Recent Posts

Oct 21, 2021 8:20:00 AM

#CyberCareerWeek: HORNE Cyber's Women in Tech

In honor of Cyber Career Awareness Week, HORNE Cyber is proud to introduce a few of our women in tech. Our team shares advice and encouragement for those aspiring to join the cyber field. In this blog, our team discusses why they went into cybersecurity, what they enjoy most about their job, who inspires them in this field, and provide advice for young women interested in pursuing a career in cybersecurity.

Topics: cybersecurity, password security, securing your data, Vulnerabilities

Oct 20, 2021 10:40:00 AM

Why You Should Consider a Cyber Career

Cybersecurity is a rapidly developing field with new threats and challenges appearing every day. To stay ahead of active threats, both business and education sectors are putting forth a concerted effort to recruit individuals toward a degree and career in cyber.   Interested in joining this exciting new workforce? Here are four reasons why pursuing a degree and career in cyber could be right for you.  

Topics: cybersecurity, cybersecurity awareness month, Vulnerabilities, remote workforce

Oct 13, 2021 7:15:55 AM

3 Fundamentals for Shoring Up Phishing Defenses

From ransomware to SolarWinds, the cybersecurity space has been as fast-paced as it has ever been over the last 12-24 months. However, for all of the emerging threats and news that are cropping up on the horizon, phishing -- one of the oldest pain points in cybersecurity -- is continuing to quietly wreak havoc and is as big of a threat as it has ever been.    Phishing has been a mainstay in the cybersecurity threat landscape for decades. In fact, 43 percent of cyberattacks in 2020 featured phishing or pre-texting, while 74 percent of US organizations experienced a successful phishing attack last year alone. That means that phishing is one of the most dangerous “action varieties” to an organization’s cybersecurity health. As a result, the need for proper anti-phishing hygiene, a culture of awareness, and best practices is an absolute must.    With that in mind, here are a few quick best practices and tips for dealing with phishing threats:  

Topics: cybersecurity, password security, securing your data, Vulnerabilities, Phishing

Oct 6, 2021 7:30:00 AM

Get Familiar with the Cyber Basics

At a time when we are more connected than ever, being “cyber smart” is of the utmost importance. This year has already seen more than a fair share of attacks and breaches, including the SolarWinds and Kaseya breaches as well as high-profile attacks on the Colonial Pipeline and other critical infrastructure. Furthermore, as has been underlined by these recent breaches, cyberattacks are becoming more sophisticated with increasingly evolved bad actors. Luckily, there are several steps that we can take on a daily basis to mitigate risks. Here are a few quick tips:

Topics: cybersecurity, password security, securing your data, Vulnerabilities

May 13, 2021 8:37:22 AM

Impact and Mitigation of the KRACK WiFi Vulnerability

A vulnerability has been disclosed in the most popular and recommended security protocol for WiFi networks: WPA2. The weaknesses, discovered and documented by Mathy Vanhoef, may change the way your organization uses wireless until vendor patches are available. The purpose of this post is to discuss the potential impact on your organization and discuss how you can layer security around protocol weaknesses such as this one.

Topics: Attack Surface

May 13, 2021 8:37:01 AM

Is Your Google Chrome Browser Up-to-Date?

Late last week, Google announced an urgent Google Chrome browser update (78.0.3904.87) for Windows, Mac, and Linux platforms. The update includes security fixes for two identified vulnerabilities within the current Chrome browser. Very little information about the two vulnerabilities has been released at this time; however, Google noted that one of the exploits is actively being exploited “in the wild”.

Topics: cybersecurity

May 12, 2021 9:10:06 AM

Conducting Regular HIPAA Security Risk Analyses is Critical

Clients frequently ask the question, “How often should I perform a security risk analysis as a covered entity under HIPAA?” While the HIPAA security rule does not require a security risk assessment to be performed within a certain timeframe, it does state that the risk analysis process should be ongoing and continuous. Similarly, the Quality Payment Program (for covered entities accepting Medicare) does evaluate if an organization has performed a security risk analysis within a 12 month period (January through December) as a required measure.

