Cybersecurity Hygiene Best Practices During COVID-19 and Beyond

Written by
Published 05/26/2020

As cybercriminals continue to use the novel coronavirus pandemic to launch cybercrime scams and cyber attacks on teleworking applications, virtual private networks (VPN), and other technologies associated with remote work, many organizations find themselves in crisis mode, as well. Your enterprise may be scrambling daily to protect your sensitive data, reduce the likelihood of data breach, and guard against malware and ransomware attacks as well as other cyber threats. The situation is dire and urgent. The U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) on April 8 issued a joint warning about the increased risk of a security breach that the COVID-19 pandemic has brought about. The…

Categorized in: ,

May 2020: Compliance Certification Roundup

Written by
Published 05/25/2020

Beginning this month, Reciprocity will highlight companies that have earned compliance certifications for information security frameworks.   Here’s our May 2020 roundup of compliance news from around the United States, and around the world. PCI Certification Roundup PCI certification and compliance are two different, but related, designations. PCI certification is a more rigorous process. It involves an intensive audit performed by a Qualified Security Assessor (QSA). PCI compliance means a company follows best practices to help protect Cardholder Data (CHD) following the guidelines set by the PCI Council. On April 29, GreenBox POS, San Diego, completed an audit of its technology infrastructure resulting in PCI Level 1 Compliance Certification. The company builds customizable, Blockchain-based payment solutions. Read more. In late…

Tags:
Categorized in:

COVID-19: Importance of Ethical Leadership During a Crisis

Written by
Published 05/21/2020

Change is hard—and during the COVID-19 pandemic, it’s happening at breakneck speed. Your employees and business partners need to know now, more than ever before, that they can trust you to be honest and transparent with them. This is the essence of ethical leadership. We’re standing on shaky ground as the virus sweeps through our nation and upends our economy. People are losing their jobs, their health insurance, and perhaps even their savings. Some are losing loved ones to the novel coronavirus or worried that they, or others, will fall ill. Buffeted on all sides by calamity, your people need your steady hand. They need you to not only show your trustworthiness with reassuring words and honest assessments of where…

Categorized in: ,

COVID-19: User Access Management Best Practices

Written by
Published 05/20/2020

As cybercriminals step up their efforts during the COVID-19 crisis to infiltrate your information systems, identity and access management (IAM) processes are more important for cybersecurity than ever. Aimed at preventing data breaches and unauthorized access to your systems, IAM becomes more critical as more of your employees perform their work from home. The firewalls that protected your system perimeter won’t suffice any longer, because there is no perimeter. Users are dispersed, and user accounts and your business applications are in the cloud. Identity and access management can be a complex process, especially if yours is a larger organization. But it’s a valuable component of risk management and required by many compliance frameworks. User access management should be a part…

Categorized in: ,

COSO-Based Internal Auditing

Written by
Published 05/19/2020

Internal audit and compliance departments benefit from having a comprehensive framework to use to perform corporate risk assessment and internal control testing as well as fight fraud. The most popular framework is the COSO Framework. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) was originally formed in the United States in 1985 to combat corporate fraud. This commission developed recommendations for public companies, internal audit departments, and educational institutions. COSO was created and designed to provide thought leadership by developing comprehensive frameworks and guidance on internal controls, fraud prevention, and enterprise risk management.  COSO Internal Control-Integrated Framework  The COSO Internal Control-Integrated Framework provides an applied risk management approach to internal controls that’s relevant to both external financial reporting…

Categorized in:

What is Compliance Oversight?

Written by
Published 05/14/2020

Regulatory compliance is continuously evolving, which makes it increasingly imperative that everyone involved in the Compliance Management System (CMS) understand their responsibilities. Various sectors mandate oversight, including healthcare, finance, and cybersecurity. It is also a foundational business practice to safeguard company reputation and demonstrate integrity to consumers and the public.  Compliance management is a top-down system, like most workplace cultures and business processes. Thus, the CMS is established and maintained through the Board of Directors’ oversight, which ensures the regulatory process is fully functional within their organization.  Reviewing the CMS: What’s Required?  It’s important to review the elements of a CMS to understand the role of compliance oversight. The core functions of a CMS are to protect the organization and…

Categorized in:

11 Proven Risk Mitigation Strategies

Written by
Published 05/12/2020

Business is inherently risky. Types of risk abound: financial, legal, regulatory, reputational and more. In the most extreme scenarios, failing to maintain an acceptable level of risk could result in injury or death, as in a factory; or, in the case of critical infrastructure, widespread economic catastrophe. Even when the potential losses are less dire, however, every business, large and small, needs an effective risk management program, both as part of its project management and its overall enterprise management. This program should consider all the risks posed to the business: internal risks as well as external, including supply-chain risks. Every risk management program will follow essentially the same action plan: Risk assessment  Risk identification, including the root cause  Risk analysis:…

Categorized in:

Risk Assessment Checklist NIST 800-171

Written by
Published 05/10/2020

The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 is a subset of IT security controls derived from NIST SP 800-53.  NIST SP 800-53 provides a catalog of cybersecurity and privacy controls for all U.S. federal information systems except those related to national security.  The IT security controls in the “NIST SP 800-171 Rev. 2 – Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” are mandatory when nonfederal entities share, collect, process, store, or transmit controlled unclassified information (CUI) on behalf of federal agencies. CUI is defined as any information that requires safeguarding or dissemination controls pursuant to federal law, regulation, or governmentwide policy.   This NIST SP 800-171 checklist will help you comply with NIST standards…

How to Comply with GDPR

Written by
Published 05/08/2020

When it comes to organizations incorporated and operating out of the United States, General Data Protection Regulation (GDPR) compliance can be confusing.  Many people struggle to understand what exactly is the GDPR and whether it applies to all organizations.  On May 25, 2018, the European Union (EU) via the European Parliament, signed into law the GDPR, to an enhance Directive 95/46/EC. GDPR mandates the protection of personal information data and privacy for citizens in the European Union and the European Economic Area (EEA).  Does this mean that a company outside the EU/EEA  shouldn’t have to worry about GDPR or that it doesn’t apply? Not quite.  Should your organization do business with citizens or the EU/EEA, you need to comply with…

Tags: ,
Categorized in:

Risk Management Process

Written by
Published 05/07/2020

Not too long ago, “risk management” was considered mainly an insurance term.   The risks a business might incur covered a fairly small and discrete range of scenarios, including the following: Natural disaster risk – the potential risks you’d often buy insurance to ameliorate: tornadoes, earthquakes, fire, floods; Investment risk – positive (gains) or negative (loss) due to changes in financial markets; Credit risk – The risk that someone who has borrowed money from your organization will default; Security risk – the risk of an unauthorized person or persons entering the building or grounds and causing harm to the business or its workers; Legal risk – the risk of lawsuits; Safety risk – the risk that employees will be injured on…

Categorized in: