Being compliant with standards means being a quality product. That’s exactly what we are about to discuss in the article below.
SafeDNS helps organizations become compliant with CIPA, IWF, BpjM, HIPAA and other regulations, but for the users new to web filtering, these abbreviations might mean nothing. Whether you are an experienced user or a newbie, the below will clear out any questions you have on various compliances.
Why is CIPA important?
Since the Children Internet Protection Act was passed in 2000, a lot of the online environment had changed. Global digital population is now 5 billion users and counting, but back then in the beginning of the digital era it was about 300 million.
Access to the internet for a lot of teenagers and kids was only available in a school or a public library. Being interested in everything on the global web, students did more than just their homework – the whole internet was opening up for them as the school years were going by. Respectively, the government had to introduce some guidelines for schools & libraries on how to protect the kids from the content they should not see.
That is how and what for CIPA, a document that regulates the exposure of inappropriate content to children, was created back in 2000.
To be CIPA compliant means to guarantee cybersecurity of the schoolkids from obscenity, child pornography & harmful content.
Being IWF compliant means being against child pornography and blocking all child abuse content online. Internet Watch Foundation has formed a list of URLs to be blocked, and it is constantly updating. Project Arachnid is also a charity against child sexual abuse based in Canada. The Canadian Centre for Child Protection has already processed 141 billion+ images of child abuse.Those also form the list of prohibited resources that web filtering restricts access to.
BPjM
Similar to the previous regulations, this one comes from Germany. The Federal Review Board for Media Harmful to Minors (German: Bundesprüfstelle für jugendgefährdende Medien or BPjM) is a German federal agency that is responsible for censoring media that is suspected to be harmful to the younger generation. The results of such works are formed in The List of Media Harmful to Young People which includes movies, games, printed resources and audio recordings. Once a piece enters the List, it stays there for 25 years. After this period, it might be left out and thought to be no longer harmful or left in.
Health Insurance Portability and Accountability Act is aimed to safeguard PHI, protected health information. Such information may include names, addresses, phone numbers, medical records, or even photos. What web filtering can do in this regard is to prevent a data breach by simply not gaining access to malicious websites at the corporate network level.
About Version 2 Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About SafeDNS SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.
Wildomar, CA — Actiphy Inc., a leading publisher of backup, disaster recovery, and virtualization software announces an release update of ActiveImage Protector 2022, that places an emphasis on minimizing Recovery Time Objectives (RTO).
Background
Businesses are required to prepare and implement disaster recovery, and business continuity plans. Natural disasters have become more impactful, and as global uncertainty increases, the threats of cyber-attacks are becoming more common. Corporate systems are becoming exposed and exploited. When disaster strikes, RTO is the most important benchmark for defining the quantity of time allowed for a system, app, or a process to be down and recovered before effecting significant damage to the business.
Reduce RTO using Actiphy’s HyperRecovery LIVE!™ to boot up a system from a backup image as a VM in a cloud or on-premise hypervisor and recover it simultaneously. With In-Cloud Standby™, keep an up-to-date instance of the system ready to start up and succeed the failed system.
Updated Features
HyperRecovery LIVE! Directly boot a virtual machine from a backup while migrating the virtual machine to a restored target, eliminating a separate restore process.
In-Cloud Standby Maintains the most current backup images as bootable standby machines in the cloud ready to succeed a failed system.
In-Cloud Recovery from On-premise or In-Cloud Storages Supports recovery of sources on cloud-bridged virtual networks (VLAN) and SFTP resources outside the cloud, or access cloud storage from outside the cloud environment.
RescueBoot and Remote Maintenance RescueBoot boots into Windows RE mode to perform cold backups, system recovery, or to remotely perform maintenance or diagnostics from the operating system.
File Backup Enhancements Newly added, exclusion of specific files or folders and supports the backup of Network Shared Folders.
Enhanced LTO Tape Management With newly enhanced management of LTO tape pools and libraries, tapes can now be moved within the library to be isolated from potential ransomware attacks.
ActiveImage Protector 2022 is a backup and recovery solution that protects physical and virtual, Windows and Linux environments. ActiveImage Protector includes all the tools necessary for enterprise-level deployment and management of backup, recovery, standby switch-over, and migration.
