Your browser is out of date.

You are currently using Internet Explorer 7/8/9, which is not supported by our site. For the best experience, please use one of the latest browsers.

866.430.2595
Request a Consultation
banner

Subscribe to our blog for the latest industry news. Subscribe

Close the Front Door: Planning & Enabling MFA
May 27, 2021 | Mike Giordano, IT Engineer

Close the Front Door: Planning & Enabling MFA

Usually when an organization is at the point of considering MFA, it is already too late. When we think of how MFA protects us, we need to look at this as a very simple and proactive solution where we back up our passwords with another layer of security. Unless someone has access to your MFA device, the password no longer matters, and they cannot proceed to the account. Plus, an additional benefit is that the device will alert you of the request for access.

Read More
HIPAA Versus 2021: Patients’ Rights in Track and Trace Applications
May 20, 2021 | Jenna Waters, Security Analyst

HIPAA Versus 2021: Patients’ Rights in Track and Trace Applications

In the age of Covid-19, technology developers and healthcare providers are working together to find solutions. This kind of partnership is not new, it is not surprising that public health experts are looking to technologies and applications now to help solve Covid-related issues, collecting and leveraging diagnosis data to inform individual and community strategies. This could be an important step in addressing the ongoing pandemic, but also raises longer term questions about patient rights and the adequacy of language in the Health Insurance Portability and Accountability Act (HIPAA) to address new scenarios created by rapidly developing technology.

Read More
The Seven Stages of Cybersecurity Grief
May 13, 2021 | Jerald Dawkins, PhD, TRUE Co-founder

The Seven Stages of Cybersecurity Grief

Encouraging advice for recognizing where you are and continuing your progress on your path to cybersecurity maturity.

Read More
If Time is Money, Documentation is an Investment That Pays Dividends
May 06, 2021 | Jim Ellington, IT Engineer

If Time is Money, Documentation is an Investment That Pays Dividends

Considering the complexity of modern computing systems, and the ongoing merge between compliance, security, and IT management, documentation has become more important than ever. With the number of servers, desktops, routers, switches, printers, and security devices required for a business to thrive always increasing, modern networks are a complex and sometimes confusing environment. The speed at which these network environments change and grow is often hard to keep up with. Therefore, proper documentation of your network is very important.

Read More
How a Malware Incident Can Affect Your HIPAA Compliance
Apr 29, 2021 | Jenna Waters, Security Consultant

How a Malware Incident Can Affect Your HIPAA Compliance

For organizations under obligations to meet HIPAA compliance, a malware attack can have fallout far beyond simply losing access to your systems. Leveraging new attack methodology, cyber criminals can expose, exfiltrate, and even publish patient data, adding the impact of HIPAA noncompliance to their list of risks.

Read More
Applications As a Threat Vector in the Cannabis Industry
Apr 22, 2021 | Michael Oglesby, Vice President of Security Services Operations

Applications As a Threat Vector in the Cannabis Industry

Investors who have stakes in 3rd party application vendor companies, as well as cannabis businesses looking to implement them, need to be aware of the serious security risks that need to be mitigated in order to protect profits and avoid security incidents that could lead to fines or even legal liability lawsuits.

Read More
Hafnium & SolarWinds Attacks Are a Wakeup Call for Corporate America
Apr 15, 2021 | Jenna Waters, Security Consultantt

Hafnium & SolarWinds Attacks Are a Wakeup Call for Corporate America

The recent Hafnium and SolarWinds attacks seem to have opened the eyes of many business leaders in corporate America to the true potential impact of cyber attacks, crossing public and private boundaries alike. Many corporations have viewed their internal cybersecurity needs as just another part of the competitive landscape–every man for himself, so to speak. Recent attack trends prove that this age is long-gone, however, and it’s time to reevaluate how we define the US cyber ecosystem.

Read More
Active Directory: Your (Attacker’s) Best Access Tool
Apr 08, 2021 | Corey Bolger, Security Consultant - Risk Advisory Services

Active Directory: Your (Attacker’s) Best Access Tool

If you want IT efficiency and have a sizeable team, you are probably using Microsoft Active Directory. However, if not managed properly, this essential part of your infrastructure can become a serious risk. The fact is, access management and, more specifically, Active Directory management is a challenge for nearly every organization today.

Read More
True Digital and the Holy FAIL - Hacking APIs
Mar 25, 2021 | Aaron Moss, Senior Security Consultant

True Digital and the Holy FAIL - Hacking APIs

After talking with a few developers and admins over the past couple of years, it's become clear that most devs/admins don't realize that these APIs can be accessed just as easily as the webapp itself. Many admins were under the impression that the API is accessible only through the internal network, as a backend endpoint. It often surprises them that we're able to not only access the API, but also to ransack it and download TONS of data about clients/users/PII/PHI/etc.

Read More
The Hafnium Exchange Hack: Identify the Signs & Mitigate Risk
Mar 25, 2021 | David Zink, Security Consultant, Risk Advisory Services

The Hafnium Exchange Hack: Identify the Signs & Mitigate Risk

There has been a flood of articles and directives coming from the most recent Microsoft Exchange Server exploits.  To help you navigate advice on what steps are most important for you to take, I have endeavored here to assemble the key links and details you will need to know to help you–

Read More

Get Started with True Digital Security

Request a Consultation