Receive articles and resources from the information risk management experts at FoxPointe.
Since 2004, October has been marked as National Cybersecurity Awareness Month. This month raises awareness about the importance of cybersecurity and how to protect yourself from cybercrime. Perform third-party due diligence on all critical vendors. Ensure that they have either a SOC2 report or a similar certification that covers the...
A SOC 3 report, also known as the Statement on Standards for Attestation Engagements (SSAE) 21, focuses on a service organization’s controls that are likely relevant to examining a user entity’s (customer’s) service commitments and system requirements. SOC 3 reports cover a service organization’s security, availability, processing integrity, confidentiality, and...
Based on Verizon’s 2024 Data Breach Investigations Report, the public administration, finance, professional, manufacturing, and education industries are the most popular targets for cyber criminals. The most common attacks occur through ransomware, phishing emails, desktop sharing, virtual private networks, and web applications. All of which have led to an increased...
By James Normand, Security Analyst Ensuring the security of data and computer systems is an ongoing battle for all businesses operating in the digital age. The stakes have always been high with a company’s reputation and financial stability on the line. Over the past few years, large data breaches have...
The SEC has released adopted amendments to Regulation S-P and formalized them in a final rule to address cybersecurity risks. They also released a companion fact sheet, which helps outline the impacts of the final rule and it’s requirements that covered institutions (including broker-dealers, investment companies, and certain other financial...
Discover how to effectively assess and mitigate risks for these vendors. Now that you have stood up processes for onboarding 3rd parties, it is time to consider the same for 4th parties. What? Another vendor group I have to worry about? Have you thought about 4th parties? These entities are...
You may have read recently that the number of instances of ransomware has declined. While the overall count of malicious and damaging infections may be waning, the impact of an attack is certainly not. Case in point: the BlackCat attack on Change Healthcare. The attack on February 21st has had...
Your organization and its risk management leaders face disturbances on multiple levels every day, encompassing cybersecurity, privacy, regulatory management, and focused and widespread malicious actions and actors, technological weaknesses, organizational apathy, human errors, etc. Preparation, assessment, and pragmatic execution of the needed controls are vital to address these disruptions and...
After a multiyear process of proposals and assessment of public comments, the New York State Department of Financial Services (NYSDFS) has made significant amendments to its Cybersecurity Regulation, 23 NYCRR Part 500. The rule is final and effective as of November 1, 2023. Let’s take a comprehensive look at each...
Updates to the SEC Cybersecurity Disclosure Rules Days before the new Securities and Exchange Commission (SEC) cybersecurity disclosure rules went into effect (which FoxPointe previously discussed here) Erik Gerding, Director of Corporation Finance of the SEC, issued a statement offering some thoughts, rationale and perspective on the rules in an...
