How Do You Manage Ransomware Risk?

Ransomware has become an all-too-common occurrence in today's digital world. With threat actors constantly evolving their tactics and developing new threats, protecting your organization against ransomware attacks can be difficult. However, following these 5 best practices can minimize your risk:

Topics: cybersecurity, password security, securing your data, Vulnerabilities

Sep 9, 2021 9:29:26 AM

What to Know About Cybersecurity For Your Home & Family

Internet is an integral aspect of modern life. One that has brought us many conveniences and transformed businesses and human connection. However, this world of connection has brought many challenges and risks to our doorstep. Over the last year and a half, we have seen our homes become centers not only for leisure online activities such as social media, personal banking, gaming, and TV streaming, but also virtual schools and offices. Below, we share a few of our go-to best practices for upping your family’s cybersecurity awareness and protection.  

Topics: cybersecurity, password security, securing your data, Vulnerabilities

Aug 25, 2021 7:30:00 AM

What is the number one way to prevent shadow IT?

Shadow IT continues to be prevalent in many organizations, bringing unknown and unmitigated risks into your environment. Several factors have accelerated the presence of shadow IT in recent years, such as bring your own device policies, the increased need within business units to have flexibility to affect outcomes, tension between IT/GRC stakeholders and other operating areas, an exponential reliance on employee devices and remote work due to the COVID-19 pandemic.

Topics: IT administration, information security

Jul 28, 2021 7:30:00 AM

Web Application Security 101

  What is a Web Application Pen Test? In today's interconnected business world, web applications (web apps) are indispensable. Whether they are a client portal or online shopping site, attackers can compromise web apps, impair business function, and steal sensitive data if they are not adequately tested and secured by your organization. Fortunately, these vulnerabilities can be mitigated through proper cyber hygiene and integrating penetration testing into the web app development lifecycle.   

Topics: data security, cybersecurity, Vulnerabilities

May 13, 2021 8:37:22 AM

Impact and Mitigation of the KRACK WiFi Vulnerability

A vulnerability has been disclosed in the most popular and recommended security protocol for WiFi networks: WPA2. The weaknesses, discovered and documented by Mathy Vanhoef, may change the way your organization uses wireless until vendor patches are available. The purpose of this post is to discuss the potential impact on your organization and discuss how you can layer security around protocol weaknesses such as this one.

Topics: Attack Surface

May 13, 2021 8:37:01 AM

Is Your Google Chrome Browser Up-to-Date?

Late last week, Google announced an urgent Google Chrome browser update (78.0.3904.87) for Windows, Mac, and Linux platforms. The update includes security fixes for two identified vulnerabilities within the current Chrome browser. Very little information about the two vulnerabilities has been released at this time; however, Google noted that one of the exploits is actively being exploited “in the wild”.

Topics: cybersecurity

May 12, 2021 9:10:06 AM

Conducting Regular HIPAA Security Risk Analyses is Critical

Clients frequently ask the question, “How often should I perform a security risk analysis as a covered entity under HIPAA?” While the HIPAA security rule does not require a security risk assessment to be performed within a certain timeframe, it does state that the risk analysis process should be ongoing and continuous. Similarly, the Quality Payment Program (for covered entities accepting Medicare) does evaluate if an organization has performed a security risk analysis within a 12 month period (January through December) as a required measure.

Jan 1, 2021 4:30:00 PM

Why "I'm Just Not Technical" is No Longer an Excuse in the C-Suite

I cannot tell you how many board presentations and meetings I have been in and heard "I am just not technical". Not being “tech savvy” is no longer a valid excuse to not understanding the threats your organization faces and what needs to be done to provide protection. If you are in the budgeting, decision making or approval process of technology in your organization, you have no choice.

Jan 1, 2021 4:21:00 PM

Don't Let Cyber Risk Derail Your M&A Deal

Headlines around hacking and data breaches have become a regular occurrence over the last few years. When a business loses the trust of its customers, it can be nearly impossible to win it back. Cybersecurity, or the lack thereof, can famously destroy existing companies, but could it also be killing future business deals?

Topics: risk management, cybersecurity

Jan 1, 2021 4:03:00 PM

XaaS, Part 2: Infrastructure as a Service (IaaS)

Getting Started with IaaS As a businessperson, deciding whether to deploy an aspect of your business to the cloud can be an ordeal, especially if cloud computing discussions are not a standard part of your workday. In XaaS Part 1, we defined cloud computing, the three standard cloud services models, and four cloud computing architectures. 

Topics: Cyber Assurance Insights

Jan 1, 2021 4:01:00 PM

What would you do with a million dollars in a pandemic?

