Towerwall's InfoSec Blog

Privacy and data protection issues confront all organizations—whether you handle employee information, credit card data, sensitive financial information, or trade secrets. Securing data is a daunting task that is further complicated by cross-border transfer issues and the differences in privacy laws around the world. The team at BakerHostetler has developed a prompt and practical PDF to assist and inform your data protection policies. Download the 2015 International Compendium of Data Privacyfalse

10. A hedge against a breach A virtual chief information security officer can serve as security consul or as an interim CISO to fill the gaps during a planned information-technology security policy review. Better to be safe than sorry.

10. You need a WISP. A written information security policy, or WISP, is vital. Make sure there’s a person in charge of enforcing it.

Non-compliance is a risk, and the Attorney General's office carries a big stick for those who don't follow the rules. If you don't have a written information security program (WISP) in place for your business, then you could be risking data theft, legal action, and punitive fines. The law in many states now dictates that you must take steps to safeguard personal information. They vary in strictness, but there are nearly 50 different regulations you need to cater for if you're doing businessfalse

Cybersecurity is only as strong as the weakest link. If your organization is using third-party vendors, policing their activity is critical to cybersecurity. Few can forget the theft of 110 million customer credit cards from Target in December 2013. But not as many know how hackers gained access to such a vast amount of sensitive information. How'd they do it? By compromising the security of a third-party vendor, a Target branch store's HVAC provider.

Once again, the Information Security Summit hosted by Towerwall and MassBay was a resounding success. Hundreds of attendees and vendors participated in diverse data security panels and networked with industry leaders and peers. The Summit opened with Michelle Drolet, CEO of Towerwall, and Shamsi Moussav, Computer Science Professor at MassBay Community College, presenting scholarships to MassBay students Kirk Barge and Julius Newton. Michelle Drolet said,

The enterprise is facing a dangerous combination of mounting cybersecurity threats of increasing subtlety, and a widening gap in the skills required to identify and combat them. Having someone that knows how to lead the charge in identifying and analyzing threats, creating strategic security plans and ensuring compliance, requires the right level of expertise. Many businesses, especially small and medium businesses, simply don’t have it.

Towerwall Founder and CEO Michelle Drolet's latest article "Know When to Onboard a Virtual CISO" is featured in the Web Security Journal. Read more below:

The US Federal Communications Commission (FCC) on Thursday lay down 400 pages worth of details on how it plans to regulate broadband providers as a public utility. These are the rules - and their legal justifications - meant to protect net neutrality. They were passed last month, and details have been eagerly anticipated. The main gist of the lengthy document released on Thursday are these three new rules:

Towerwall is proud to offer our new vCISO Program.