Blog

Fasoo Moderates Panel on Cybersecurity and Your Company
Ron Arden September 15, 2017
Cybersecurity News

Fasoo Moderates Panel on Cybersecurity and Your CompanyBill Blake, Senior Vice President and CCO (Chief Customer Officer) of Fasoo, moderated a panel discussion on Cybersecurity on September 13, 2017 at Harter Secrest & Emery LLP in Rochester, NY.  The event entitled Cyber Security & Your Company – What You Need to Know Now featured industry leaders and experts from The Bonadio Group, Fasoo, Lawley, and Harter Secrest & Emery LLP discuss how, when, and why to plan for a cyber attack.

The event was part of a continuing dialog with organizations on the needs for stricter cybersecurity controls in the wake of the ever growing threat of data breaches and threats to business operations.  Recent data breaches at Equifax, Verizon and others show that any organization is vulnerable to external attacks or insider threats.  Regulations and legislation, such as the New York NYDFS 23 NYCRR 500 cybersecurity regulations and GDPR in Europe, are causing businesses to improve their security posture to protect business and customer information.

Rochester NYDFS Pathways to Compliance Event a Big Success
Ron Arden May 16, 2017
Cybersecurity News

Rochester NYDFS Pathways to Compliance Event a Big SuccessThe first of the NYDFS 23 NYCRR 500 roadshow events in Rochester, NY on May 16, 2017 was a great success as numerous people from local financial services companies participated in a great forum to help organizations understand how to meet the new cybersecurity regulations that went into effect on March 1, 2017.

The event was held at Harter Secrest & Emery LLP in Rochester and started what will be a continuing series of forums to assist entities regulated by the New York Division of Financial Services (NYDFS) comply with a strict and wide-ranging group of regulations.

Fasoo Was Busy In October Showing Data Security Solutions
Ron Arden November 10, 2015
Cybersecurity Data breach Data security Insider threat

Fasoo Had a Busy Month in October Showing Data Security SolutionsThe month of October was very busy for Fasoo as we were all over the US talking to people about data-centric security and how it is the best solution to protect your sensitive information from insider threats and external hackers (APTs).

We started the month by attending the Rochester Security Summit in Rochester, NY.  This two-day event brought together executives and technical staff from numerous organizations in the Rochester area to share intelligence on how to protect their businesses from cyber attacks.  Fasoo was part of a vendor pavilion with our partner Brite Computers showing attendees how to protect data localized from databases, files downloaded from content management systems and those shared through the cloud and on mobile devices.  Ron Arden, Vice President – North America, presented to a packed room on “Closing the Threat Gap: A 21st Century Approach to Minimizing Risk” as part of the Threat Landscape track at the event.

New Trend: Healthcare Data Breaches
David Kwag March 20, 2015
Data breach

New Trend: Healthcare

I don’t know how much more we can continue talking about healthcare data breaches. This is again a multi week of data breaches in the healthcare industry, and again over and over. With Anthem Inc. and then again with Premera Blue Cross, and Advantage Dental, all announced they had data breaches, however nothing about if there data was encrypted.

How can 80 million and then 11 million then finally 150,000 patient records all in a month or so get exposed? Have we become so sure that we will not be a target to hackers and insider threats? The question now is not if, but when will a data breach happen. This is even more common in the healthcare industry.

 

When Will Your Data Breach Happen?
David Kwag March 13, 2015
Data breach

 

When Will Your Data Breach Happen?

IT security is a growing threat for businesses of every industry and no organization can be seen as safe. Hackers are learning new methods to attack web sites and networks. Most of the time employees have easy access to company information and are often unaware of how to detect and prevent these breaches because of a lack of training or lack of security for this information. The question is not if, but when will a data breach happen?

