In the ever-changing ecosystems that organizations operate in, business needs can change as rapidly as the weather. It’s abundantly clear that organizations must be agile so they can adapt and react to the business storms on the horizon. Budgetary constraints and increased transaction velocity…

Brandon Agostinelli – September 12, 2022 Within the healthcare industry, there is a variety of environments that utilize many different types of medical devices to deliver services to patients. As reliance on technology within the healthcare industry continues to grow, an increase in…

On September 15, 2022, WebMD, a credible medical news source, issued a statement that the end of the COVID-19 pandemic is approaching.  The WebMD news brief noted that the World Health Organization reported COVID-19 deaths dropping to their lowest count since March 2020.  With the world…

Every October since 2004 marks National Cybersecurity Awareness Month. This month raises awareness about the importance of cybersecurity and how to protect yourself from cybercrime. Use multi-factor authentication wherever possible. Traditional authentication requires an ID and password,…

This article was written by Brendan Horton, Security Analyst at The Bonadio Group Small or large, it is not uncommon to hear about a new sophisticated attack carried out on an organization.  In the era of digital change, it is no surprise that threat actors have begun exploiting new…

New York State Department of Financial Services (NYSDFS) has proposed several changes to the existing 23 NYCRR Part 500 – Cybersecurity Requirements for Financial Services Companies (the Cybersecurity Regulation or Part 500). They include items such as: Classification of “Class A”…

Cyberattacks and data security breaches continue to grow at a record pace year after year.  According to recent surveys, over 60% of cybersecurity professionals saw an increase in cyberattacks and security breaches related to the pandemic. In order to defend against these attacks, businesses…

This article was written by Chris Salone, CISA, CCSFP, MBA In the final quarter of 2021, the Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System, and the Office of the Comptroller of the Currency (the agencies), issued a rule requiring any FDIC insured…

  February 24, 2022, Russia began its large-scale military invasion of Ukraine, one of its neighboring countries. Many international organizations, like Apple and Volkswagen, have taken a stance by applying sanctions against Russia in hopes of encouraging Russia’s President, Vladimir…

The Bonadio Group and their cybersecurity division FoxPointe Solutions highly recommends and encourages that our customers invest in an ongoing compliance solution that can help support its company’s internal controls and compliance requirements before an internal audit is performed by an…

Phishing is defined as a form of social engineering that use email or malicious websites to solicit personal information by posing as a trustworthy organization. When users respond with the requested information, attackers can use it to gain access to the accounts. Phishing is often in the news,…

Stopping Ransomware In today’s world of everchanging technology, the fastest growing method of cyber-attacks is Ransomware.  “Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable, and malicious actors…

This blog was written and produced by Nick Cozzolino, CISSP, Director of Information Security at The Bonadio Group. FoxPointe Solutions is The Bonadio Group's dedicated cybersecurity division. Looking to get in touch with Nick? Reach out today: Nick Cozzolino ncozzolino@bonadio.com. “Data is…

This blog was written and produced by Courtney Nist, Senior Security Consultant CHQP, CCSFP, at FoxPointe Solutions. Looking to get in touch with Courtney? Reach out today: Courtney Nist cnist@foxpointesolutions.com. Based on the Verizon Data Breach Investigations Report of 2021, healthcare and…

What is a SOC 1 Report A SOC 1 report, also known as the Statement on Standards for Attestation Engagements (SSAE) 18, focuses on a service organization’s controls that are likely to be relevant to an audit of a user entity’s (customer’s) financial statements. SOC 1 reports cover a…

Since the regulation came into effect in March 2019, the New York State Department of Financial Services (DFS) continues to strengthen the way that it enforces the Cybersecurity Regulation 23 NYCRR Part 500. With 23 distinct sections of the regulation, DFS requires a comprehensive cybersecurity…

As you were enjoying a cup of coffee the morning of December 18, 2020, you might have been arranging your Holiday plans or ordering a last-minute gift for a loved one. Or, perhaps, you’re part of the banking industry, and as part of your morning routine, you peruse various news outlets and…

In this day and age, the risk of cybersecurity threats is becoming a concerning topic for organizations. Reducing the risk of data breach has become a top priority for many businesses. When it comes to minimizing risk, an often-overlooked area is third-party risk. Many organizations include an…

On April 2, 2021, it was confirmed that a malicious user published the phone numbers and personal data of hundreds of millions of Facebook users for free online. The information, spanning from users across the globe, includes phone numbers, user IDs, full names, locations, birthdates, and some email…

An updated cybersecurity law that the IT organization (along with other college/university departments) will need to continue to integrate into its compliance programs, policies, and controls is the recent changes to New York’s General Business Law 899-aa and 899-bb (aka SHIELD Act). The…