Jan 1, 2021 4:30:00 PM

Why "I'm Just Not Technical" is No Longer an Excuse in the C-Suite

I cannot tell you how many board presentations and meetings I have been in and heard "I am just not technical". Not being “tech savvy” is no longer a valid excuse to not understanding the threats your organization faces and what needs to be done to provide protection. If you are in the budgeting, decision making or approval process of technology in your organization, you have no choice.

Jan 1, 2021 4:21:00 PM

Don't Let Cyber Risk Derail Your M&A Deal

Headlines around hacking and data breaches have become a regular occurrence over the last few years. When a business loses the trust of its customers, it can be nearly impossible to win it back. Cybersecurity, or the lack thereof, can famously destroy existing companies, but could it also be killing future business deals?

Topics: risk management, cybersecurity

Jan 1, 2021 4:03:00 PM

XaaS, Part 2: Infrastructure as a Service (IaaS)

Getting Started with IaaS As a businessperson, deciding whether to deploy an aspect of your business to the cloud can be an ordeal, especially if cloud computing discussions are not a standard part of your workday. In XaaS Part 1, we defined cloud computing, the three standard cloud services models, and four cloud computing architectures. 

Topics: Cyber Assurance Insights

Jan 1, 2021 4:01:00 PM

What would you do with a million dollars in a pandemic?

Over the past few months I’ve worked with multiple teams at HORNE as we’ve assisted State and Local Governments determine how to spend the funds provided to them through the Coronavirus Relief Fund (“CRF”) that was a result of the CARES act, which appropriated $150 billion to the fund to be directed to U.S. State, Local, Territorial, and Tribal governments.

Topics: COVID 19

Jan 1, 2021 3:59:00 PM

3 Simple Ways to Test Your Business Continuity Disaster Recovery Plan

There are numerous resources that provide the means for developing a business continuity plan. These include the achievement of such activities as team formation, business impact analysis, evaluation of legal and regulatory requirements, etc. This is not one of those.

Topics: cybersecurity awareness month

Jan 1, 2021 3:56:00 PM

Pt. 5: 7 Tips for Achieving CMMC Level 4 Readiness

In our previous blog, we discussed the purpose of Level 3 and the requirements that potential contractors will need to meet to achieve Level 3 readiness. As we continue along the maturity model to Level 4, we will provide *Readiness Notes* to point out potential roadblocks for achieving Cybersecurity Maturity Model Certification (CMMC) Level 4 readiness.

Topics: CMMC

Jan 1, 2021 3:54:00 PM

Pt. 6: A Readiness Roadmap to the CMMC Level 5

In our previous blog, we discussed the purpose of Level 4 and the requirements that potential contractors will need to meet for Level 4. As we continue along the maturity model to the final level, we will provide *Readiness Notes* to point out potential roadblocks for achieving Cybersecurity Maturity Model Certification (CMMC) Level 5 readiness.

Topics: CMMC

Jan 1, 2021 10:40:00 AM

Cloud Computing & Risk Management: A Review of the FFIEC's Recent Statement

Out of sight out of mind feels pretty good, doesn’t it? Especially with not only is it out of sight, it is off the ground. Your organization’s data is so far out of reach not only does it feel like you can’t get to it, but there’s an illusion that no one else can either.

Topics: risk management, the cloud

Jan 1, 2021 10:23:00 AM

A Tactical Crisis Response to Healthcare Cybersecurity

Introduction In May the Health Sector Coordinating Council (HSCC) and the Health Information Sharing and Analysis Center (H-ISAC) collectively created a tactical guide for how healthcare organizations can manage their cybersecurity threats during a crisis like COVID-19. During a crisis, the way your company works, specifically your technology and processes, can change dramatically. These changes create new attack surfaces and vulnerabilities.

