Category: Uncategorized

Everything has a cost. Whether literal (as in dollars and cents) or figurative (as in lost productivity, retention, and other issues), cybersecurity is no exception to the rule. 

A firewall is a great way to protect your organization, but it only works well if it is configured properly. Here are four common mistakes in firewall configuration, along with some tips for avoiding them.

1. Non-Standard Authentication Methods

Using non-standard authentication methods can put you at risk of a cybersecurity breach. When you don’t use a standard method, you rely entirely on the expertise of whoever set up the firewall, or worse, on the default settings of the firewall. A better approach is to adhere to a recognized standard to give your computer network security a stronger foundation. 

(more…)

The Sarbanes-Oxley (“SOX”) Act of 2002 is a crucial piece of legislation aimed at protecting the confidentiality, integrity, and availability of information that impacts a corporation’s stakeholders.

Ensuring ongoing SOX compliance is a fundamental risk management task for any publicly-traded, or even privately-held, company in the United States. Transgressions of the SOX Act can involve hefty penalties at both a company and an individual level (for directors and board members). 

SOX requires organizations to establish security controls that prevent leaks of confidential data, and audit trails that are capable of detecting any form of data tampering. In this way, the Act helps organizations to reduce or eliminate fraud, build public trust, and protect data that is sensitive to stakeholders. 

At Garland Heart we advise that organizations establish IT security policies that will ensure regulatory compliance with SOX, as well as other related legislation. In a nutshell, organizations must implement an effective strategy for fraud prevention, detection and response – identifying vulnerabilities, establishing controls, selecting information security solutions, and ensuring accurate reporting.

For financial services companies, which deal with very sensitive customer and financial data, there are a number of important considerations relating to SOX compliance.

  (more…)

Today’s data-centric businesses rely on a secure cyber environment to operate within. If you are a small firm, you may task contractors or your general IT support staff to handle your security needs. Mid-size to large firms, however, most likely employ an information security officer (ISO), also known as a Chief Information Security officer, or CISO). In a digital world ripe with fraudulent emails and trojan horses, your ISO presents your first and best line of defense. Finding a suitable security professional, however, can be costly: CISOs in top U.S. markets command an average salary of $204,000. Despite these costs, smaller businesses that lack the budget to hire an in-house ISO are not out of luck. A virtual information security officer (vISO) can bridge this security gap. A vISO gives your business the same level of security and expertise as an in-house ISO, without the associated overhead and expenses.

Your business generates massive volumes of data that demand smart and secure management. However, confusion and misconceptions run rampant when it comes to information security and compliance with big data. Looking beyond the three most common misconceptions about information security compliance can help you ensure that your data and systems are secure.

The twin gas pedals of globalization and technology have increased the speed of business to the point where you can blink and suddenly not recognize the landscape around you. This is especially true when it comes to information security, where the very concept of “hacking” and data theft went from Hollywood science fiction to a pressing fact of life in under a decade.

Like many businesses, you may question whether you’re properly prepared in the information security realm, even if you’ve created a titular Chief Information Security Officer (CISO). But titles alone aren’t enough, especially when an effective CISO is required to wear so many different hats.

From disaster recovery to security reporting, vendor management and more, you should be able to rely on a CISO who can fit every hat he or she needs to. Most surprisingly of all, an effective CISO may not even need to work in your actual office. Here’s why.

A storm is on the horizon and if you are a part of the healthcare industry, prepare for rough seas. This storm, without rain or thunder, is digital and presents an even more burdensome proposition for healthcare organizations: the mass digitization of health and medical records (collectively, “EHRs”). In adopting new technologies to digitize patient records, healthcare organizations aim to harmonize and improve patient outcomes. Rooted in the ambitious goals of HITECH (Health Information Technology for Economic and Clinical Health Act), digitization has been fraught with its own challenges unique to both healthcare and the cyber space. Hospitals, who operate at the intersection of health and technology, should prepare to anticipate and address cybersecurity challenges raised by ongoing digitization of health records.

For lawyers who may juggle a morning court appearance followed by an afternoon spent inside corporate boardroom meetings, the issue of cybersecurity may seem a distant, low priority. However, law firms should emphasize cybersecurity as a top concern because of the sensitive information they have to handle, both inside and outside of the courtroom. Cyber attackers target sensitive information of corporate victims – who presents a better target for cyber threats than the law firms which represent these corporate victims in highly lucrative legal matters? BigLaw, after all, is big business.