1. Learn How to handle the biggest danger faced by Healthcare organizations,
Tue Jul 12, 2016, 11am PT, Duration: 30 Mts

As a compliance professional dealing with business associates agreements, when you think of the OCR HIPAA audit, what’s your first reaction? Is it one of confidence? Or is it anxiety and stress? If it’s closer to the latter, you’re not alone. In fact, close to 50% of HIPAA breaches are due to issues related to business associates so it’s no wonder many healthcare organizations are stressed and anxious about the audit.
In 30 minutes, Learn how to:
Diagnose security vulnerabilities and compliance liabilities due to your BAs and vendors,
Prevent future breaches with BA-Vendor monitoring technology,
Track breaches and alerts associated with BAs and their vendors,
Provide a security blanket for your organization to demonstrate their oversight of all BA’s.

2. Learn How Healthcare Facilities can Avoid being the next victim of Ransomware Breaches,
Tue, July 19, 2016, 11am PT, Duration: 1 hour

3. Learn How Healthcare Facilities can Avoid being the next victim of Ransomware Breaches,
Tue, Aug 9, 2016, 11am PT, Duration: 1 hour

Join Aegify for a riveting discussion about the recent ransomware attacks that have created a lot turmoil in the healthcare industry and what steps you can take from becoming the next big victim. Ransomware attacks are on the rise. The attack that paralyzed MedStar Health’s computer systems last week mirrored that of ransomware known as MSIL/Samas, which the FBI issued an alert about March 25, three days before the MedStar attack began. Still, the health system has not specified the nature of its attack. Hackers and ransomware tools are becoming more sophisticated. The main objective in using ransomware is to destroy backups of files and databases that contain electronic patient health information and to encrypt and lock up files and databases that contain ePHI in order to charge covered entities and business associates hundreds to thousands of dollars to unlock the data.
This means that healthcare providers can no longer ignore the risk associated with implementing the HIPAA security program with adequate security risk analysis and management to detect and prevent such ransomware attacks.
In this webinar we will discuss:
What is Ransomware?Recent developments and why you could be the next victim?
Best Practices to avoid being the next Ransomware victim,
Automated Solutions for detecting and Preventing ransomware attacks

4. Learn How to prevent cyber Security breaches – Best practices,
Tue, Aug 16, 2016 11am PT, Duration: 1 hour

Join Aegify for a riveting discussion about the practical impact of a $28.0 mm settlement agreed to by St. Joseph Health System in costs after patient data was exposed on the web. This settlement of a suit stemming from a data breach illustrates that egregious breaches can have serious financial consequences. The reasons for the breach were due to failure to institute an organization-wide information security program with adequate security controls to mitigate risk to its patient information.
The size of the settlement means healthcare providers can no longer ignore the risk associated with implementing the HIPAA security program with adequate security risk analysis and management.
In this webinar we will discuss:
Some recent breaches including the St Joseph Health settlement,
Overview of changes in HIPAA requirements related to Covered Entities Best Practices to avoid Cyber-security breaches,
How to automate HIPAA cyber-risk monitoring and management?

Webinar Rewind – Archives

The post Webinars – Upcoming appeared first on Aegify.

Read Whitepaper

The post Security Elements in Aegify appeared first on Aegify.

Get cracking; threats are real!

Threats to systems and networks worldwide have been on the rise. For instance, the blaster worm in 2009 managed to shut down close to 120,000 systems in just 3 minutes, ensuring that networks across the world were affected. In another such attack, the Slammer worm infected nearly 55 million hosts per second in just 11 minutes. Susceptibilities in enterprise systems and the perpetrators of such actions are increasing globally, and IT organizations are more and more vulnerable to these attacks.

Be it internal or external, security threats can cause not just financial losses, but can also tarnish the image of an enterprise. Hence threat management has to take precedence over other activities. Enterprises should therefore follow best practices and invest in the best solutions to manage security threats effectively.

What are the best practices for effective threat management?

