Tangible Security

CISA issues Mobile Communications Best Practice Guidance in response to government-affiliated threat actors targeting commercial telecommunications. You might have missed this as CISA released it just before Christmas. The guidance contains solid recommendations for securing mobile devices including the use of end-to-end encryption, Fast Identity Online (FIDO) phishing-resistant authentication, and password managers. https://lnkd.in/gXT_zujx These are great best practices, but if your organization has developed its own mobile apps, you should also consider penetration tests. Tangible Security offers mobile application penetration testing by our expert team to provide you a detailed analysis of the security of your Android or iOS mobile applications to identify vulnerabilities, weaknesses, and potential entry points for attackers targeting mobile platforms. We then provide a set of recommendations to enhance the security of your mobile applications and safeguard sensitive data and user privacy. Learn more: https://lnkd.in/g8k9iVyW

New HIPAA Security Rule changes proposed by the HHS will provide specific instructions for safeguarding ePHI, preventing data breaches and maintaining compliance, according to a new article from Tech Target: “Among the list of proposed changes is a move to require healthcare organizations to develop a technology asset inventory and network map that illustrates the movement of electronically protected health information (ePHI) throughout the covered entity's information system on an ongoing basis. Additionally, the proposed rule championed more specificity when it comes to conducting a risk analysis.” HHS proposes HIPAA Security Rule changes, TechTarget. https://lnkd.in/gyYV4jM8 Tangible Security helps healthcare organizations improve their regulatory compliance posture with HIPAA gap assessments and reviews of policies and controls. We develop compliance roadmaps for major healthcare providers that provide remediation and reduce risk. We can help you get ready for new HIPAA requirements. Our customers range from a regional health system with multiple hospital campuses to a multibillion-dollar university medical system. From compliance roadmaps and penetration testing to medical device security and cybersecurity training for frontline staff, we will ensure that security in your organization becomes tangible. Learn more: https://lnkd.in/gctFQJE7

As Internet of Things (IoT) devices proliferate, so are targeted cyberattacks. For the last measured year, there were over 112 million cyberattacks directed at IoT devices, according to Statista. At the same time, smart embedded devices are becoming a customer requirement, so manufacturers must take extra security measures. A robust program of security for embedded devices should include penetration tests and security assessments, which can identify and address security vulnerabilities in products before they reach the market. A sound assessment should include the hardware, firmware, and communication protocols of devices to ensure security and to protect customer data and privacy. Our team has expertise in testing a wide range of connected devices and IoT products, including building automation systems like HVAC controls, access control systems, energy management systems, and security cameras. We also test industrial IoT sensors and control systems, connected vehicles and their components, medical devices, consumer electronics, security appliances, wearable technology and more. Our thorough evaluation will help you deliver secure, reliable solutions that build trust with your customers and protect your brand reputation. Learn more: https://lnkd.in/gdZv26Pw   #IoT #cybersecurity #pentest

Vulnerabilities can appear in applications of all types, including web, mobile, and desktop, and lead to compromises in your infrastructure. What do you need to do to prepare? Applications can be an overlooked aspect of IT security. So, application vulnerability assessments and penetration tests need to account for a full range of applications, including for AI tools, mobile apps, web apps, web services, APIs, desktop applications, databases, operating systems, frameworks, integrated software suites, and more. You need testing that applies an attacker’s mindset and utilizes both the latest manual testing methodologies along with state-of-the-art scanning tools to identify and remediate security issues, vulnerabilities, misconfigurations, and process weaknesses. Learn more: https://lnkd.in/gGNREN4B

Learn some IT security strategies for your small business that can save you money. Our team of IT security pros have put together a great list of recommendations on our blog: https://lnkd.in/gvyfTJ_u   Having an effective cybersecurity program is essential for any business regardless of their size.  But many cutting-edge security solutions can be too expensive for smaller companies. Fortunately, there are some ways to upgrade your cybersecurity that don’t involve enterprise-level IT budgets, including: ·      Increase the security awareness of employees to help your businesses protect your data. ·      Make better use of the security tools you already have, such as the built-in security features and settings in your products to make your environment more secure. ·      Deploy cost-effective continuous monitoring solutions by using affordable Security Information and Event Management (SIEM) tools. ·      Build a security-conscious culture with initiatives like the development of clear cybersecurity policies. Read the details and the rest of the blog post here: https://lnkd.in/gvyfTJ_u #cybersecurity #smallbusiness