Over the past few months I’ve worked with multiple teams at HORNE as we’ve assisted State and Local Governments determine how to spend the funds provided to them through the Coronavirus Relief Fund (“CRF”) that was a result of the CARES act, which appropriated $150 billion to the fund to be directed to U.S. State, Local, Territorial, and Tribal governments.

Topics: COVID 19

Jan 1, 2021 3:59:00 PM

3 Simple Ways to Test Your Business Continuity Disaster Recovery Plan

There are numerous resources that provide the means for developing a business continuity plan. These include the achievement of such activities as team formation, business impact analysis, evaluation of legal and regulatory requirements, etc. This is not one of those.

Topics: cybersecurity awareness month

Jan 1, 2021 3:56:00 PM

Pt. 5: 7 Tips for Achieving CMMC Level 4 Readiness

In our previous blog, we discussed the purpose of Level 3 and the requirements that potential contractors will need to meet to achieve Level 3 readiness. As we continue along the maturity model to Level 4, we will provide *Readiness Notes* to point out potential roadblocks for achieving Cybersecurity Maturity Model Certification (CMMC) Level 4 readiness.

Topics: CMMC

Jan 1, 2021 3:54:00 PM

Pt. 6: A Readiness Roadmap to the CMMC Level 5

In our previous blog, we discussed the purpose of Level 4 and the requirements that potential contractors will need to meet for Level 4. As we continue along the maturity model to the final level, we will provide *Readiness Notes* to point out potential roadblocks for achieving Cybersecurity Maturity Model Certification (CMMC) Level 5 readiness.

Topics: CMMC

Jan 1, 2021 10:45:00 AM

COVID-19 Impacts on HIPAA: Maintaining Security and Privacy for Your Organization

COVID-19 has changed the HIPAA landscape in the short term, and  some of these changes will undoubtedly echo long after the pandemic has ended. We’ve summarized the latest changes and how you can maintain the security goals for your organization and stay in compliance.

Topics: HIPAA, COVID 19

Jan 1, 2021 10:40:00 AM

Cloud Computing & Risk Management: A Review of the FFIEC's Recent Statement

Out of sight out of mind feels pretty good, doesn’t it? Especially with not only is it out of sight, it is off the ground. Your organization’s data is so far out of reach not only does it feel like you can’t get to it, but there’s an illusion that no one else can either.

Topics: risk management, the cloud

Jan 1, 2021 10:23:00 AM

A Tactical Crisis Response to Healthcare Cybersecurity

Introduction In May the Health Sector Coordinating Council (HSCC) and the Health Information Sharing and Analysis Center (H-ISAC) collectively created a tactical guide for how healthcare organizations can manage their cybersecurity threats during a crisis like COVID-19. During a crisis, the way your company works, specifically your technology and processes, can change dramatically. These changes create new attack surfaces and vulnerabilities.

Topics: COVID 19

Jan 1, 2021 10:11:00 AM

6 Steps to NIST 800-171 Compliance

NIST 800-171 provides a framework for the protection of controlled, unclassified information (CUI). The framework is intended to provide guidance for nonfederal entities working with and accessing the data of federal entities. However, NIST 800-171 serves as a best practice for controls for privacy and security for many types of unclassified data.

Topics: Cyber Assurance Insights, IT GRC, Cyber GRC, Cyber Regulations, Compliance, NIST 800-171

Jan 1, 2021 9:54:00 AM

Providing Peace of Mind Around Your Law Firm's Data Security

Have you ever wondered why Amazon Web Services (AWS) is so focused on security? When you visit their compliance page, they have nearly every privacy and security badge available, noted with the global standards highlighted below:

Topics: cybersecurity, SOC 1 Audit, securing your data, SOC for Cybersecurity, Cyber Assurance Insights, Cyber SOC, Compliance

Jan 1, 2021 9:30:00 AM

OCR Proposed Changes to HIPAA Privacy Rule Part 1

Introduction In January 2021, the Office of Civil Rights (OCR) published its proposed Modifications to the HIPAA Privacy Rule to Empower Individuals, Improve Coordinated Care, and Reduce Regulatory Burdens, and opened for public comment until March 22, 2021. As of March 9, 2021, this comment period has been extended to May 6, 2021.

Jan 1, 2021 9:28:00 AM

OCR Proposed Changes to HIPAA Privacy Rule Part 2

Introduction   In January 2021, the Office of Civil Rights (OCR) published its proposed Modifications to the HIPAA Privacy Rule to Empower Individuals, Improve Coordinated Care, and Reduce Regulatory Burdens, and opened for public comment until March 22, 2021. As of March 9, 2021, this comment period has been extended to May 6, 2021. In Part 1 of our blog, we highlighted the first 4 of the proposed eight (8) changes and how these may impact providers. Today, we’ll go over the remainder.

Topics: HITECH, HIPAA