Risk management, compliance, and security are a shared burden between your organization and your vendors. Standards such as NIST (Publication 500-292) and regulations like HIPAA and PCI-DSS provide considerations for compliance and security but do not account for the nuances of your unique business or your infrastructure. To make matters more complicated, guidelines are written as though one party is responsible …
6 Tips to Go Beyond Compliance for Effective Data Security
Is maintaining regulatory compliance enough? Experts recommend going beyond the basics of compliance and implementing data security best practices.
What is a Virtual Private Cloud and Why Should I Care?
Keeping your personal information separate from the public cloud or a private cloud for a business means you will need a virtual private cloud. How do you get one?
Data Risk in the Third-Party Ecosystem [Research]
The Ponemon Study: Data Risk in the Third-Party Ecosystem reveals a profound lack of confidence in third-party suppliers, security policies, and procedures.
How Shadow IT Can Threaten Compliance
In an effort to be more productive and connected, employees are taking it upon themselves to seek technology solutions that fit their workplace needs, and as a result, are inadvertently creating serious challenges for their IT teams. The number of employees bringing personal mobile devices into the workplace and using them as business devices has exploded; the number of people …
HIPAA Security and Awareness Training: An Integral Part of the Compliance Strategy
When it comes to implementing a robust security protocol, employee training is one of the most critical—and often overlooked—aspects of a solid plan. Security and awareness training is also an integral part of HIPAA compliance. But, according to a recent HealthITSecurity.com review of NueMD’s 2016 HIPAA Survey Update: “Healthcare organizations are also falling behind on annual HIPAA training. Currently, 58 …