Nov 17, 2021 8:16:00 AM

Top 5 Tips for Secure Holiday Shopping

The holiday season is once again upon us. While there has been much discussion of supply shortages, shipping delays, and inflation, we are here to keep cybersecurity top of mind as you seek out the perfect presents for your loved ones this season. According to the FBI, thousands of Americans fall victim to holiday scams every year, robbing individuals of money and personal information. The Internet Crime Complaint Center (IC3) reported almost $129,000 in credit card fraud losses and approximately $265,000 in non-payment/non-delivery losses in 2020. The following tips will help you stay safe while checking off all the gifts on your list:  

Topics: cybersecurity, Vulnerabilities

Nov 11, 2021 7:00:00 AM

CMMC 2.0 - Major Changes for Contractors

Earlier this week, the Department of Defense and CMMC Accreditation Body released proposed changes to the CMMC implementation following a six-month review aimed at clarifying the standard, lowering the financial burden of compliance, and improving the program’s scalability. The overarching theme of the proposed changes is simplification. So, what’s new?  

Topics: cybersecurity, Vulnerabilities, CMMC

Oct 27, 2021 7:00:00 AM

Prioritizing Cybersecurity in a Hybrid Workplace

In this day and age, employees are more connected than ever. The hybrid workplace is here to stay, and for employees, this means relying on connected devices from their home office setups. According to recent data, smart home systems are set to rise to a market value of $157 billion by 2023, and the number of installed connected devices in the home is expected to rise by a staggering 70% by 2025. In this new normal where smart devices and consequently online safety are a must, here are some tips for securing those devices.  

Topics: cybersecurity, cybersecurity awareness month, Vulnerabilities, remote workforce

Oct 21, 2021 8:20:00 AM

#CyberCareerWeek: HORNE Cyber's Women in Tech

In honor of Cyber Career Awareness Week, HORNE Cyber is proud to introduce a few of our women in tech. Our team shares advice and encouragement for those aspiring to join the cyber field. In this blog, our team discusses why they went into cybersecurity, what they enjoy most about their job, who inspires them in this field, and provide advice for young women interested in pursuing a career in cybersecurity.

Topics: cybersecurity, password security, securing your data, Vulnerabilities

Oct 20, 2021 10:40:00 AM

Why You Should Consider a Cyber Career

Cybersecurity is a rapidly developing field with new threats and challenges appearing every day. To stay ahead of active threats, both business and education sectors are putting forth a concerted effort to recruit individuals toward a degree and career in cyber.   Interested in joining this exciting new workforce? Here are four reasons why pursuing a degree and career in cyber could be right for you.  

Topics: cybersecurity, cybersecurity awareness month, Vulnerabilities, remote workforce

Oct 15, 2021 8:13:46 AM

Fight the Phish with Brad Pierce | HORNE Cyber

This week, we sat down with our Director of Security Operations, Brad Pierce, to get his thoughts on phishing attacks. Below we discuss best practices to fight the phish, phishing trends, why phishing is so lucrative and what to do if you have been caught in a phishing attack.

Topics: cybersecurity, password security, securing your data, Vulnerabilities

Oct 13, 2021 7:15:55 AM

3 Fundamentals for Shoring Up Phishing Defenses

From ransomware to SolarWinds, the cybersecurity space has been as fast-paced as it has ever been over the last 12-24 months. However, for all of the emerging threats and news that are cropping up on the horizon, phishing -- one of the oldest pain points in cybersecurity -- is continuing to quietly wreak havoc and is as big of a threat as it has ever been.    Phishing has been a mainstay in the cybersecurity threat landscape for decades. In fact, 43 percent of cyberattacks in 2020 featured phishing or pre-texting, while 74 percent of US organizations experienced a successful phishing attack last year alone. That means that phishing is one of the most dangerous “action varieties” to an organization’s cybersecurity health. As a result, the need for proper anti-phishing hygiene, a culture of awareness, and best practices is an absolute must.    With that in mind, here are a few quick best practices and tips for dealing with phishing threats:  

Topics: cybersecurity, password security, securing your data, Vulnerabilities, Phishing

Oct 7, 2021 7:00:00 AM

Cyber Basics with Mike Skinner

This week, we sat down with our managing partner, Mike Skinner, to get his opinion on basic cyber hygiene when it comes to protecting yourself while on the internet. Below we discuss password best practices, most commonly seen mistakes, the importance of VPN, and why MFA matters.