Managing threats is not an easy task, especially because enterprises today want their threat management efforts to coincide with compliance management as well. So an ideal threat management solution should essentially:

• Crack multiple data-centric information security challenges
• Decipher and detect in real-time advanced persistent and pervasive threats
• Detect automatically for any kind of data leakages
• Search for insider threats
• Provide detailed malware analysis
• Undertake continuous and automatic controls verification including e-discovery
• Deliver a holistic solution for both security as well as for IT- Governance and Risk Compliance that can be easily monitored through an integrated dashboard
• Provide an end-to-end automatic enterprise security solution that is all encompassing for compliance, audit and risk management needs.
• Swiftly update software with latest information
• Stay ahead of potential threats
• Thwart threats at their source

A company’s network, its information systems, databases, and processes are essentially its backbone. Hence, they must be made secure from threats, both internal and external. Therefore, deploying the right threat management system can prevent data breach and safeguard the company’s networks, systems and assets.

The post Best Practices for Threat management appeared first on Aegify.

Like in any other industry, division of labor and specialization, have taken shape making the hacking industry more structured than ever before. The 3 key players in the hacking community are:

-Researchers: Otherwise known as exploit developers, researchers are not actually involved in exploiting systems, but look for vulnerabilities in frameworks and applications.

-Farmers: These are people who write botnet software to infect systems, and also maintain and increase the presence of botnets in the cyberspace. They probe applications to extract valuable data, execute password attacks, disseminate spam, and distribute malware.

-Dealers: They distribute malicious payloads. They also rent botnets for repeated, persistent attacks or targeted one-time attacks to extract sensitive information.

The sophisticated nature of today’s cyber attacks is a definite product of ‘hacking industrialization’. And the use of advanced hacking techniques has also contributed to a focus shift from stealing personal information and credit card numbers to stealing application credentials, for which 3 attack techniques have been identified as commonly used:

SQL Injections: Data theft is most commonly administered through this technique. IBM reported around 250,000 SQL injection attacks on websites around the world, everyday, between January and June 2009.

Denial of Service: This is an attack which is usually executed by blackmailing application owners to pay a ransom to free their application from an invasion of unwanted traffic.

Business Logic Attacks: In this type of attack, hackers target vulnerabilities in business logic. Unlike attacks targeted at application codes, these attacks often remain undetected. These attacks are not usually apparent and are too diverse to be expressed in vulnerability scanner tests.

These highly advanced security attacks make it increasingly difficult for organizations to fight threats and remain protected. Today, no web application is out of reach of hackers. Attack campaigns are quite common, not only against applications but against any available target. Therefore data protection is a must, and effective vulnerability scanning tools along with application-level security solutions may be very helpful in effective threat management and overall security.

The post Common Attack Techniques – In an Era of Industrialized Hacking appeared first on Aegify.

Whatever the reason, cybercrime has been increasingly affecting the performance and productivity of companies. IT security is a matter of serious concern now, and companies are trying to adopt best practices to overcome this challenge. Here are some measures that you can take, to protect your company’s backup data:

1. Integrate backup security measures with the rest of the infrastructure. Make storage security a part of the overall information security policy. Even if the storage security responsibility lies with the storage team, they should integrate their security measures with the rest of the infrastructure, physical and virtual, in order to build in-depth protection.

1. Assess risk in terms of security. Ensure that a risk analysis of your entire backup process is done. Vulnerability management is crucial for every business and therefore it is essential to evaluate the backup methodology used by the company to identify security vulnerabilities in the process. For example, questions such as, can an administrator make copies of the backup tapes, are end-point devices easily accessible, and is there end-to-end custody for backup data, etc, need to be addressed to avoid security attacks.

1. Modify your security approach. If you do not have a comprehensive approach, adopt one. A multi-layered approach to security works well in most cases. Add different layers of protection such as authentication with anti-spoofing techniques, authorization based on roles and responsibilities as against complete access, encryption for data to be stored or copied, and auditing, along with log maintenance and log analysis, to ensure traceability and accountability.

