Compliance and Cybersecurity Insights

Did you forget to close your garage door when you left home, but then used your mobile device to close it as you sat worry free in the waiting room at the doctor’s office? Not sure if you armed the alarm system when you left for a weekend trip? No problem, because you’re a smart cookie who has smart devices, which will help you handle all this remotely. Left your lights on downstairs, and too tired to get out of bed? Ask Alexa or your Google home to turn them off. Technology is great, technology has evolved, technology has allowed us to forgive ourselves for human shortcomings. But you know what else technology has done? It has facilitated an invitation to those less innocent individuals with malicious intent, and has increased the opportunities for cybercriminals.

With so many devices being upgraded to “smart” devices as consumers move towards “smart” living, the number of Internet of Things (IoT) devices is increasing at a rapid pace. Cisco estimates this number to grow exponentially over 50 billion by year 2020. What does this mean for the average consumer? It means regular household devices such as refrigerators, washing machines, televisions will all become connected and humans will be communicating remotely via the internet with each of these devices. By 2030, only a decade later, this number is estimated to grow to 500 billion devices!

There are vulnerabilities, which can allow for hackers to be able to gain access to these devices. The more consumers utilize these devices to control their home, the greater access these cyber criminals will gain. It is a scary thought to think you may be susceptible to hackers, and while it seems like it is not a big deal if a hacker can turn off your lights, the security repercussions can be far more dangerous. If your doors are connected via an IoT device, then criminals will be able to access data on when you leave your house, and even be able to control the disarming of your security system to break into your home. Security cameras can be disabled, motion sensors switched off, and the consumer would have no idea until it is possibly too late. 5G enabled devices will increase this risk, as these will connect directly to a network vs a Wi-Fi router, exposing devices to an even greater likelihood of cyberattack.

What is exceptionally dangerous about these attacks, is the victims would in most cases be completely clueless as the devices continue to function as normal. Systems such as Google Assistant and Samsung’s Bixby can inadvertently result in compromised data generated from unprotected devices. This can in turn expose victim’s personal information such as credit card data and confidential passwords.

The important thing is to be a conscientious consumer, don’t be afraid of becoming one of the many who are upgrading theirs to a Smart Home; simply take counter measures to ensure you don’t become victim to cunning cyber criminals.

Let’s start with the simplest of security elements. THE PASSWORD. Phishing is still incredibly popular amongst hackers, and highly successful as well. While technology continues to evolve, human nature remains the same, and it is easiest to appeal to this vulnerability with disguised emails tricking the recipients. A strong defense to this line of attack would be to enable two-factor authentication.

Additionally, a surprising amount of people utilize the same password for all of their devices. Their laptop, home security, cell phones, bank pin codes; the list is endless. Over 83% of people surveyed stated they use the same password for multiple sites. A simple solution to this is to utilize a unique password for each device, so if one is compromised, your other devices will remain safe.

Most smart home devices are controlled remotely via an application installed on a person’s smartphone. If your phone is compromised, then you are inadvertently creating vulnerabilities with all other devices controlled from your phone. If you are using public wi-fi on your phone, you should exercise caution and ensure you always utilize VPN (virtual private network), which has strong security features and maintains an anonymous internet connection.

You should also ensure the software for your smart devices is always up to date in order to protect yourself from any identified security risks. Device makers will do frequent software releases and security patches, and you should never ignore these when they come through. Change the privacy settings the manufacture defaults the devices to, and don’t ever give the same access to guests and acquaintances who may need temporary access to your IoT devices.

Lastly, you can give your router a different name from the one which automatically generates from the manufacturer as well as the default password, so as to hinder hackers’ ability to gain information on the make and model of your device. Any roadblocks you can setup for malicious attacks will create an added layer of security and more barriers between you and cyber criminals wanting to gain access to devices in your home and your day to day lives.

To learn more about  the Internet of Things (IoT), you can visit:

https://www.cgcompliance.com/industries/internet-of-things-iot

If you are a service organization and your customers trust you with their data, you may need to pass a SOC 2 audit to sell your products.

Whether your customers demand an audit report from you or industry regulations require one, you may have to provide proof of SOC 2  compliance to demonstrate that the data you’ve been entrusted with is properly secured.

Ransomware is like the flu. Everybody knows about it, nobody wants it, and many try to prevent it, but it spreads anyways.

Complying with the Payment Card Industry Data Security Standard (PCI DSS) ensures that you have taken the necessary safeguard to secure payment card data, and it should be a goal for your organization. However, PCI DSS compliance doesn't ensure that all data is secure—so it isn't a stopping point.

A group of prominent investors aims to improve cybersecurity by building companies around new technologies for protecting data.

Comply. Compete.

Ignore either at your peril.

Whether it be the damages that could result from a data breach caused by lax security or the operational inefficiencies—and thus competitive disadvantages—that could be caused by cumbersome policies and procedures, your organization must mitigate risks on multiple fronts as you seek to satisfy regulators, customers, and stakeholders alike.

Recent advancements in technology have, in many ways, made our on-the-go lives easier and more flexible. But at the same time, our private data has become more and more vulnerable to data breaches.

That’s because of consumer preference, the frequency of online transactions, and the fact that private data storage regulations are only recently beginning to come under the magnifying glass and mature.

There is no denying that Amazon Web Services (AWS) is a popular choice among companies these days. Businesses like to store their data and run their operations through AWS because of the convenience and performance that its cloud-based storage and services provide.

What you should know regarding the key changes to SOC 2 reporting (TSP Section 100)

Security breach incidents have become as ubiquitous as Monday morning traffic. Occurrences appear to be getting more sophisticated in scale when it comes to the volume of data stolen and the financial impact to both enterprise and individuals.