At Online Business Systems we have our feet in two different worlds – Digital Transformation and Cybersecurity. As you can guess, we get a lot of questions about how to plan for and incorporate a security strategy when designing and executing a digital transformation project (e.g. process automation, transforming to a paperless organization, incorporating AI, or a cloud migration.) I have read quite a few articles and blogs written on this topic recently and had a few thoughts of my own based on my experiences being on the front lines where we’ve seen security done well (and also, unfortunately, not so well.)

So, let me tell you a story.  This is a true story.  A personal story about a request I got from someone who is near and dear to me.

These kinds of requests are becoming more and more common and so I wanted to share what happened so that you can recognize it when somebody comes knocking on your door (or email) with a similar ask.  Who would suspect that a gift card could be the tool of a phishing attack?  You should.

RSA week is always a busy time of attending presentations and training sessions, exploring the [newly expanded] Expo Hall (700+ vendors), checking out what’s new in the Early Stage Expo (aka the Sandbox), catching up with old friends/colleagues/customers, and being enticed to attend way too many parties/receptions every evening.

This past year saw a continuation of established trends in cybersecurity. Breaches continue to rise, attackers are getting more sophisticated, and the market continues to be flooded with silver bullets that promise to solve all enterprise security problems in one fell swoop.  As an organization, Online works with hundreds of organizations, many in healthcare and have learned a few things. Here are five things we learned in 2018 that you and your organization should consider for moving forward:

In the spirit of Data Privacy Day, which was recognized throughout the world, we wanted to share a special mid-week post with you from our GDPR expert Privacy Consultant and Legal Counsel, Laura Sulymosi.

Two Things Every CISO Should Consider:

1. “What critical assets do you have that are worth protecting?”
2. “What happens if they’re compromised?” 

These were two questions I asked a CIO from a large Energy company when I had the chance to sit down with him recently.

Although 2019 promises a new version of the Payment Card Industry Data Security Standard (PCI DSS) the current version 3.2.1 is the de facto standard for measuring security programs for all merchants and service providers that participate in commerce using credit or debit cards.

There are twelve major requirements in the PCI DSS, and considering the complexity of the material we have chosen to dedicate individual blogs to the different requirements. The focus of these blogs will be to provide tips and pointers, help provide clarity for “what’s new” and to enhance understanding so that your organization can achieve a sustainable security posture that easily satisfies the requirements of the PCI DSS.

2018 has been a year of rapid technology growth. We have seen changes to the security landscape, an increased adoption of AI and continued generational adjustments to our workforce.  As we look back over the last 12 months, we wanted to share some of our favorite blog posts from 2018 that touch on some or all of these topics: from risk and security assessment, to user experience, design thinking, business consulting, and everything in between. Happy reading!

(A friendly reminder from our RSP team on practical ways you can avoid being a target of identify theft when shopping on & offline this holiday season.)

What's Your Cellular Data (Protection) Plan?

There’s no shortage of stories from around the globe on new ways that hackers are learning to access our personal data.  Important preventative measures include keeping up-to-date antivirus software, having an active firewall, and using strong passwords.  Even with these controls in place, this can lead to a false sense of security.

While many of us focus on protecting laptops and computers, we often don’t stop to think about protecting our personal or work-assigned smartphones, which is exactly what criminals are counting on. 

Honestly, that was my first thought when I started looking at the marketing material HP had put together for Black Hat 2018 this year.

HP has been promoting its efforts to provide security to its enterprise printers for the past couple of years and has done a great job at offering secure solution. They have even involved the security research community by introducing a first-of-its kind enterprise printer bug bounty program. 

But end-point security? HP makes printers. What do they know about protecting end-points like desktops or laptops?