5 Cyber Security Lessons Learned in 2015

It’s no secret that 2015 was another challenging year in cyber security. While fallout continued from the Sony hack, new threats emerged and each one offered a lesson for the future. Here’s what can be learned from the past year as you plan for 2016.

1. Keep Backups

One of the biggest cyber security stories of the year was the rise of “ransomware,”

A Helpful Guide to SOX Compliance for Financial Institutions

The Sarbanes-Oxley (“SOX”) Act of 2002 is a crucial piece of legislation aimed at protecting the confidentiality, integrity, and availability of information that impacts a corporation's stakeholders.

Ensuring ongoing SOX compliance is a fundamental risk management task for any publicly-traded, or even privately-held, company in the United States.

CFOs Now View Cybersecurity as a Top Threat

According to a new report by Deloitte, CFOs regard cyberattacks as one of the most worrying disasters that threaten to affect an enterprise’s financial well-being. In response to the Deloitte survey, 97 percent of CFOs of large firms in North America said that cyberattacks are the biggest threat they face.


The Significance of Cybersecurity


How to Build a Stronger Compliance Management Program in Your Bank

While a successful and robust compliance management program in banks has a few basic components, there are no “one size fits all” rules. However, here are the vital elements that make up the backbone of an effective compliance management program.

  1. Internal Control – Such control is two-pronged. It evaluates whether compliance management solutions

3 Key Compliance Management Trends for Community Banks

Community banks can improve their compliance management processes in three simple ways. Begin by reviewing and strengthening existing corporate compliance program policies. Then move on to building a culture of compliance within your organization. These tasks will require some effort from managers and board members, but don't cost very much money.

New Compliance Audit Guidance for Health Care: What You Need to Know

In the past, the compliance guidance from the Office of Inspector General at the U.S. Department of Health and Human Services emphasized that health care governing boards focus on three key areas: 

  1. Fully engage themselves in their responsibilities to oversee compliance audits
  2. Make compliance a priority for management
  3. Inquire the effectiveness of

Determining Your Risk: Vulnerability Assessments vs. Penetration Tests

Vulnerability assessments and penetration tests are both important components of threat management, but there’s often quite a bit of confusion surrounding the difference between the two. This confusion often leads to wasted resources and inefficient risk management strategies. Both methods can be performed internally or externally depending on

Good reminder for Vendor Risk Management

Although this article in Consumer Compliance Outlook is a little dated, it comes as a good reminder regarding your vendor risk management.  Over the last couple of years we have noticed a continued effort by examiners to increase their own due diligence towards financial institution's understanding and management of their vendor programs. A

3 Common Misconceptions About Information Security Compliance

Your business generates massive volumes of data that demand smart and secure management. However, confusion and misconceptions run rampant when it comes to information security and compliance with big data. Looking beyond the three most common misconceptions about information security compliance can help you ensure that your data and systems are

Is Your Practice Up-to-Date on HIPAA Compliance?

Under the HITECH Act, Phase 2 audits for HIPAA compliance are currently underway, and will continue until June 2015. These audits will include all covered entities, as well as business associates such as software vendors and medical billing companies.

According to HITECH regulations, every practice is required to conduct a risk analysis. Studies,