15 Questions to Answer for HIPAA Compliance

Any organization that has access to electronic Protected Health Information (ePHI) is required to comply with HIPAA (Health Insurance Portability and Accountability Act of 1996). Given that HIPAA applies to a wide range of covered entities and business associates, the requirements can be somewhat vague, which makes it difficult to know where to start. To help with this, below are 15 key questions … [Read more...]

New Survey Reveals the Importance of Cybersecurity Automation

These days enterprises are dealing with vast amounts of unstructured data – a problem that is compounded by the increasing number of ways to share this data. Despite this, both employers and employees are still failing to either understand or care about their responsibilities when it comes to data protection. According to research carried out by Opinion Matters – an independent … [Read more...]

Data Classification for GDPR: How Classification Can Help You Comply with Regulations

If your organization stores, processes or transfers the data of EU citizens (whether they are your customers or your employees) then the GDPR should be at the forefront of your mind. If you want to avoid the serious implications of non-compliance, including potentially crippling fines, then you need to get to grips with what the GDPR entails and how to ensure you are compliant. If your … [Read more...]

Capital One Data Breach Highlights Importance of Data-Centric Security

Capital One, the giant financial services firm, were the target of a hack that affected the personal details of more than 106 million individuals across the US and Canada. As of writing this blog, an arrest has been made in connection with the hack after the attacker, Paige Thompson, was reportedly boasting about it online. The breach apparently included personally identifiable information in the … [Read more...]

Enforcing HIPAA Might Just Be Getting Easier

A new bill recently passed by a Senate Committee incentivizes healthcare entities to adopt cybersecurity policies, and therefore making it easier for authorities to enforce the Health Insurance Portability and Accountability Act (HIPAA). The piece of legislation has been introduced to help lower the cost of healthcare, but it touches upon healthcare in that it asks providers to focus on … [Read more...]

How Does Data Classification Help Healthcare Providers in the USA?

Healthcare in the USA is an enormously competitive industry where regulatory oversight is strict and encompasses all manner of activity. On top of that, the needs of healthcare organizations are extremely complex and the importance of the services they deliver mean that processes and practices need to be as streamlined as possible. Due to the sensitivity of patient data, it is vital that … [Read more...]

5 Easy Ways to Improve Office 365 Security

Office 365’s Advanced Threat Protection (APT) may be a useful way to improve the security of the platform, but it is not without its flaws. Security researchers discovered back in 2018 that Office 365 APT had some fundamental flaws when it came to defending against a new wave of phishing attacks. It seems as though SharePoint invitations containing malicious links were being sent out to some … [Read more...]

What is an AdminSDHolder Attack and How to Defend Against it?

In this blog, we will be going through how the AdminSDHolder object in Active Directory can be used in Active Directory attacks. We will also go through what you can do to help defend against AdminSDHolder attacks and how LepideAuditor can help make this process easier. What is an AdminSDHolder? Essentially, the AdminSDHolder is an object in Active Directory that acts as a security descriptor … [Read more...]

The Ins and Outs of Data-Centric Security

We’ve said it many times before, but it is worth emphasising; organizations need to be doing more about securing their data from the inside-out. Currently, as has been the case for numerous years, organizations are spending too much on perimeter security (which is, of course, important) and forgetting to focus on the thing that matters the most, the data itself. We speak to many organizations that … [Read more...]

What’s the Difference Between Share and NTFS Permissions?

Both share and NTFS permissions serve the same purpose within Windows environments; namely, to help you prevent unauthorized access to your critical folders. However, there are some critical differences between the two that will determine which one you use. In this blog we will learn about what share permissions and NTFS permissions are, what the differences between the two are and the best … [Read more...]