1. Build awareness about data security. Communicate to your staff and managers, the risks involved in handling backup data and train them to abide by your backup security policies and regulations. Most often data loss is a result of ignorance or negligence of employees. If employees are made aware of the consequences of data leak, security lapses can be avoided to a large extent.

Secure data backup begins with formulating strategic policies. And implementing these policies requires proper planning and preparation. To fully protect a company’s critical data, complete control, continuous effort and constant monitoring are crucial. It’s important to understand that data security is as much a product of awareness, as it is an enforced directive. And it is your responsibility to create such awareness to ensure overall data protection.

The post Data Backup Security Best Practices appeared first on Aegify.

Creation of a new consumer protection agency at the Federal Reserve, provision of new powers to regulators for safely liquidating failed financial firms, and imposing new guidelines for transparency in the derivatives market, are some of the objectives of ‘The Dodd-Frank Wall Street Reform and Consumer Protection Act’. This law is an outcome of the 2008 banking crisis.

However, there are now mixed opinions about this law, especially with respect to its implication on data/ information security. Protiviti Inc.’s risk and compliance practice director Michael Brauneis noted that the provision in the law for creating a consumer protection agency may lead to a number of data security issues, since it calls for regulations to allow consumers to obtain information about their transactions from financial institutions. This causes a high risk of identity theft, if these financial institutions do not ensure effective controls to check the identity of the person requesting information.

Also, the concept of ‘systemic risk regulator’ meant to gather information from the banking industry to prevent another meltdown can pose serious concerns for overall data management and security. And a report by Delloite LLP on the new financial reform also cites data aggregation and reporting as one of the top implications of the new law.

Therefore, for all those involved in financial services, this regulatory reform is a groundbreaking event and is being described as the biggest since the Great Depression.

With the ever-increasing number of regulatory requirements, IT security has come a long way from being merely an IT-centric control mechanism, to becoming a complete compliance control technique. While the timeline for this law to take effect is long, this is yet another regulation that reinforces the need for secure GRC solutions.

The post Implications of the ‘Dodd-Frank Wall Street Reform & Consumer Protection Act’, on Data Security appeared first on Aegify.

Apart from this, data leakage, data theft and data threat posed by portable storage devices like USB flash drives, iPods, Smartphone’s, MP3 players, external HDD and other end point devices with internal memory is on the rise and need to be looked into. They can be an easy way for sensitive data to leak outside the business if not properly protected.  From business point of view these portable devices have become a necessity but from security point of view these portable devices are a threat. Through wireless connections, endpoint devices can access networks that may not be secure.

Through wireless connections, endpoint devices can access networks that may not be secure. More than 159 million records containing sensitive personal information were involved in security breaches from April 2005 to August 2007.This security threat has necessitated the need for a security strategy that can keep your portable data protected.

Block attacks, protect your data

The best ways to limit attacks is with antivirus and anti-spyware software’s, accompanied by effective program control, that can not only block known malicious programs running on endpoint PCs, but it also can help control programs such as P2P sharing applications that are increasingly targeted to compromise endpoint systems.

Strong Privacy laws

Employee attrition rate is very high in organization today hence companies should deploy full disk encryption of data and also keep end point data under lock. With strong personal privacy laws now requiring disclosure of security breaches when personal information is breached, it has become all the more important to secure endpoint data.  Controlling device access, scanning the content of allowed devices to ensure there are no viruses present, and encrypting data on these devices so the data remains protected are some ways one can protect their information.

Network access control helps secure networked endpoints prior to allowing them network access. Access is only granted if the endpoint devices meet with predefined security policy, such as having current antivirus software or the latest patches.

Centralize endpoint security

It’s important to centralize endpoint security management so that administrators can use one console to configure endpoints, administer policies, monitor performance, and analyze data from the network as a whole. This helps reduce maintenance cost, improve security audit, and automates reporting.

End users should be sensitized to the threat scenario and their involvement should be limited to educating them on the risks involved with virus attacks and loss or theft of portable devices. All this is possible only if good security practices are instilled in the organization.

The post How secure are your end-point devices? appeared first on Aegify.

