A big misunderstanding we see every day when working with clients is that security can be ensured by buying a device, or implementing a software, or changing one small thing. However, security is an ongoing process- it's an attitude. With constant threats emerging, IT security governance is imperative. Our VP of Compliance dedicates this edition to fully understanding IT Security Governance!
By: Naum Lavnevich
Recently, our CEO Michael Petrov has been featured in an exhibit "Immigrants Mean Business". This exhibit features immigrants that came to America and built up their own small business. All the photos were taken by Tesfa Alexander in this exhibit that is open on weekends until September 8th 2019! We have uploaded the photo's Tesfa took for Digital Edge!
IT Compliance vs. IT Security : “What’s the difference?”
It is without a doubt that 2018 has become the year of IT Compliance. With so many new laws becoming effective, including EU’S GDPR, California’s Data Privacy Law, and Canada’s PIPEDA, the line between security and compliance may seem easily blurred for IT professionals. So, the question becomes: How do we produce a comprehensive security program, while ensuring that we meet compliance obligations? However, there is one problem that surfaces repeatedly, regardless of which regulatory standard (e.g., PCI, HIPAA, etc.) your company must meet, and that is failing to understand the difference between compliance and security. Sometimes organizations think that these are one and the same to the point that they become so consumed by complicated regulations that they stop focusing on security altogether. This month's edition of Ask Our VP of Compliance will address the differences between IT Compliance and IT Security:
You have your corporate email defenses lined up. While you may be using an out of the box product such as Microsoft O365 or something more sophisticated like ProofPoint – here is what you need to know.
Although you might be as safe and secure as possible you should still be aware of the vulnerablities that exist and can affect you.
Unless users are restricted from using mobile email apps, there is nothing that can protect you. This risk extends even to disclosure of your corporate authentication.