Vulnerability Scanning


Vulnerability scanning is the systematic identification, analysis and reporting of technical security vulnerabilities that unauthorized parties and individuals may use to exploit and threaten the confidentiality, integrity and availability of business and technical data and information. External vulnerability scanning specifically examines an organization’s security profile from the perspective of an outsider or someone who does not have access to systems and networks behind the organization’s external security perimeter. Your external IPs be scanned once a year, once a quarter or monthly.

Read More

Mobile Application Scanning


Mobile platforms by default make certain promises about their environment. Development teams should not rely on these promises to protect critical data and code. Architecture review and threat modeling process will includes assessing and documenting security risks in the context of use cases, services, roles and functions unique to your application. The threat modeling is performed in collaboration with your business, engineering, operations and corporate security teams to understand and create the system’s security objectives, threat profile, attacks, vulnerabilities and countermeasures from design to deployment.

Read More

Darkweb Credential Monitoring


We provide the best approach to eliminate the biggest cause of massive data breaches, the weak and/or stolen password. We continuously monitor the dark web for stolen databases and identities, and maintains the encrypted data in our proprietary database. When integrated with an IAM solution, we can provide superior visibility into user-centric risk and the ability to automate appropriate corrective actions, preventing the abuse of compromised credentials.

Read More
Blog Data Breach Problems with BYOD

Data Breach Problems on BYOD

In today’s world, more and more employees are using their own devices to access company websites and work screens. iPhones and iPads are two devices that are very popular now and being used as the all in one device for many people. They don’t realize that these devices may not be that secure and for a company, it can have very costly data breach situations. Healthcare companies are especially susceptible to HIPAA patient data loss implications. If you lose data that is federally protected, then you open yourself up to legal repercussions and lawsuits from individuals as well and potential monetary penalties.

Many companies have adopted bring your own device (byod) policies because a lot of employees would just as soon use their own equipment. After all, they already have it and they are quite used to using it in most aspects of their lives. While this may seem like a perfectly reasonable solution, it may not be wise unless companies have truly looked at the issues with their risk management team. Fines as high as $1.5 million dollars

Person with PDA handheld device.

Person with PDA handheld device. (Photo credit: Wikipedia)

have already been assessed in at least one situation in a teaching hospital that lost data on a mobile device that was unencrypted.

Companies are now required to perform a risk assessment and implement a data breach protection program, including for mobile devices. Those without a plan in place can be on the receiving end of some pretty hefty fines. Some important numbers that companies should be aware of are:

-84% of employees use their smart phone for everything, including work and personal use

-47% of all people don’t use a password protection on their mobile devices

-51% of companies have no ability to erase data from a lost or stolen device

-49% of employees have received no training at all on mobile device security from their company

These issues are going to need to be addressed by all companies if they truly wish to remain out of hot water and avoid these issues with HIPAA protected data loss. A BYOD policy may save money in not having to supply equipment to employees but it also may leave you open to lawsuits and big fines. Deciding which route they want to take should rely heavily on risk assessment.

Data needs to remain safe at all times and this needs to be addressed by technology companies as well. Being able to erase information from a lost device, over the air and remotely is a technology that is a must for these sorts of companies who handle sensitive materials. Companies should really explore all options in protecting and destroying data if they follow a BYOD policy.

Enhanced by Zemanta