FoxPointe Security Hub

This blog was written and produced by Courtney Nist, Senior Security Consultant CHQP, CCSFP, at FoxPointe Solutions. Looking to get in touch with Courtney? Reach out today: Courtney Nist cnist@foxpointesolutions.com. Based on the Verizon Data Breach Investigations Report of 2021, healthcare and…

What is a SOC 1 Report A SOC 1 report, also known as the Statement on Standards for Attestation Engagements (SSAE) 18, focuses on a service organization’s controls that are likely to be relevant to an audit of a user entity’s (customer’s) financial statements. SOC 1 reports cover a…

Since the regulation came into effect in March 2019, the New York State Department of Financial Services (DFS) continues to strengthen the way that it enforces the Cybersecurity Regulation 23 NYCRR Part 500. With 23 distinct sections of the regulation, DFS requires a comprehensive cybersecurity…

As you were enjoying a cup of coffee the morning of December 18, 2020, you might have been arranging your Holiday plans or ordering a last-minute gift for a loved one. Or, perhaps, you’re part of the banking industry, and as part of your morning routine, you peruse various news outlets and…

In this day and age, the risk of cybersecurity threats is becoming a concerning topic for organizations. Reducing the risk of data breach has become a top priority for many businesses. When it comes to minimizing risk, an often-overlooked area is third-party risk. Many organizations include an…

On April 2, 2021, it was confirmed that a malicious user published the phone numbers and personal data of hundreds of millions of Facebook users for free online. The information, spanning from users across the globe, includes phone numbers, user IDs, full names, locations, birthdates, and some email…

An updated cybersecurity law that the IT organization (along with other college/university departments) will need to continue to integrate into its compliance programs, policies, and controls is the recent changes to New York’s General Business Law 899-aa and 899-bb (aka SHIELD Act). The…

The year 2020 will be forever remembered for the impacts of how the global pandemic forced the adoption of innovative production, logistics, and workforce solutions. Many best practices emerged from the experiences of COVID-19, we continue to learn that these new methods can pay significant…

In our increasingly digital world, individual’s personal information resides on hundreds, if not thousands, of servers across the globe resulting in a huge rise in identity theft. Defined as “the crime of obtaining the personal or financial information of another person to use their…

With many still reeling from the aftermath of the SolarWinds hack, enough dust has settled that we’ve started to ask the important questions: How did this happen? What can we do to prevent this in the future? And will it happen again? The good news is that this cyber attack is incredibly…

This post originally appeared on Security Magazine. Ensuring the confidentiality, integrity, and availability of information must be at the forefront of any business in today’s environment. While many think they are up to this task, there’s a lot that goes into protecting data.…

The Department of Homeland Security has issued this emergency directive. “DHS DIRECTIVE 21-01 - Treat all hosts monitored by the SolarWinds Orion monitoring software as compromised by threat actors and assume that further persistence mechanisms have been deployed." Visit the DHS Website and…

FoxPointe Solutions has been closely following the major data breach that was recently announced involving Cit0day, as well as the subsequent analyses to accurately identify the true risk levels that could be associated with it. Following the emergence of updated forensic reports, it has been…

Like almost every organization doing business in 2020, HITRUST® has had to adopt some changes due to the COVID-19 Pandemic. As the year progressed and we were able to see the long-term impact that COVID-19 has caused, we began to see changes in guidelines and options for HITRUST-related…

Credible information regarding a well-known Russian cybercriminal organization plotting a mass ransomware attack across the United States healthcare industry led officials from the Federal Bureau of Investigation and the Department of Homeland Security to formally warn industry executives of the…

From the nation’s shift to a remotely working culture to the upcoming elections we must maintain our awareness to the importance of Information Security. So far in 2020, there are many significant breaches that remind us of the importance of remaining information security aware and protective…

In 2020, protecting an organization from cyber-attacks means that you need a plan to combat ransomware. Ransomware infections can be expensive, and costs can encompass more than just financial decisions. Paying a ransom to retrieve encrypted data is never an ideal situation and the cost to do so is…

Every October since 2004 marks National Cybersecurity Awareness Month. This month raises awareness about the importance of cybersecurity and how to protect yourself from cybercrime. Reduce Your Cyber Risk Below are the top 5 things you can do to safeguard yourself: Do not ignore operating system or…

Phish - SpearPhish now VISH! DON’T GET HOOKED Now is the time to reassess your cybersecurity program and your Computer Security Incident Response Program (CSIRP). The alert below from the FBI and CISA details the VISH risk, but it is up to you to get protected! As always – please let us…

As was originally reported by the technology website Ars Technica and by several Albany, NY-based business and news publications such as Times Union, an Albany-based accounting firm recently suffered a ransomware attack most likely from the ransomware ring known as Maze. Maze and other ransomware…