The Federal Information Security Management Act (FISMA) is a United States federal law enacted in December 2002 under the E-Government Act.  The act mandates federal agencies to develop, document and implement an information security program, considering both processes and systems controls, to “protect information and information systems from unauthorized access, use, disclosure, disruption, modification, or […]

This time next year, PCI DSS 4.0 will come fully into effect, replacing the current standard, 3.2. 1, that has been in place since 2018.  PCI SSC’s newest version shouldn’t come as a surprise to most. It was first released in March 2022. But with a two year grace period to allow vendors and credit […]

Miami-based healthcare software provider, Independent Living Systems, is in the hot seat this week, after announcing a data breach that impacted over 4.2 million individuals.  The incident, which is the largest healthcare breach of the year so far, came to light on March 14, when the company shared an announcement stating it experienced an “incident […]

Over the past 18 months, the Securities and Exchange Commission (SEC) has levied an onslaught of fines against public companies for inadequate disclosures of cybersecurity issues. In the latter half of 2021, British company Pearson agreed to pay $1 million, while First American Financial agreed to a settlement of $500,000.  Then, just last week, the […]

Software-as-a-service (SaaS) platforms are wonderful for boosting employee productivity and collaboration. Apps like Slack, Microsoft Teams and Google Workspace are essentially a prerequisite in the modern workplace, facilitating remote and hybrid work setups, while empowering employees to enhance efficiency.  However, while executives and employees love SaaS, security teams often have a different opinion. These apps […]

Under the Health Insurance Portability and Accountability Act (HIPAA), healthcare organizations must put in place specific controls to protect the confidentiality, integrity and availability of protected health information (PHI).  However, complying with HIPAA today is much more complex than it was twenty years ago. As congress recently noted, “advances in electronic technology could erode the […]

SaaS security solutions like cloud access security brokers (CASB) and cloud-based data loss prevention (DLP) have become a must-have to prevent data leakage and exfiltration in popular cloud apps like Slack, Google Workspace and Office 365.  In theory, these tools give security administrators much needed visibility and control over the sensitive information that resides in […]

News just in. LastPass’ parent company, GoTo, has revealed malicious actors stole encrypted customer information – and, more troublingly, a decryption key – in a November 2022 attack.  While you might not have heard of GoTo, your company will probably use at least one of its digital tools. There’s the communications platform Central, the online […]

So, you want to secure your SaaS apps. You’ve realized that Slack and Teams are a potent source of data leakage and you’re increasingly worried about the threat of credentials compromise.  Chances are, you’ve taken to the web to look for a security solution to solve all your SaaS woes, only to end your search […]

We all know that cloud apps like Slack, Teams and Google Workspace are the backbone of modern business. But they’re also a huge risk to compliance and security.  Research shows that the average company has a $28 million data breach risk because of exposed data in SaaS environments. Risks like data leakage, compromised credentials and […]

Atlassian received a nasty surprise late last week, after the hacking group SiegedSec leaked stolen company data on Telegram, including confidential floor maps of its offices in Sydney and San Francisco and, more concerningly, sensitive information about its employees. Like quite a few recent breaches, the hacking group didn’t actually break into Atlassian’s IT infrastructure. […]