Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Guest Blog Post

 

GUEST ESSAY: HIPAA’s new ‘Safe Harbor’ rules promote security at healthcare firms under seige

By Riyan N. Alam

The Health Insurance Portability and Accountability Act — HIPAA — has undergone some massive changes in the past few years to minimize the burden of healthcare entities.

Related: Hackers relentless target healthcare providers

Despite these efforts, covered-entities and business associates continue to find HIPAA to be overwhelming and extensive, to say the least.

Cyberattacks against healthcare entities rose 45 percent between November 2020 and January 2021, according to Check Point . Meanwhile, the healthcare sector accounted for 79 percent of all reported data breaches during the first 10 months of 2020, a study by Fortified Health Security tells us.

At last, some good news has surfaced that encourages healthcare providers to implement the best security practices and meet HIPAA requirements. Amidst all of the turmoil, President Donald Trump officially signed H.R. 7898, known as the HIPAA Safe Harbor Bill, into law on January 5, 2021.

It is a new sign of relief for entities that could do very little against unavoidable and highly sophisticated cyberattacks. This bill is one of many recent industry efforts aimed at improving cybersecurity. The legislation amends the HITECH Act to require the Department of Health and Human Services (HHS) to reward organizations that follow the best cybersecurity practices for meeting HIPAA requirements.

GUEST ESSAY: 5 steps for raising cyber smart children — who know how to guard their privacy

By Ellen Sabin

Today’s children are online at a young age, for many hours, and in more ways than ever before. As adults, we know that bad online decisions can have negative or dangerous effects for years to come.

Related: Web apps are being used to radicalize youth

The question isn’t whether we should educate children about online safety, but how we can best inspire them to learn to be thoughtful, careful, and safe in the cyber world for their lifetime. For adults doing the teaching, it’s no easy task.

Teaching children about good cyber security habits starts with helping them realize their power to learn to make smart choices. Often, messages about online security are presented as ‘to-do’ lists that can make even the most pliant of us feel like we are being preached to. Instead, let children think about why they want to become smart about online decisions and how they can make good choices.

Here are some tips to excite kids about cybersecurity.

GUEST ESSAY: Here’s how Secure Access Service Edge — ‘SASE’ — can help, post Covid-19

By Liraz Postan

One legacy of the ongoing global pandemic is that companies now realize that a secured and well-supported remote workforce is possible. Recently, the University of Illinois and the Harvard Business School conducted a study, and 16% of companies reported switching their employees to work at home from offices at least twice a week.

Related: SASE translates into secure connectivity

The problem here is that a secured, cost-effective, and efficient networkmust be developed to support remote operations at scale.  Gartner refers to this as the Secure Access Service Edge (SASE), which is a framework combining the functionality of Wide Area Network (WAN) with network security services to shield against any cyber threats or cloud-enabled SaaS.

The makeup of SASE 

Many enterprises have accelerated their use of Virtual Private Network (VPN) solutions to support remote workers during this pandemic.

However deploying VPNs on a wide-scale basis introduces performance and scalability issues. SASE can function as security infrastructure and as the core IT network of large enterprises. It incorporates zero-trust technologies and software-defined wide area networking (SD-WAN). SASE then provides secure connectivity between the cloud and users, much as with a VPN. But it much further. It can also deploy web filtering, threat prevention, DNS security, sandboxing, data loss prevention, next-generation firewall policies, information security and credential theft prevention. 

Thus SASE combines advanced threat protection and secure access with enterprise-class data loss prevention. Given the climbing rate of remote workers, SASE has shifted from being a developing solution to being very timely, sophisticated response to leading-edge cyber attacks. Here are a few  guidelines to follow when looking for vendors pitching SASE services:.

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

By Armistead Whitney

There is no shortage of innovative cybersecurity tools and services that can help companies do a much better job of defending their networks.

Related: Welcome to the CyberXchange Marketplace

In the U.S. alone, in fact, there are more than 5,000 cybersecurity vendors. For organizations looking to improve their security posture, this is causing confusion and vendor fatigue, especially for companies that don’t have a full time Chief Information Security Officer.

The vendors are well-intentioned. They are responding to a trend of companies moving to meet rising compliance requirements, such as PCI-DSS and GDPR. Senior management is now  focused on embracing well-vetted best practices such as those outlined in FFIEC and SOC 2, and many more. According to a recent study by PwC, 91% of all companies are following cybersecurity frameworks, like these, as they build and implement their cybersecurity programs.

All of this activity has put a strain on how companies buy and sell cybersecurity solutions. Consider that PCI-DSS alone has over 250 complex requirements that include things like endpoint protection, password management, anti-virus, border security, data recovery and awareness training.

