HIPAA: The Difference Between the Privacy and Security Rules

The Health Insurance Portability and Accountability Act (HIPAA) was first put in place in 1996 and developed to be the standard for ensuring the protection of sensitive patient data. It is divided into two separate rules that work in conjunction with each other to ensure maximum protection; the Security rule and the Privacy rule. The Difference Between HIPAA Privacy and HIPAA Security Both the … [Read more...]

14 Mistakes Companies Make in Preparation for GDPR

I think it’s fair to say that most organizations are still struggling to understand exactly what is required of them when it comes to GDPR preparations. There is a lot of misinformation out there surrounding this topic and it can be easy to just ignore the mandate and keep your fingers crossed that it will all be OK. Obviously, this is not the way to go about it. We’ve had … Read more … [Read more...]

Healthcare & Public Administration Still Plagued by Insider Threats

According to the 2018 Verizon Data Breach Investigations Report, healthcare “is the only industry vertical that has more internal actors behind breaches than external”. Healthcare service providers have come under a lot of scrutiny in recent times due to repeatedly failing to protect the data they hold. While such scrutiny is both understandable and ultimately necessary, healthcare providers have … [Read more...]

How Would Your Organization Fare if Faced with This Data Security Issue?

This blog is based on a true story – names have been changed to protect the innocent. Late one Friday afternoon Nigel, a Senior Executive, gets a panicked phone call from the Head of Customer Services, Steve. Steve says one of his regular customers is on the phone claiming Steve’s company are the source of a breach that has led to his credit card details being fraudulently used. The customer … [Read more...]

Have You Left It Unlocked with The Keys In?

If you were placed in charge of your boss’ Ferrari, you’d make damn sure you knew where the keys were at all times. If anyone asked to so much as look at the car, you’d be on edge and watching them closely. You’d make sure it was always somewhere safe. You wouldn’t leave the keys in the staff canteen unguarded, and you certainly wouldn’t let the new hire in the … Read more … [Read more...]

Why you Need to Audit Privileged Accounts in Active Directory

A report by Forrester once claimed that 80% of all security breaches involved the abuse or misuse of privileged credentials. Let’s accept for a moment that Forrester are right, and that privileged user accounts are the common denominator in a large percentage of security breaches. Knowing this, we’d expect to see all organisations well on the path to having clear processes, policy and controls in … [Read more...]

Most Companies Think Their Active Directory is Secure Until They Talk to Us

We talk to thousands of organisations every week about their Active Directory and, more specifically, how secure and protected their Active Directory is. It’s fair to say, I think there is a good deal of education that needs to be done as to what constitutes a secure Active Directory. Whenever we begin any engagement with any potential client we ask questions around their drivers. One of the … [Read more...]

Why Auditing Permissions is an Essential Part of Your IT Security Plan

Perhaps the most common challenge for the modern IT department; who has permissions to what, how did they get them and are they acting responsibly? Reporting on current permissions and ensuring any changes to permissions are recorded and checked. It’s one we’ve heard time and time again and it’s a real problem. Data leakage can arise as a result of the wrong people having access to data and … [Read more...]

The Problem of Privilege Management in Data Security

I was writing a whitepaper recently on privilege abuse and I noticed spellcheck had picked up on a typo on the word ‘privilege.’ I right clicked, and the thesaurus gave me some possible alternatives which really made me think about what it is for a user to be privileged. Figure 1: Definition of ‘Privilege’   Imagine if we actually thought about the people we are granting privileged access to … [Read more...]

When is a Data Breach Really Considered a Data Breach in the USA?

Here at Lepide we talk a lot about how we help companies identify and prevent data leakage and how we can help mitigate the risks of data breaches. However, it’s not always clear as to what constitutes a breach in real world terms. At what point is a breach technically a breach (i.e. what conditions need to be met before you are liable to disclose)? In the USA, definitions vary … Read more … [Read more...]