About Version 2 Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Actiphy Actiphy founded in 2007, focuses on developing and offering innovative backup and disaster recovery solutions for complete protection of all your systems and data. ActiveImage Protector backs up Windows, Linux machines on physical and virtual environments and restore systems and data fast for you to be up and running with minimal downtime and data loss. Today Actiphy hold 20% of the image backup market in Japan and are expanding our services in the Asia/Pacific and North American regions, as well as in Europe, the Middle East and Africa.
If you face a major cyber attack or pay ransom to attackers, you may have to report it to the Cybersecurity and Infrastructure Security Agency (CISA) within a certain timeframe under the new cybersecurity law .
The Strengthening American Cybersecurity Act of 2022, which became law in March 2022, imposes strict reporting obligations on critical infrastructure owners/operators: Entities operating and/or owning critical infrastructure have to notify the CISA of the ransomware payment within 24 hours and of the major cyber incidents within 72 hours.
Who is covered by the new requirements? When and how are cyber incidents reported under the new law? Keep reading to find out more.
What is Strengthening American Cybersecurity Act of 2022?
Although the new requirements on incident-reporting makes the headlines, the new cyber security law is composed of three separate regulations:
The Cyber Incident Reporting for Critical Infrastructure Act of 2022: This regulation imposes on critical infrastructure operators the obligation to notify the CISA of “covered cyber incidents” and “ransom payments” within a certain timeframe.
The Federal Information Security Modernization Act of 2022: This regulation contains requirements on federal information security management and on reporting of cyber attacks and how these attacks will be remedied
The Federal Secure Cloud Improvement and Jobs Act of 2022: This regulation deals with the security requirements for the use of cloud products.
What Entities Are Covered in the Cybersecurity Act?
Under the new law, the CISA will have the power to decide what types of entities will be subject to the new incident-reporting requirements.
While the CISA is provided with wide discretion, the law requires the CISA to consider the following three factors when determining the “covered entities”:
How would national security, public safety, and public health be affected if an entity’s operations are disrupted or compromised
What is the likelihood that a malicious actor, such as a foreign country may target the entity?
“the extent to which damage, disruption, or unauthorized access to such an entity, including the accessing of sensitive cybersecurity vulnerability information or penetration testing tools or techniques, will likely enable the disruption of the reliable operation of critical infrastructure.”
Considering that these criteria refer to “national security”, “public safety” and also to the possibility of being targeted by foreign state actors, the 16 critical infrastructure sectors defined by the Presidential Directive 21 will likely be declared as “covered entity”.
These sectors include, but are not limited to:
Defense Industrial Base
Emergency Services
Energy
Financial Services
Healthcare and Public Health
While it is reasonable to expect that these sectors will be defined as “covered entities,” the CISA will likely go further and determine additional sectors as falling under the new law.
What Incidents Should Be Reported
Under the Act, there are two categories of attacks that needs to be reported:
Cyber incidents
The Act does not require all incidents to be reported to the CISA and provides CISA with the power to determine the criteria and threshold for cyber incidents to be covered by the Cybersecurity Act.
However, the Act lists three types of high-impact cyber incidents that is covered by the Act. For example, incidents that involves “unauthorized access or disruption of business or industrial operations” due to a “compromise of a cloud service provider, managed service provider, or other third-party data hosting provider or by a supply chain compromise” must be reported under the Act.
A recent example of such a cyber attack is the SolarWinds attack. After Russia-backed hackers inserted a malicious code into the SolarWinds’ network monitoring software, they gained access to thousands of companies’ networks, including electricity, oil and manufacturing companies.
Ransom payments
“Ransomware Attacks” are defined broadly under the Act: Use or threatened use of all techniques aimed at hindering an entity’s information processing operations falls under the definition of “ransomware attack”. Alongside the traditional ransomware technique, encryption of data, the following types of mechanisms are also subject to the Cybersecurity Act:
Distributed denial of service attacks
Insertion of malicious code.
When to Report the Incidents?