Medical records are increasingly a target of hackers seeking to steal valuable personal information such as names, social security numbers, and health insurance details, according to a new article: “Research from the HIPAA Journal shows that data breaches are on the rise. In 2022, there were 720 breaches involving more than 500 records – a figure that rose to 725 in 2023, exposing a total of 133 million records. One such breach, reported in 2024, saw Change Healthcare targeted in a ransomware attack believed to have impacted 100 million individuals.” Medical records are a constant target of hackers – this is why, Tech Radar https://lnkd.in/g9c4yVZH Tangible Security helps healthcare organizations protect sensitive data, stay compliant, and keep vital systems secure and operating. Our customers range from a regional health system with multiple hospital campuses to a multibillion-dollar university medical system. From developing HIPAA and HITRUST compliance roadmaps and penetration testing to medical device security and cybersecurity training for frontline staff, we will ensure that security in your organization becomes tangible. Find out more: https://lnkd.in/gctFQJE7 #cybersecurity #healthcare #dataprivacy

Regulators still lack a firm grip on what AI governance should do, but that’s no reason for IT departments to wait to make use of AI, according to a new article in Information Week, Defining an AI Governance Policy: “Since there is so much AI governance uncertainty, many companies are passing on defining governance, even though they are investigating and implementing AI in their businesses. I’m going to argue that companies don’t have to wait to define AI governance. They can begin with what they already know from privacy, anti-bias, copyright and other regulations, and start by incorporating these known elements into an AI governance policy.” https://lnkd.in/eYNH4-yB To help you get started, we’ve got resources – our eBook, Preparing for AI Compliance: https://lnkd.in/gbubzA4H and an accompanying webinar by our CISO, Anthony Bolan that you can view here: https://lnkd.in/gFM2yFMS   Preparing for AI Compliance provides an overview of the current compliance environment for AI, and how this will lead to new compliance obligations. Important new standards include the NIST AI Risk Management Framework and ISO/IEC 38507, 24028, 23894, and 22989. Discover the common themes in these new standards, and the practical steps you should be taking now to get ready. You can also learn about our AI application vulnerability assessment and penetration testing service here: https://lnkd.in/gGNREN4B

Generative AI is making a lot of common tasks easier, but it is also making common scams easier by giving criminals the tools to create convincing fake messages, images, and even videos. We have some simple steps you can take to protect yourself and others from these versions of old scams, outlined in our latest blog post. We address scams such as fake family emergencies, fraudulent calls from institutions, and e-Mail and text phishing (smishing). We provide a list a set of simple, actionable steps individuals can take to protect themselves. Read the entire post: How to Protect Yourself from Common AI Scams https://lnkd.in/gHcRzs6p

Does Your Company Need a Virtual CISO? With cybersecurity talent hard to come by, virtual and fractional chief information security officers can make a lot of sense, according to a new article from Dark Reading: “A virtual CISO gives a company an expert who can manage the security program of the business in a consistent way and often brings a different perspective, helping security teams see the forest and not just the trees.” Does Your Company Need a Virtual CISO? https://lnkd.in/dUMSDBsk Tangible Security offers fractional or virtual CISO services that provide access to seasoned IT executives who fill the role of CISO on an as-needed basis. Services and deliverables are customizable to your individual needs. We can provide everything from strategic planning to vendor management and incident response. Learn more about our approach to vCISO services here: https://lnkd.in/e3U5tBSZ

Network penetration testing and vulnerability assessments can be complex and require admins to consider external, internal, wireless, automated, and manual network testing. A network penetration test, often shortened to network pentest, is an authorized, simulated penetration of a computer network, and is a crucial component of any effective security strategy, evaluating the security of your network and identifying potentially exploitable vulnerabilities, weaknesses, and entry points. We offer comprehensive network vulnerability assessment and penetration testing services for external, internal and wireless networks. You can find more detail about our approach here: https://lnkd.in/g7H-dpWT We specialize in advanced manual testing methodologies and offer automated testing as a continuous or lower-cost option. If you’re wondering which approach is the best option, we have a blog post that takes a deep dive on into when manual, automated or hybrid pentesting is most appropriate, which you can read here:   https://lnkd.in/gZgCugzN