July 5th saw a major attack on Managed Service Providers (MSPs), including Kaseya services. MSPs like Kesaya often offer their cloud-based services to several clients in multiple sectors, and Kesaya is no exception. In fact, Kesaya offers specific managed IT resources for healthcare clients, although no information has been released about any affected organizations. 

The combination of increased reliance on MSPs and the sensitive nature of healthcare providers make ransomware attacks a real threat, one that your dedicated IT team must consider as part of your cybersecurity and compliance strategy. 

Read More

The Cybersecurity Maturity Model Certification (CMMC) framework is a new and evolving compliance standard for contractors working with agencies under the Department of Defense (DoD) or select Executive Branch functions. 

Much of this framework focuses on the readiness of a contractor to manage risk and security in their IT systems, and the capabilities they have to handle Controlled Unclassified Information (CUI). Since this is such a new framework, however, there is a push to train cybersecurity auditors and managed service providers who can successfully audit contractors in the upcoming years. Accordingly, there are plenty of companies out there advertising that they can provide training for CMMC audits and implementation. 

You must vet any organization that claims they can provide authorized instruction or assessments for CMMC authorization. 

Read More

System and Organization Controls Audits and reporting are fundamental activities in our IT-driven business environments. An independent framework, SOC report variations (SOC 1, 2 and 3) provide your business with ways to assess your security and provide proof to potential clients and partners that you are implementing effective security and privacy controls to protect their data. 

Here, we’ll cover some of the basics of SOC audits, including the differences between SOC 1, 2 and 3 reports. 

Read More