Directive Blogs

The United States Federal Trade Commission’s mandate is to prevent fraud and promote consumer protection in today's interconnected world, where the digital landscape continues to evolve at a rapid pace. The FTC recognizes the importance of safeguarding consumer information and has implemented their Safeguards Rule as a means to ensure that businesses protect sensitive data from unauthorized access and misuse. Let’s take a look at the Safeguards Rule and what you need to know about it in regard to your business. 

Cybersecurity is important. Scroll through a few pages of our blog and you’ll see article after article talking about threats and ways to make yourself and your business less vulnerable to cyberthreats. As an IT professional, however, I’d be so much happier if the state of the world didn’t require such a massive effort just to protect oneself and we could just talk about cool stuff you can do with modern technology all the time!

But alas, strong cybersecurity is crucial to virtually any organization, and it’s becoming even more important by the month.

When I was a kid, there was a Tex Avery cartoon where Droopy Dog was chasing down a crook who escaped from jail. There was a particular scene where the crook (I think it was a wolf in a black-and-white striped jumpsuit) takes a bus, a plane, a ship, and a taxi to a secluded cabin, and then closes a series of increasingly complex doors with a large number of locks, in order to hide away from the pursuing cartoon basset hound. 

Of course, when he turns around, exhausted by all the effort he puts in, he realizes that Droopy is standing right behind him, and greets him with a monotone “hello.”

I haven’t seen this cartoon since I was 7 years old, but I almost always think about it when I am using multi-factor authentication. 

The Health Insurance Portability and Accountability Act is a regulation passed by the US congress in 1996 to help streamline the healthcare system while maintaining individual ePI privacy over individuals’ health records. This regulation was put in place to allow people to transfer their health coverage, but also to minimize the risk individuals take on as far as fraud and abuse of their health records is concerned. This week we’d thought we’d discuss four ways your technology can help your organization keep its HIPAA compliance. 

Cloud computing is a major growth industry as businesses and individuals look to use the computing strategy to either save money or get resources that they would typically not be able to commit to. With cloud computing becoming more and more integrated into business each year, it stands to reason that the once Wild West of cloud computing would start to see a lot more regulation. This week, we’ll take a look at how the cloud is regulated and what to expect out of cloud regulation down the road. 

Compliance is a critical element of many businesses’ requirements, with pretty severe penalties as a consequence if the prescribed standards are not met. Even more importantly, most compliance requirements and regulations are put in place for the welfare of not only the business, but its clientele as well. This makes it critical to know which apply to your business, and how to meet them fully.

Regardless of your industry, there are going to be certain regulatory standards that you will be responsible for upholding. Many of these standards will be related in some way to your cybersecurity. Let’s talk about some of these cybersecurity standards, and why compliance is so critical for your business.

With no unifying federal law that aims to protect data security, individual states—including our home state of New York—have had to take it upon themselves to create such privacy laws.

Here in the Empire State, that law is the SHIELD Act.

Not long ago, we shared some information about the New York SHIELD Act—Stop Hacks and Improve Electronic Data Security—and what it has changed in terms of business cybersecurity preparedness across the board. This time, we wanted to discuss all that we’ll do to ensure that your business remains compliant with this relatively new law.

Considering what today’s cyberthreat environment looks like, more and more rigorous cybersecurity is strictly needed. One means that businesses have to accomplish this is a cybersecurity practice known as a zero-trust model.

Let’s go over what zero-trust entails, and how to put it in place.

Some industries require more compliance than others, as they deal with sensitive data on a regular basis. In efforts to protect this data, governments and agencies have implemented laws, regulations, and other requirements to ensure businesses remain compliant with this expectation.

The cloud is a great opportunity for businesses to increase accessibility of data and enhance productivity, especially while remote, but for those who do not know how to approach it, the cloud can be intimidating. Today, we are going to make the case for a private cloud solution and why you should consider it as a viable option for your business, even if it does not seem like it at the moment. You might be surprised by what you learn!

There are now five bipartisan bills being considered in the United States House of Representatives, strictly intended to help put some checks on the power that today’s modern technology giants have. Let’s consider what these bills are, and why the current business environment has inspired them.

According to a survey conducted by Splunk and Enterprise Strategy Group, more business leaders intend to funnel funding into their cybersecurity—88 percent of respondents reporting a planned increase into their investments, 35 percent reporting that these boosts will be substantial. Let’s examine a few of the insights that this survey has revealed.

