Even Non-Profits are Targeted By Charles Parker To an attacker, data is data. It is a commodity to look for, breach a target for, steal, and sell. The focus and process itself is not that complicated. The target data is the same for a profit and non-profit. The difference to the attacker though is the non-profit may not have the ability to put a full defense-in-depth in place to secure its enterprise. A specific, troubling issue affecting the non-profits has been social eng

Preparing for an Attack & Breach By Charles Parker The attackers have branched out and are no longer merely focusing on one or two industries, such as DoD contractors or hospitals. This is partially due to their business model and ease of use, especially with ransomware. The revenue driven by these activities continues to grow. At this junction, it is prudent to plan for an attack and breach. With this completed and periodically updated, the enterprise and operations would be

Cloud Computing and HIPAA Guidelines By Dr. James Angle As healthcare organizations across the country scramble to take advantage of the power of the cloud, Health and Human Services (HHS) is providing guidance for use of cloud services. The guidelines provide both covered entities and the Cloud Service Provider (CSP) information to assist them in understanding their obligations under HIPAA regulations. When a covered entity contracts a cloud provider for services that rece

Brain Drain in Our Government Agencies By Dr. Jane LeClair As long ago as 1981 the federal government was concerned with the loss of knowledge -'brain drain' - from various agencies. A GAO report "The Government Brain Drain" dated Sep 14, 1981 notes "The Government brain drain caused by inadequate salary levels, irregular pay adjustments, and distorted pay interrelationships of top Federal officials is one of the most critical but perhaps least understood and appreciated pr

By Dr. Jane LeClair A brand new year has started and what better time to think about the security of your system. Now is a good time to upgrade your security, and of course change your passwords! Dr. Jane LeClair is the president of the Washington Center for Cybersecurity Research & Development.

HIPAA: Compliance with Many Areas to Monitor By Charles Parker The HIPAA regulation is a rather expansive regulation. With all of the aspects HIPAA has to note for the of the different environments and cases encountered, including the administration, technical, and physical security issues to be addressed, it is almost surprising this regulation is not longer. As important as HIPAA and securing the medical data, information, and records are, the scrutiny of the HIPAA-applic

Changing Cultures By Dr. Jane LeClair Cybersecurity is a word that is getting a lot of attention these days. Hardly a week passes without the public being informed by the media of yet another major cyber breach. Major business organizations have been attacked, the digital systems of political parties breached, our critical infrastructure probed, even the White House has been attacked. Those systems were no doubt defended against intrusions with well configured firewalls, intr

Be ready for seasonal cyber scams By Carolyn Schrader The holiday season is a prime opportunity for cybercriminals to target people and businesses. Employees are more apt to be shopping using employee equipment. Businesses are buying gifts for staff, clients, and business partners. Vigilance and a strong measure of skepticism can help reduce the chances of being a victim. Eight scams to be ready for include: 1. Social Media Scams with fake offers or discounts Everyone l

Happy Thanksgiving! From all of us at the Washington Center for Cybersecurity Research & Development....Have a safe and Happy Thanksgiving!

When, not if... The number of businesses through the nation is rather large. Many of these know they are regularly targeted. Too many of the remainder businesses are hoping that security by obscurity works. It does not. Small- and medium-businesses (SMB) are actively targeted by the attackers due to this lack of sufficient focus on Infosec. One symptom of this is a lack of a security policy, or one in place on the shelf with a large amount of dust due to a lack of any review