Topics: cybersecurity, password security, securing your data, Vulnerabilities

Oct 6, 2021 7:30:00 AM

Get Familiar with the Cyber Basics

At a time when we are more connected than ever, being “cyber smart” is of the utmost importance. This year has already seen more than a fair share of attacks and breaches, including the SolarWinds and Kaseya breaches as well as high-profile attacks on the Colonial Pipeline and other critical infrastructure. Furthermore, as has been underlined by these recent breaches, cyberattacks are becoming more sophisticated with increasingly evolved bad actors. Luckily, there are several steps that we can take on a daily basis to mitigate risks. Here are a few quick tips:

Topics: cybersecurity, password security, securing your data, Vulnerabilities

Sep 16, 2021 12:15:00 PM

How Do You Manage Ransomware Risk?

Ransomware has become an all-too-common occurrence in today's digital world. With threat actors constantly evolving their tactics and developing new threats, protecting your organization against ransomware attacks can be difficult. However, following these 5 best practices can minimize your risk:

Topics: cybersecurity, password security, securing your data, Vulnerabilities

Sep 9, 2021 9:29:26 AM

What to Know About Cybersecurity For Your Home & Family

Internet is an integral aspect of modern life. One that has brought us many conveniences and transformed businesses and human connection. However, this world of connection has brought many challenges and risks to our doorstep. Over the last year and a half, we have seen our homes become centers not only for leisure online activities such as social media, personal banking, gaming, and TV streaming, but also virtual schools and offices. Below, we share a few of our go-to best practices for upping your family’s cybersecurity awareness and protection.  

Topics: cybersecurity, password security, securing your data, Vulnerabilities

Aug 25, 2021 7:30:00 AM

What is the number one way to prevent shadow IT?

Shadow IT continues to be prevalent in many organizations, bringing unknown and unmitigated risks into your environment. Several factors have accelerated the presence of shadow IT in recent years, such as bring your own device policies, the increased need within business units to have flexibility to affect outcomes, tension between IT/GRC stakeholders and other operating areas, an exponential reliance on employee devices and remote work due to the COVID-19 pandemic.

Topics: IT administration, information security

Jul 28, 2021 7:30:00 AM

Web Application Security 101

  What is a Web Application Pen Test? In today's interconnected business world, web applications (web apps) are indispensable. Whether they are a client portal or online shopping site, attackers can compromise web apps, impair business function, and steal sensitive data if they are not adequately tested and secured by your organization. Fortunately, these vulnerabilities can be mitigated through proper cyber hygiene and integrating penetration testing into the web app development lifecycle.   

Topics: data security, cybersecurity, Vulnerabilities

May 13, 2021 8:37:22 AM

Impact and Mitigation of the KRACK WiFi Vulnerability

A vulnerability has been disclosed in the most popular and recommended security protocol for WiFi networks: WPA2. The weaknesses, discovered and documented by Mathy Vanhoef, may change the way your organization uses wireless until vendor patches are available. The purpose of this post is to discuss the potential impact on your organization and discuss how you can layer security around protocol weaknesses such as this one.

Topics: Attack Surface

May 13, 2021 8:37:01 AM

Is Your Google Chrome Browser Up-to-Date?

Late last week, Google announced an urgent Google Chrome browser update (78.0.3904.87) for Windows, Mac, and Linux platforms. The update includes security fixes for two identified vulnerabilities within the current Chrome browser. Very little information about the two vulnerabilities has been released at this time; however, Google noted that one of the exploits is actively being exploited “in the wild”.