It is very clear that data breaches can no longer be protected by perimeter security. The perimeter continues to fade as a result of increasing connectivity between 3rd party partners and vendors, along with

Mandating Encryption for Organizations
bcarambio March 7, 2015
Data security

Mandating Encryption for Organizations

Connecticut is taking the next step in guaranteeing that customer data is secure. Therefore, if companies want to do business in this state, they will have to make sure that all personal data that is stored and transmitted is encrypted. In addition this soon to be law would require business to enable stronger password protections and control how much personal identifying information can be downloaded at one time, to help mitigate damage in the event any data is stolen.

For Connecticut residents, nearly one-third of them, were affected by the Anthem breach. It is no wonder that states like Connecticut, Maryland and New Jersey have made headlines pushing for all organizations to encrypt any sensitive data they have that pertains especially to customers. Connecticut Senate Majority Leader Bob Duff, D-Norwalk explains that, “In the long run, I think that companies will find it cheaper to implement these protocols than to have to clean up the mess of a data breach.”

The Debate of Encrypting to Prevent Data Breaches
David Kwag February 13, 2015
Data breach Data security

The Debate of Encrypting to Prevent Data Breaches

All the data breaches in the news these days have caused many to think about encrypting their data to prevent the losses a breach will bring.  With one of the biggest private health care providers in the US falling victim to a massive data breach, we can learn from its experience.

Even though credit card information wasn’t exposed, other sensitive data was, including names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data.

So the question here is why no encryption?  According to SC Magazine, the institution felt it had other security strategies.  Unfortunately this is not the only incident of a data breach in the healthcare industry.  From stolen laptops containing sensitive patient information to back doors planted in systems, information detailing abnormalities in usage behavior should be enough for IT administrators to notice and act upon.

When Data Breaches Come from Within
David Kwag February 6, 2015
Data breach Insider threat

When Data Breaches Come from Within

Insider threats still remain to be a higher concern for business not only in the United States, but around the world. Businesses are more than ever expected to maintain or increase their data security and data protection budgets to mitigate the risk of insider threats. When we look at business today, more than 93% of U.S. respondents to a survey say the feel vulnerable to insider attacks. There is no doubt that those that come from within in a business pose the most threats.

Nowadays, preventing data breaches have become the one of the highest priority for IT security spending and based on recent headlines, the cloud and databases are the most at risk. Unfortunately, it is only until after an organization experiences a data breach or fails a compliance audit, do organizations “play catch-up” to secure the their sensitive data. Privileged users still remain the greatest threat, but contractors and service provide, along with business partners still pose a threat within the inside. Whether it is malicious or unintentional, the fact that sensitive information remains unprotected even with all these headlines is beyond any consumer’s guess.

New Data Breach Security Laws Soon to be in Place?
bcarambio January 23, 2015
Data security

New Data Breach Security Laws Soon to be in Place?

This week, Obama addressed the nation with a new data breach notification bill. Although data notification is a major part of this bill, the president also mentioned about file encryption as well. The White House bill provides businesses with safe harbor by exempting them from the individual notice requirements if a risk assessment concludes that “there is no reasonable risk that a security risk has resulted in, or will result in, harm to the individuals whose sensitive personally identifiable information was subject to the security breach.”  If the data is unusable, unreadable, or indecipherable data, there is a presumption that there is not a reasonable risk.  If a business makes this determination, it must notify the Commission of the results and its decision, in writing, within 30 days.

Share Your Files Securely with Partners and Customers
David Kwag October 30, 2014
Data breach Data security

Share Your Files Securely with Partners and Customers

Recent headlines involving unencrypted portable media such as CDs and USBs have hit the news. Most recently in Arizona, two unencrypted computer discs containing names and Social Security numbers were sent to another partner and after a month, the partner still said it had not received the discs. This situation along with many other healthcare industry data breaches proves that in no way is any organization immune to this threat.

As stated in this article and many people would agree, that these incidents underline the increased importance of health data encryption as a top priority for the healthcare industry. However, as it is impossible not to continue to have these relationship with partners, and regardless these sensitive files will need to continue to make their way outside of the organization through email, cloud-based file-sharing services, FTP and portable media such as USB and CD, the need for security measures for files shared with outside parties has become critical to an organization’s security agenda.