Information on the files included people’s names, addresses, phone numbers, birth dates, social security numbers, driver’s license numbers, medical record numbers, patient numbers, health plan information, dates of service, and information on diagnoses and treatments. It had data on patients, employees, doctors, volunteers, donors, vendors, and other business partners and covered records over a 14-year time span.

The growing frequency of these incidents only reinforces the pressing need to secure end-point devices and comply with HIPAA and other regulations. Hospitals and institutions in possession of confidential data should adopt a cloud-based approach to storing records. Only this can help prevent such incidents of massive security breach and data loss.

The post South Shore Hospital Reports Loss of Confidential Data- 800,000 Private Records at Risk appeared first on Aegify.

• Approximately 500 million records containing personal identifying information of United States residents stored in government and corporate databases was either lost or stolen in the last 5 years?
• Various other corporations lost US$1 Trillion worldwide as a result of data loss, accidental or malicious?
• Costs from the largest computer data breach in corporate history at TJX, in which more than 94 million customer Credit and Debit card numbers were stolen was estimated at US$ 256 million?
• In 2009, Gartner analysts estimated that the cost of sensitive data break will increase 20 percent per year?

These are not merely statistics but a warning that companies need to take a serious note of the kind of cyber security threats and business compliance risks that are out there for them.

So you may feel that your company is safe…so here’s some number crunching for you to think again!

Security breaches affected the following industries

• The retail industry (35%)
• Technology firms (20%)
• Banking and financial industry (20%)
• Medical industry (15%)
• Defense industry (10%)

Overall, only 5% of the companies resorted to security monitoring! The majority (55%) had absolutely no mechanisms for monitoring and the rest 40% conveniently outsourced the IT security monitoring functions to managed services providers. So your company may have put in place certain strategies in the form of policies, guidelines, firewalls and virus scanners, which you deem adequate enough to deal with hackers. But are they truly the protective shield your company needs?

Keep your company cyber-threat free

Verizon Business for instance reported 90 confirmed breaches within their 2008 caseload encompassing an astounding 285 million compromised records. And a thorough investigation proved that ‘significant errors’ standing at 67% was the main cause of the security breach! So the question that’s begging to be answered right now…is whether your company implemented a proper Governance, Risk and Compliance system? If not, then your company is at its maximum risk level. The most workable solution for any company in such a volatile and unsafe environment is to integrate and automate GRC combining compliance workflow with control assessment automation and security monitoring.

But keep in mind, IT-GRC does not stop threats; it only helps companies manage “the whole process” of IT security, compliance, and risk management through policy guidelines and implementation. So, compliance with a regulatory framework is a big  step which could bring down the risk significantly, since these regulations are the collective wisdom of specialists in the society. Thus there is a considerable reduction in risk exposure by simply the best practices prevalent in the industry.

Next generation GRC solutions

A holistic approach is to look at business risks from 2 different perspectives, from the compliance management policy implementation point of view as well as measuring the reality on the ground through information security monitoring. what the next generation enterprise solution needs to offer -one which will cover all aspects of security and compliance management, An ideal next generation solution would provide

• integrated compliance management and security monitoring
• multiple out of the box global regulations support
• automated control assessment
• secure end-point devices to enable massive storage of sensitive and regulated data
• security solutions for monitoring the network traffic
• ability to address business problems through detection of advanced threats
• scale up to global enterprises and down to small and medium businesses
• capable to integrate multiple solutions
• deliver compelling and value to the organization and also be affordable

Gain with SecureGRC: Integrated GRC and Security Monitoring

With your company’s integrated GRC  and security efforts you will notice that it actually drives real value for your company, especially in optimizing risk and compliance coverage and the underlying cost structure. All you need to do is ensure that your company’s integrated GRC should understand and manage the nature of risks for your specific industry with security monitoring.

SecureGRC from eGestalt Technologies Inc. unifies Information security monitoring and IT Compliance management. For more details please visit: http://www.egestalt.com/securegrctm.html

The post Your Company needs Information Security Monitoring and Integrated GRC appeared first on Aegify.