Receive articles and resources from the information risk management experts at FoxPointe.
What is Phishing? Phishing is defined as a form of social engineering that use email or malicious websites to solicit personal information by posing as a trustworthy organization. When users respond with the requested information, attackers can use it to gain access to the accounts. Phishing is often in the...
Information Security Complacency My career has taken me through a winding road of many areas including finance, manufacturing, education, and, today, information security. My career has included 24 years in the manufacturing world, where I managed many risks including employee theft (check kiting and manipulation) and mail fraud (vendor checks...
Data Security Our workplaces have become more mobile than ever before, largely due to advancements in technology being used by businesses for communication and collaboration. The circumstances related to the COVID-19 pandemic have expedited this movement by forcing most businesses and organizations out of their offices and into remote work...
Stopping Ransomware In today’s world of everchanging technology, the fastest growing method of cyber-attacks is Ransomware. “Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable, and malicious actors then demand ransom in exchange for decryption.”...
“Data is the new oil.” We have heard that frequently over the years. It’s usually in the context of being a business driver. That is still true, however, it is also lurative for those who want to hijack your data via ransomware. In the early days of ransomware, it would...
HITRUST Is your organization involved in HITRUST or looking to take that path in the near future? If so, there are some important changes to be aware of that may change your timeline and approach. Throughout each year, HITRUST releases Advisories as needed, in one of two categories: Assurance Change...
SOC 2 + HITRUST CSF Report Based on the Verizon Data Breach Investigations Report of 2021, healthcare and outsourced service providers continue to be two of the most popular targets for cyber criminals. The most common attacks occur through human error, basic web application attacks, and system intrusion. In order...
What is a SOC 1 Report A SOC 1 report, also known as the Statement on Standards for Attestation Engagements (SSAE) 18, focuses on a service organization’s controls that are likely to be relevant to an audit of a user entity’s (customer’s) financial statements. SOC 1 reports cover a service...
Cybersecurity Regulations Since the regulation came into effect in March 2019, the New York State Department of Financial Services (DFS) continues to strengthen the way that it enforces the Cybersecurity Regulation 23 NYCRR Part 500. With 23 distinct sections of the regulation, DFS requires a comprehensive cybersecurity program for “Covered...
As you were enjoying a cup of coffee the morning of December 18, 2020, you might have been arranging your Holiday plans or ordering a last-minute gift for a loved one. Or, perhaps, you’re part of the banking industry, and as part of your morning routine, you peruse various news...
In this day and age, the risk of cybersecurity threats is becoming a concerning topic for organizations. Reducing the risk of data breach has become a top priority for many businesses. When it comes to minimizing risk, an often-overlooked area is third-party risk. Many organizations include an initial vetting process...
On April 2, 2021, it was confirmed that a malicious user published the phone numbers and personal data of hundreds of millions of Facebook users for free online. The information, spanning from users across the globe, includes phone numbers, user IDs, full names, locations, birthdates, and some email addresses. A...