The Act sets out two different deadlines for the reporting of incidents:
Incidents falling under the “ransom attack” category must be reported to the CISA within 24 hours after the entity operating/owning the critical infrastructure makes a ransom payment.
“Covered entity” must report cyber incidents within 72 hours after it “reasonably believes that the covered cyber incident has occurred”
Criticisms Against the Law
Though the new law is welcomed by many in light of the growing numbers of cyber attacks targeting critical infrastructure and the rising geopolitical tension in Eastern Europe, it is also criticized for not addressing a few critical issues:
No reporting to the FBI: The Department of Justice publicly opposed the new law for not requiring “covered entities” to report the incidents to the FBI. Some agree that direct notification of incidents to the FBI would enable the FBI to provide support to affected entities promptly and warn the other potential vulnerable entities against the risks.
DNS: Another criticism directed at the new Act is that DNS information is not included in the reporting requirements. Some argue that DNS information is critical to law enforcement agencies and investigations and it would make it easier for the law enforcement to carry out investigations and determine the origin of the attacks.
What Should “Covered Entities” Do?
Monitor new developments
It is far from certain what entities will be covered by the new reporting requirements, what the contents of the report will include or what types of incidents will fall under the applicability of the new Cybersecurity Act.The CISA will have the power to issue directives in these critical issues and organizations should closely monitor new directives and opinions issued by the CISA.
Establish and Implement an Incident-Response Plan
Given that the new Act sets 24-hour and 72-hour notification requirements and defines the minimum content the reporting must include, organizations must put in place a robust incident response plan.
About Version 2 Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Portnox Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。
Texas is one of the richest states in the USA and has been receiving a large amount of tech companies in recent years: Oracle, Cloudflare, and Tesla changed cities like Palo Alto and San Francisco for Austin and Houston. So now you may be wondering: why did they change? And what is the relationship between cybersecurity and the Texan economy? Read more ahead in this article:
Why Is Texas Turning Into the New Silicon Valley?
The name “Silicon Hills” initially referred to the mountainous terrain on the West side of Austin, but now it makes a clear parallel to Silicon Valley. Austin has always housed many companies focused on technology, but in recent years, the growth has been exponential, and giants such as Google and Amazon have migrated to the region, building large facilities.
One of the main reasons is “economic freedom”, a term defended by the current state governor, Greg Abbott. Local politicians aim to attract more and more new investors to the state. In addition to not having a state income tax, Texas prioritizes job creation, providing social and income equality. Therefore, it imposes fewer regulations on local companies, which ends up facilitating and cheapening operations in the region.
Besides all these advantages, the state promises to be fun and politically progressive, with a large academic center, and prestigious universities spread throughout its territory. Therefore, companies moving to the region can rely on a highly skilled and diverse workforce.
What are the segments that play a critical role in Texas economy (besides technology) and how they relate to cybersecurity?
Texas’ economy plays a major role in the U.S. economy. The state used to have an economy focused on agriculture, more precisely on cotton crops and livestock, but its economy has diversified. Today, oil and aerospace industries also play a major role.
Besides the technology industry field, Texas is also home to one of the largest natural energy reserves in the United States and to organizations such as NASA and SpaceX, which drive the aerospace market. One of the consequences of this phenomenon is that the region has become one of the richest in the country, offering life quality at a low cost, which ends up attracting the attention not only from people and companies but also from hacckers that aims to attack their critical infrastructures.
Critical infrastructure is related to the assets, systems, facilities, networks, and all other elements that maintain the national security, economic vitality, and public health of a region. There are numerous sectors considered critical that have some type of dependence on technology for their operation, management, or automation.
It is also quite important to keep critical infrastructures secure. The sectors focused on the economy of a region are also classified as critical infrastructures. Which is why there is a need to invest in cybersecurity, as well as to develop laws and regulations that help protect data and services.
Are there any data protection acts in Texas?
Unlike other countries, the United States does not have a General Data Protection Law in a the federal level. But there are recent regulations, more localized ones, which deal with specific areas, regulating the use of certain types of data or some industries, such as health, finance, and telecommunications.
The laws at the state level are intended to cover points that federal laws do not. In this way, each state has the freedom to enact its own rules regarding data and information protection.