Topics: COVID 19

Jan 1, 2021 10:11:00 AM

6 Steps to NIST 800-171 Compliance

NIST 800-171 provides a framework for the protection of controlled, unclassified information (CUI). The framework is intended to provide guidance for nonfederal entities working with and accessing the data of federal entities. However, NIST 800-171 serves as a best practice for controls for privacy and security for many types of unclassified data.

Topics: Cyber Assurance Insights, IT GRC, Cyber GRC, Cyber Regulations, Compliance, NIST 800-171

Jan 1, 2021 9:54:00 AM

Providing Peace of Mind Around Your Law Firm's Data Security

Have you ever wondered why Amazon Web Services (AWS) is so focused on security? When you visit their compliance page, they have nearly every privacy and security badge available, noted with the global standards highlighted below:

Topics: cybersecurity, SOC 1 Audit, securing your data, SOC for Cybersecurity, Cyber Assurance Insights, Cyber SOC, Compliance

Apr 13, 2020 6:00:00 AM

COVID-19 and Maintaining the Integrity of Your Information Security Policy

Remote Work and Information Security Policy Exceptions   There is a well-known metric included in risk assessments known as the Annualized Rate of Occurrence, or ARO. Risk events have varying AROs depending on the frequency with which they are expected to occur. Many risk events have AROs that are so low, meaning that the event is so unlikely to occur, that an organization may not have a formal, documented policy or procedure (such as Pandemic Response) that describes how the organization will react or account for the impact of such an event.

Topics: risk management, COVID 19

Apr 10, 2020 8:00:00 AM

5 Policies Critical for Maintaining Security Standards During Pandemic

As businesses continue to work from home in an effort to flatten the curve during the COVID-19 pandemic, it is critical to have effective policies in place. More importantly, your employees should be trained in said policies and be following them accordingly, both in and out of the office. Policies are only as good as your employees’ behavior - strong security hygiene at the user-level helps responsibly manage security risk.

Topics: Cyber Assurance Insights

Apr 7, 2020 6:00:00 AM

5 Tips for Securing a Remote Workforce

As the COVID-19 pandemic continues, a new global remote workforce has emerged in an effort to help flatten the curve. As organizations make this necessary transition, changes to infrastructure to support remote workers may create unprecedented risks and vulnerabilities.

Topics: remote workforce

Apr 2, 2020 6:30:00 AM

Pt. 4: 6 Pitfalls to Avoid in CMMC Level 3

In our previous blog, we discussed the purpose of Level 2 and the requirements that potential contractors will need to meet to achieve readiness for Level 2. As we build upon Level 2 and progress to Level 3, we will provide *Readiness Notes* to highlight potential roadblocks for achieving Cybersecurity Maturity Model Certification (CMMC) Level 3 readiness.

Topics: CMMC

Mar 26, 2020 6:30:00 AM

Pt. 3: Level 2, A Readiness Roadmap to the Cybersecurity Maturity Model Certification

In our previous blog, we discussed the purpose of the Cybersecurity Maturity Model Certification (CMMC) and the requirements potential contractors will need to meet to achieve compliance with Level 1. As we progress to Level 2, we will provide *Readiness Notes* to highlight potential roadblocks for achieving CMMC Level 2 readiness.

Topics: CMMC

Mar 12, 2020 6:00:00 AM

Pt. 2: Level 1, A Readiness Roadmap to the Cybersecurity Maturity Model Certification

In our previous blog, we discussed what it is going to take to achieve readiness for the Cybersecurity Maturity Model Certification (CMMC).

Topics: Cyber Assurance Insights

Mar 4, 2020 6:00:00 AM

A Readiness Roadmap to the Cybersecurity Maturity Model Certification

In our previous blog, we discussed the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S))’s upcoming roll out of approximately 10 large contracts which will require contractors to meet Cybersecurity Maturity Model Certification (CMMC) standards in 2020.

Topics: CMMC