HIPAA—the Health Insurance Portability and Accountability Act—is a serious concern for all healthcare providers that operate within the United States, and for good reason! Since August 1996, HIPAA has mandated that these healthcare providers comply with various best practices. While HIPAA is relatively familiar to many people for assorted reasons, fewer know about HITRUST (the Health Information Trust Alliance) and how these acronyms ultimately cooperate with one another.

2020 was, obviously, a challenging year for healthcare providers. In addition to the obvious issue of the COVID-19 pandemic creating serious operational, financial, and supply chain difficulties, cybersecurity concerns didn’t go away during this time. Let’s consider some of the additional stresses that IT security needs can, will, and have placed on healthcare providers.

After decades of inadequate data protections, scores of regulations have been put in place to help protect the sensitive data businesses store. Industries, such as healthcare and financial services, are highly-regulated environments precisely because of the type of data they manage. Personal data is highly valuable to bad actors like hackers and other cybercriminals. We thought it would be a good time to talk about not mistakenly exposing this highly-coveted information to the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) has released an emergency directive concerning a critical exploit known as Zerologon, that affects servers running Windows Server operating systems that needs to get patched as soon as possible.

The days of the cash-only business are over. It doesn’t matter if your business is a multinational corporation or you cut grass for a living, accepting payment cards is not only convenient for your customers, most of the time it’s the most secure way to get paid. In an effort to protect the personal and financial information of consumers who have come to depend on their payment cards, the banks that back the credit card industry have developed a regulation that businesses who process cards need to adhere to. Today, we will go over this regulation and how it affects small and medium-sized businesses

Regardless of what industry a company is classified under, they all are responsible for upholding particular standards to ensure compliance with industry regulations. However, according to the 2016 State of Compliance survey, a shockingly high number of organizations were shown to be a bit fuzzy on their requirements.

Most companies have some sort of regulation they need to stay compliant to, and 2020 seems to be a landmark year. This year, companies have to deal with end-of-life upgrades, the development of new privacy laws, as well as the existing regulatory landscape. Let’s take a look at why compliance is important and what to expect in the year ahead.

When we write about Net Neutrality, we typically write about how it is designed to keep the telecommunications conglomerates, who make Internet service available to individuals on the Internet, honest when laying out their Internet service sales strategy. One way to put it is that without net neutrality in place, the Big Four (which are currently Comcast, Charter, Verizon, and AT&T) have complete control over the amount of Internet their customers can access.

Data loss can have lasting effects upon your business, usually measured in lost productivity and capital. In other words, data loss is often measured by the cost required to retrieve, restore, and/or repair its effects. Of course, this is only the beginning of how data loss can impact your operations.

As a business, your clients trust that you’re taking every measure possible to protect data, like personal information or financial records. However, with the number of businesses using electronic records continuing to climb, along with the rise of cybercrime attacks, many industries have begun to impose regulations and compliances that are designed to keep personal information secure. Health and finance are two of the most heavily regulated industries, with the government having stepped in and set a specific standard of data security regulations that these companies must comply with.

Compliance laws regarding the storage and dispersion of healthcare records were implemented with the intended purpose of urging healthcare providers to better take care of their patients’ personal information, but how effective are they? Unfortunately, there are many providers that have failed to meet the standards for the HIPAA and HITECH compliance laws, and it has brought a hefty price tag along with it.

One of the inevitabilities of working with the cloud is that you have to face a tough question; what kind of compliance requirements are there for cloud-based data? If you’re storing data for your business in a cloud-based environment, it becomes your responsibility to know where and how this data is stored--particularly if you’re not the one doing the actual cloud hosting. How do you maintain compliance when you seemingly have so little control over how your computing platform is managed and maintained?

If you think that working with the cloud doesn’t have risks, think again. It’s inevitable that you’ll face security compliance concerns when it comes to your cloud-based data. If your organization has data stored in a cloud-based environment, you’ll want to pay particularly close attention to how compliance laws affect the way that you access and store this information. How can you make sure that your cloud-based data isn’t in violation of some cloud compliance laws?

American healthcare organizations must store and exchange patient data in ways that comply with the HIPAA law, or else face hefty fines. One mental health service in Alaska recently learned this lesson the hard way after being hit with a $150,000 fine. Is your healthcare organization’s IT infrastructure 100 percent HIPAA compliant?

Technology is invading all practices, including those of medical offices and other health-related institutions like hospitals and dental offices. With the advent of electronic medical records (EMR) and their management systems, medical institutions are capable of eliminating the physical space required to store paper documents, and can instead easily store them in a digital environment. Unfortunately, this also brings its fair share of problems, such as regulatory compliance.