Topics: cybersecurity

May 12, 2021 9:10:06 AM

Conducting Regular HIPAA Security Risk Analyses is Critical

Clients frequently ask the question, “How often should I perform a security risk analysis as a covered entity under HIPAA?” While the HIPAA security rule does not require a security risk assessment to be performed within a certain timeframe, it does state that the risk analysis process should be ongoing and continuous. Similarly, the Quality Payment Program (for covered entities accepting Medicare) does evaluate if an organization has performed a security risk analysis within a 12 month period (January through December) as a required measure.

Jan 1, 2021 4:30:00 PM

Why "I'm Just Not Technical" is No Longer an Excuse in the C-Suite

I cannot tell you how many board presentations and meetings I have been in and heard "I am just not technical". Not being “tech savvy” is no longer a valid excuse to not understanding the threats your organization faces and what needs to be done to provide protection. If you are in the budgeting, decision making or approval process of technology in your organization, you have no choice.

Jan 1, 2021 4:21:00 PM

Don't Let Cyber Risk Derail Your M&A Deal

Headlines around hacking and data breaches have become a regular occurrence over the last few years. When a business loses the trust of its customers, it can be nearly impossible to win it back. Cybersecurity, or the lack thereof, can famously destroy existing companies, but could it also be killing future business deals?

Topics: risk management, cybersecurity

Jan 1, 2021 4:03:00 PM

XaaS, Part 2: Infrastructure as a Service (IaaS)

Getting Started with IaaS As a businessperson, deciding whether to deploy an aspect of your business to the cloud can be an ordeal, especially if cloud computing discussions are not a standard part of your workday. In XaaS Part 1, we defined cloud computing, the three standard cloud services models, and four cloud computing architectures. 

Topics: Cyber Assurance Insights

Jan 1, 2021 4:01:00 PM

What would you do with a million dollars in a pandemic?

Over the past few months I’ve worked with multiple teams at HORNE as we’ve assisted State and Local Governments determine how to spend the funds provided to them through the Coronavirus Relief Fund (“CRF”) that was a result of the CARES act, which appropriated $150 billion to the fund to be directed to U.S. State, Local, Territorial, and Tribal governments.

Topics: COVID 19

Jan 1, 2021 3:59:00 PM

3 Simple Ways to Test Your Business Continuity Disaster Recovery Plan

There are numerous resources that provide the means for developing a business continuity plan. These include the achievement of such activities as team formation, business impact analysis, evaluation of legal and regulatory requirements, etc. This is not one of those.

Topics: cybersecurity awareness month

Jan 1, 2021 3:56:00 PM

Pt. 5: 7 Tips for Achieving CMMC Level 4 Readiness

In our previous blog, we discussed the purpose of Level 3 and the requirements that potential contractors will need to meet to achieve Level 3 readiness. As we continue along the maturity model to Level 4, we will provide *Readiness Notes* to point out potential roadblocks for achieving Cybersecurity Maturity Model Certification (CMMC) Level 4 readiness.

Topics: CMMC

Jan 1, 2021 3:54:00 PM

Pt. 6: A Readiness Roadmap to the CMMC Level 5

In our previous blog, we discussed the purpose of Level 4 and the requirements that potential contractors will need to meet for Level 4. As we continue along the maturity model to the final level, we will provide *Readiness Notes* to point out potential roadblocks for achieving Cybersecurity Maturity Model Certification (CMMC) Level 5 readiness.

Topics: CMMC

Jan 1, 2021 10:45:00 AM

COVID-19 Impacts on HIPAA: Maintaining Security and Privacy for Your Organization

COVID-19 has changed the HIPAA landscape in the short term, and  some of these changes will undoubtedly echo long after the pandemic has ended. We’ve summarized the latest changes and how you can maintain the security goals for your organization and stay in compliance.

Topics: HIPAA, COVID 19

Jan 1, 2021 10:40:00 AM

Cloud Computing & Risk Management: A Review of the FFIEC's Recent Statement

Out of sight out of mind feels pretty good, doesn’t it? Especially with not only is it out of sight, it is off the ground. Your organization’s data is so far out of reach not only does it feel like you can’t get to it, but there’s an illusion that no one else can either.

Topics: risk management, the cloud