In our line of work, we hear a lot of myths and rumors. For example, some people say that Office365 isn’t SEC compliant because it’s in the cloud. We have also heard some people saying the same about Google’s G Suite. But what does the SEC Cybersecurity Guidance say? While the SEC Cybersecurity Guidance does [...]
As businesses are digitally transformed, our exposure to risk is changing. In the financial industry, the stakes are much higher. The SEC Cybersecurity Guidance helps registered investment advisors respond to these threats. It also makes sure that they have a plan in place to respond to them. For example, one such threat is the loss [...]
When firms think about cybersecurity, they’re tempted to focus on the tech. Hopefully, you're already having internal conversations about which tools you need to fight phishing or to keep your mobile devices safe. One area where we've seen a lot of firms struggle, though, is in figuring out what to do when something BAD happens. [...]
As part of our work helping medical practices with HIPAA and cybersecurity, we get to see lots of HIPAA mistakes. It’s interesting to spot the similarities across so many different companies. Here are nine of the most common HIPAA mistakes that we see. The scary part is we see them all the time. HIPAA Mistake 1: [...]
“What are my options for HIPAA compliant cloud storage? ”In recent years, cloud storage has risen in both effectiveness and popularity. Its convenience is undeniable– the ability to access your data from anywhere is amazing. But can business associates and medical providers take advantage of these services to store PHI? What exactly does it mean [...]
Many practices want to use cloud storage services like Google drive and hosted email. Is Google's G-Suite HIPAA compliant? First, let's review what's actually in Google's G-Suite, Google's paid version of a variety of productivity tools. Email Most famously, G-Suite includes Gmail, an excellent and easy-to-use email platform. Users go through the famous Gmail portal, [...]
Protecting Your Business’ Most Sensitive Mobile Data Gone are the days of the rotary phone. Data is immensely portable. As we — individuals, consumers, corporate employees, investment advisors and financial investors — continue to rely on our mobile devices for everything, the level and amount of sensitive data that is stored on our mobile [...]
Cybercriminals are quite nimble in outsmarting protection measures. This makes it essential to be proactive and stay one step ahead of bad actors. The SEC Cybersecurity Guidance provides a lot of information about security and compliance. But it doesn’t specify what steps firms should take to teach their clients how to be safe online from cyber threats. [...]
Welcome back to SEC Cybersecurity Guidance: Business Continuity Planning. The first steps (found here in Part 1) are: List your Specific Needs, and Discuss and Document... and here, in Part 2, we talk, and plan, and test. Disclaimer: we are STILL not lawyers. We are cybersecurity practitioners who work with a lot of registered [...]
If you’ve come to this site, you’re probably doing some research about SEC Cybersecurity Guidance. As part of the OCIE Cybersecurity Initiative, #6 in the SEC cybersecurity guidance clearly states that business continuity planning is a priority. Here’s what the SEC Cybersecurity Guidance says: “Please provide a copy of the Firm’s written business continuity [...]