Your request has been received.

Foresite Blog

How Effective Cyber Communications Can Improve Your Incident Response

Posted on January 16, 2018

This week’s post was contributed by Loren Dealy Mahler, President at Dealy Maher Strategies. If 2017 taught us anything, it’s that the actions taken in the wake of a cyber incident impact a company as much, if not more, than the actual incident itself. Sound a little extreme? Ask any customer, shareholder or executive at Equifax, Uber or Yahoo. These aren’t examples of technical responses that just fell short.  They are examples of companies who greatly increased the impact on their organization by fumbling their incident response. Whether by neglecting to notify customers in a timely fashion, providing incomplete or…

Read More

What is considered “personal data” that needs protection under GDPR?

Posted on January 7, 2018

One of the major struggles for organizations who must comply with the European Union’s new “General Data Protection Regulation” (GDPR) by May 2018 is that  ‘personal data’ is much broader under GDPR than US regulations. “No other privacy law in the world matches its breadth and scope.” says Washington, D.C.-based attorney Bret Cohen, a partner with Hogan Lovells US LLP. So before we can even consider the specific requirements and how to comply, we must discern what data falls under the protections of GDPR. First item of note is the instruction that personal data is, “any information relating to an…

Read More

Why are data breaches not slowing down?

Posted on January 2, 2018

Despite an projected $93 billion spend on cyber security, breaches are still on the rise. Cyberattacks for 2017 were roughly twice what we saw in 2016. So why is all this money being poured into securing networks seemingly ineffective?  One theory is that the spending is in the wrong place as many organizations focus on keeping intruders out, but put very little spend into protections within their network. As data stores continue to grow, and more regulations are passed to protect it, the strategies companies are implementing also need to change.  Think about all of the places data is collected,…

Read More

NIST Cybersecurity Framework FAQs

Posted on December 26, 2017

Organizations that don’t fall under a specific compliance based on their business sector, type(s) of data they maintain, or State can use the National Institute of Standards and Technology Cyber Security Framework or NIST CSF to build a comprehensive security program. Here are some frequently asked questions and answers about NIST CSF: 1) Why use a framework if you don’t fall under a compliance requirement? Aligning to a framework helps to ensure that your organization’s cyber security isn’t missing any critical components.  NIST CSF framework includes guidelines to identify, protect, detect, respond and recover, which are all part of a…

Read More

Case Study – Preparing for an auditor

Posted on December 19, 2017

Many of the business sectors we work with are subject to audits, sometimes from multiple auditors.  Foresite was brought into this financial sector client several years ago when they asked for help preparing for their annual regulatory audits. We adapt the functional testing annually to change the focus and to make sure we re-test any areas of weakness from the previous year.  In this client’s case, one area they have struggled with is staff adhering to their cyber policies and procedures.  There were also some known vulnerabilities discovered in the previous years, so we were validating if the vulnerability management…

Read More

Is Your School District Prepared to Protect Student Data?

Posted on December 11, 2017

Cyber incidents are occurring in K-12 schools at an alarming rate with over 200 reported incidents since January 2016, and many schools have been hit multiple times within the past year. A few examples on the “hit list” include public Schools in Arlington, VA who had staff social security numbers exposed in a data breach, followed by a vendor’s unauthorized access of student files. In Texas, a hacker was able to use unsecured remote access to a desktop and gain control of a shared files for 1,300 staff and students, while two districts had names and social security numbers of…

Read More

Few Corporate Attorneys are Prepared for a Data Breach – 3 Steps to Prep

Posted on December 5, 2017

With a new major data breach being reported about once a week, and countless others happening that don’t make the airwaves, it’s no wonder that cyber security is a major concern for corporations and their legal teams.  Yet a recent Grant Thornton survey found that only 35% feel their organizations are prepared for a breach. If your organization is part of the 65% who don’t feel prepared, and whether you have a corporate legal team or not, what can you do before being breached to minimize the impact to your business? Here are 3 steps to prep: Assess your risk. …

Read More

Foresite and ConnectWise Partner to Bring World Class Managed Security and Compliance Services to MSPs

Posted on December 4, 2017

Distribution agreement enables users access to quality Security Operations Center (SOC) solutions as market demand soars Overland Park, KS –December 01, 2017 – Foresite, a managed security and cyber-consulting services provider, today announced a distribution agreement with ConnectWise, a company that transforms how technology solution providers build, manage, and grow their businesses. “Our companies’ combined offerings provide a lot of synergy to MSPs delivering IT solutions,” said Marc Brungardt, President at Foresite.  “As demand for cyber-security solutions soars, we recognize a very complementary opportunity to enable our SOC services in the ConnectWise framework.  Through advanced cyber security and compliance solutions,…

Read More

Does paying the ransom mean you don’t have to report a cyber incident?

Posted on November 28, 2017

This question came to the forefront last week when it was discovered that Uber had paid hackers $100,000 in October in order to keep from reporting a breach of their customers and drivers account data.  Their Chief Security Officer and one of his team members were fired this week as part of the fallout from this decision.  Here are some of the reasons why: It’s the law. State law often mandates a specific timeframe in which affected parties must be notified if their data has been exposed/accessed by an unauthorized party.  Despite Uber’s argument that the data was restored to…

Read More

How secure is your password, and does it really matter?

Posted on November 21, 2017

There are three questions to consider for password security: 1) Are you using the same password for everything? 2) How easy is it for a computer to guess it? 3) How easy is it for a human to guess it? To begin with, using the same password for everything, is the equivalent of using the same key to lock both the front door to your house and also your car! As soon as someone has access to this key, they have access to both! Now, upset by this news, you find yourself questioning how many times you have used the…

Read More

Interested in what Foresite can do for you?

At Foresite, we like to consider each client’s needs individually, in order to determine the best approach to your unique requirements. So let’s talk! Contact Foresite to request a scoping call today.

Contact Foresite