With this information, here we will present a brief overview of data and information protection laws in the state of Texas.
1 – Texas Privacy Act (2019):
The Texas Privacy Act made some changes to previous data breach notification laws, which include the following:
Companies must provide notice of data breaches that affected individuals within 60 days from the event.
Companies experiencing a data breach that affects 250 or more people must notify the Texas Attorney General’s office.
The Privacy Protection Advisory Council was created to advise on possible changes to existing privacy laws.
2 – Texas Cybercrime Act:
The cybercrime law has created new criminal offenses for denial-of-service (DoS) attacks, ransomware facilities, and intentional data alteration.
3 – Student Privacy Act:
This act forbids the sale of student personal data, creating ads for students based on data shared by educational institutions or suppliers, and broadly forbids the disclosure of student data.
4 – Medical Privacy Act:
This act provides privacy protection complementary to the requirements of the Health Insurance Portability and Accountability Act (HIPAA). It requires employee training, providing electronic health records at the patient’s request, notification of a breach, and patient authorization for disclosure of health-related information.
5 – Biometric Privacy Law:
The Biometric Privacy Law forbids the capture, sale, or scanning of iris, fingerprint, or facial geometry without the consent of the person.
6 – Identity Theft Law:
It forbids to identity theft, that is, the use of a person’s identifying information to obtain goods, services, and personal credit. The Identity Theft Law also requires companies to adopt procedures to protect customer data from illegal uses.
The laws presented are always undergoing modifications to maintain the privacy and security of information and personal data, as well as services and companies present within the territory.
About Version 2 Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Senhasegura Senhasegura strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.
In this blog we’ll give an overview about what a cyber insurance is and what you need to get it. Furthermore, we’ll talk about why multi factor authentication (MFA) has become a mandatory requirement to get one of those cyber insurance coverages.
What is cyber insurance?
What does cyber insurance mean?
A cybersecurity insurance or cyber liability insurance is a coverage against financial losses caused by cyber incidents (for example data breaches) and offers technical and recovery support.
To define the cost of your insurance, cyber liability insurers will look at multiple risk-factors, like for example, what industry you’re in, which way the organization covers data and of course, which security measures the organization already has in place.
There are various requirements that insurance companies define for organizations to be eligible for the insurance coverage. One of the most fundamental ones that most insurers ask for nowadays is Multi factor authentication (MFA).
Questions about training for employees will for sure be on the questionnaires you’ll need to fill in for an insurance quote.
All depends of course on the type of insurance you take.
It is important to understand that a cyber insurance coverage will not help you to identify cyber risks themselves, nor will they eliminate these. However, when your organization would be hurt by a cyber attack or data breach, having a cyber liability insurance will help you to, for example, recover compromised data, restore personal identities, or repair your damaged computer systems.
Some examples of events that could be covered by your insurance:
Data loss or breach (after hacking, employee theft, loss of memory stick, …)
Computer fraud
Business interruption due to a breach
Keep in mind that an insurance like this will protect you financially regarding your digital assets, but it won’t be able to cover every possible risk.
What does cyber insurance not cover?
Cyber liability insurance doesn’t cover claims of property damage or bodily injury. For this, you will need a general liability insurance, as a cyber one does not protect you against these claims.
Furthermore, your insurance (probably) also won’t cover:
Potential lost profits in the future.
Cost of restoring and improving your computer systems to a higher level of functionality than they were following a cyber event.
Loss of value caused by the theft of intellectual property from your company.
A lawsuit for any potential vulnerability in the systems of your organizations before a breach.
How much does cybersecurity insurance cost?
It’s not possible to give an exact answer on this question as it really depends of the protocols and systems you already have in place for cybersecurity. Cyber insurers will look at your current state to provide you with an exact cost of the cyber insurance policy. However, we see that the prices have been increasing on the cyber insurance market. So be sure to investigate what you can do to lower your premium.
How can you get a cybersecurity insurance?
What do you need to get such a cyber liability insurance? What is expected by cyber insurance providers to have in place already when looking for an insurance? To purchase one, you’ll have to provide information about your security controls to insurance underwriters.
