Today’s businesses are tech savvy enough to understand the importance of having a disaster recovery (DR) strategy as a part of their business continuity planning (BCP) process. It’s no longer a nice option to have—it’s a necessity. Could your business survive a disaster without the critical hardware and software, data, and systems it relies on to operate? For all organizations, …
Make Shadow IT a Part of Your Digital Transformation Strategy
Shadow IT defines any technical concerns that fall outside the realm of your organization’s standard technologies, such as software and devices. It is often implemented without company approval or subsequent control—but that doesn’t mean you should look the other way. Despite the concerns we’ve seen countless times over the past few years, shadow IT is becoming a bigger part of …
Cyber Incident Reporting Guidelines: What You Need to Know
Last summer, the White House took a significant step toward defining and coordinating a national response to the growing number of cyberattacks on government, businesses, and consumers—and it couldn’t have come at a better time. Last July, the Obama Administration released Presidential Policy Directive-41 on U.S. Cyber Incident Coordination Policy, which outlines how the government responds to significant cyber incidents. …
HIPAA and Encryption: The Best Practices
The number of data breaches in the healthcare industry is growing exponentially—and the breaches are becoming more severe. This phenomenon can be attributed to the increased black-market resale value for stolen medical records and personal health information (PHI), as well as the sophistication of cybercriminals. As a result of these risks—and of all the HIPAA penalties, legal costs, reputational damage, …
How Shadow IT Can Threaten Compliance
In an effort to be more productive and connected, employees are taking it upon themselves to seek technology solutions that fit their workplace needs, and as a result, are inadvertently creating serious challenges for their IT teams. The number of employees bringing personal mobile devices into the workplace and using them as business devices has exploded; the number of people …
What All Healthcare Companies Need to Know About HIPAA Compliance
Safeguarding protected health information is becoming more challenging every day—especially for companies operating in healthcare verticals who don’t always understand that compliance issues apply to them. Yet, under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, companies operating in a variety of healthcare verticals are categorized collectively as “Business Associates” (BAs) and, as such, are required …
Virtualization Security: The Line of Defense Your Cloud Needs
It used to be that companies used Clouds merely to back up their physical systems. Now, as many businesses are increasingly adopting Clouds and virtual machines (VMs) as an alternative to their physical infrastructure, the question remains: How to keep their virtual data, software, and systems secure? Just as technology is changing how and where we work, it is also …
Seven Common E-Commerce PCI Compliance Myths Explained
There are so many e-Commerce PCI Myths floating around that it’s easy to find the subject confusing. Here’s the reality: If your business accepts credit cards, your transactions must comply with the Payment Card Industry Data Security Standard (PCI DSS) – a set of standards that applies to any company that accepts, processes, stores or transmits credit card data. Whether …
Why Backup is Not Disaster Recovery
We often read the phrase “Backup and Disaster Recovery” as if the two things were inexorably linked. In a way, they are. But backup is not disaster recovery. And, while you can’t have disaster recovery (DR) without having backups—you can back up your data without having a DR plan in place. Although it might seem cheaper and easier, it’s is …
HIPAA Security and Awareness Training: An Integral Part of the Compliance Strategy
When it comes to implementing a robust security protocol, employee training is one of the most critical—and often overlooked—aspects of a solid plan. Security and awareness training is also an integral part of HIPAA compliance. But, according to a recent HealthITSecurity.com review of NueMD’s 2016 HIPAA Survey Update: “Healthcare organizations are also falling behind on annual HIPAA training. Currently, 58 …