Traditional channels for choosing the right security solutions are proving to be increasingly ineffective. This includes searching through hundreds of companies on Google, attending trade shows and conferences (not possible today with COVID), or dealing with constant cold calls and cold emails from security company sales reps.

GUEST ESSAY: Skeptical about buying life insurance online? Here’s how to do it — securely

By Cynthia Madison

Purchasing life insurance once meant going to an insurer’s office or booking an appointment with an insurance agent. Then, in most cases, you’d have to undergo a medical examination and wait a few weeks to get approved and complete the whole process. But this scenario doesn’t seem to fit the fast-paced world we live in anymore. Today’s generation is used to getting everything done fast and easy, so life insurance providers had to get with the times and cover all customers’ needs and requirements.

Related: Life insurance types explained

From shopping to socializing or paying their bills, people seem to be doing everything online these days, so it was only a matter of time until insurance companies stepped into the digital world. Now everyone has the possibility to purchase life insurance from the comfort of their home by simply going online and looking for the policies that will fit their needs. Even major life insurance companies have stepped up their game and now provide a variety of online resources to cater to all consumers.

But with all the convenience also came concern. Some are still reluctant to purchase life insurance online for safety reasons and because they’re still unfamiliar with the steps they should follow. When you search for life insurance online, you’re on your own, with no one to guide you through the process, so how can you be sure you won’t make any costly mistakes? Here we’re going to tackle these issues and more to help you make an informed decision if you decide to buy life insurance online.

The pros

Apart from providing a hassle-free process, there are other notable advantages to buying life insurance online. For one, online platforms give you the possibility to compare insurance options from different providers, something that’s not possible if you go the traditional route. Different companies will offer different prices for the same type of policy, so you’ll have to … more

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

By David Balaban

Ransomware is undoubtedly one of the most unnerving phenomena in the cyber threat landscape. Numerous strains of this destructive code have been the front-page news in global computer security chronicles for almost a decade now, with jaw-dropping ups and dramatic downs accompanying its progress.

Related: What local government can do to repel ransomware

Ransomware came into existence in 1989 as a primitive program dubbed the AIDS Trojan that was spreading via 5.25-inch diskettes. This debut was followed by the emergence of several marginal blackmail threats in the mid-2000s that never gained significant traction among online criminals. The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020.

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. It additionally spans mild-impact screen lockers, data wipers disguised as something else, infections that overwrite the master boot record (MBR), and most recently, nasties that enhance the attack logic with data theft.

The above-mentioned AIDS Trojan hailing from the distant pre-Internet era was the progenitor of the trend, but its real-world impact was close to zero. The Archiveus Trojan from 2006 was the first one to use RSA cipher, but it was reminiscent of a proof of concept and used a static 30-digit decryption password that was shortly cracked. None of these early threats went pro. In this timeline, I will instead focus on the strains that became the driving force of the ransomware evolution.

FBI spoofs

2012 – 2013. During this period, the ransomware ecosystem was dominated by Trojans that locked the screen or web browser with fake alerts impersonating law enforcement agencies. These warnings would state that the victim committed a … more

GUEST ESSAY: What everyone should know about the pros and cons of online fingerprinting

By Ebbe Kernel

When it was first introduced, device fingerprinting – or online fingerprinting in general – was meant to create a safer, more responsible internet. The idea was that by fingerprinting devices used to connect to the internet we could achieve better accountability.

Related: Why Satya Nadella calls for regulation of facial recognition systems

The concept itself is still very much relevant today. Fingerprinting is considered a necessary practice to fight challenges such as fake accounts and the misuse of internet services. However, online fingerprinting is also being used to track users. Now, fingerprinting is a tool in the marketer’s toolbox. Has it failed in its initial mission?

If you are not familiar with the concept of online fingerprinting, the principles behind it are very simple. More about it can be found on Smartproxy. Whenever you access a web server, details about your IP address, your browser information, your device information, and other information are recorded in logs. Logged online activities are easier to trace so service providers can perform the necessary security check if one is required.

Fingerprinting makes it difficult for irresponsible parties to create fake accounts or social media pages. Service providers can recognize signs of fake accounts from similarities in their fingerprints, allowing further action to be taken against those accounts. In the era of bots and fake news, fingerprinting is supposed to work seamlessly.

The Electronic Frontier Foundation (EFF) recently revealed just how many details are leaked and stored when you access a web server. The number

of details that are recorded is simply staggering, with information such as your approximate location, the referrer site, and whether you have Do Not Track activated being leaked.