What do you need to get a cyber insurance?
Insurance providers (like for example Hiscox, Chubb, AIG, The Hartford, …) will carry out a cyber insurance risk assessment to define your premium and coverage limits. You will have to fill out a questionnaire about your cybersecurity protocols, IT risk management, protocols, … The better you score on this one, the less expensive your coverage will be.
One of the minimum common requirements to get one nowadays is having Multi Factor Authentication (MFA) enabled for administrators and privileged users. This cyber insurance MFA mandate exists, because the additional layer is seen as a fundamental access security measure to protect not only on-site but also remote access. If you only use a password, cyber insurers will believe compromised accounts are inevitable for your organization’s future.
Of course, securing a password with MFA (for privileged and not privileged access) is no silver bullet that can protect against every attack, but it’s certainly a vital layer organizations will need. This MFA insurance requirement is thus something you’ll have to keep in mind when considering an insurance.
Furthermore, there are some more steps that (often) are standard requirements to get a cyber insurance:
All PCs must have antivirus software (up to date)
Company network must be protected by a firewall
Companies should back up business data, by using external media or a secure cloud service (this should be done regularly)
Users that want to have or gain access must follow a secure process
To get a cyber insurance coverage, you’ll need to fulfill some requirements.
What can you do extra to lower your cyber insurance?
There are multiple steps you can take to lower your premium. We’ve listed 5 of the most common industry practices that you should definitely take a look at:
Organize regular cyber training for employees
Make sure stored data is limited and restrict network access
Have 24/7 monitoring of suspicious activity
Provide solid recover procedures
What is Multi factor authentication (mfa) and why do you need it?
What does Multi factor authentication mean?
Authentication means the process of verifying the identity of a user. With Multifactor authentication this process exists of at least 2 different authentication factors. We speak specifically of two factor authentication when there are only 2 factors, and even that is already better than just one factor.
Knowledge factor
One factor to authenticate can be something you know like a password or a pin. Sometimes the knowledge factor can also be a security question that you’ll need the answer to gain access.
Possession factor
You can authenticate with something you have, like for example your phone. By using authenticator applications on your device, you can then receive a one-time code, that only works during a restricted time. Or you can receive a SMS code with a security key that you then fill in.
Inherence factor
This refers to something you ‘are’, more specifically biometric data. Sometimes fingerprints or face IDs are used to recognize the user’s identity.
Why do you need to implement MFA?
Multi factor authentication is seen as the extra layer to authentication that organizations need to avoid that compromised passwords can lead to a compromised network. If you adopt MFA as an extra security measure, you can protect your sensitive data, even if there are compromised credentials.
Often criminals of cyber threats try to gain broader access via individual users, and they have various strategies (phising, password spraying, credential stuffing, …) to get these passwords. If you use credentials with this extra security step like MFA, you’re making it more difficult for them.
To minimize the impact of cyber attacks on your IT infrastructure, insurers will inform you on this mfa insurance requirement for security when you’re reaching out to them.
How can you mitigate your organization’s remote access cybersecurity risks?
Awingu aggregates different applications, desktops and file servers and makes them available (with the possibility of single sign on) for your remote workforce in the browser via its ‘RDP-to-HTML5’ gateway. As Awingu runs completely in the browser, it’s possible to work on a Chromebook, iPad, mobile device, laptop, … any device really!
A variety of security features come bundled with our all-in-one solution:
Browser-based solution: All runs and stays in the browser. No direct connection with the end-user device, so no need to install extra antivirus software on the PC.
Secure authentication process: MFA is built-in, or you can integrate another commercial platform that you already have in place.
Context-awareness: It’s possible to define geo locations and/or IP addresses as safe zones per user (group) or feature.
No local data: There is no data stored locally on the device, ever.
Auditing: Access to various auditing capabilities like session recording, usage control, anomaly detection, …
About Version 2 Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Parallels Parallels® is a global leader in cross-platform solutions, enabling businesses and individuals to access and use the applications and files they need on any device or operating system. Parallels helps customers leverage the best technology available, whether it’s Windows, Linux, macOS, iOS, Android or the cloud.
