Compliant is NOT Always Secure


We are PCI Certified!  How did we get hacked?!?!?
We have a 1 on our FFIEC exam and still had this data breach?
There were no exceptions on their SOC report, but our vendor still had a compromise?
At Garland Heart, we have heard these comments and questions time and time again.  You have definitely heard them in the news.  Entities from big

Proactive Compliance

We understand the budget restraints and "rabbit hole" you can get yourself into regarding compliance and security. How much do I do before the cost outweighs the benefit?

Oftentimes while onsite with our clients we find ourselves discussing the balance between regulations or minimum standards compared to industry best practices or trends. They

ADA Website Compliance

As many of you have seen there are numerous companies, including community banks, receiving demand letters claiming the company's website is violating ADA (Americans with Disabilities Act) compliance. We wanted to help simplify it and give folks a plan of action. 
ADA Compliance for websites helps the visually impaired "read" your website

4 Ways Banks Prevent Security Disasters

In September, Yahoo became the latest company to admit it had a serious data breach. A suspected state-sponsored hacker had compromised the user data, which included security question answers, passwords, phone numbers and birth dates, of 500 million accounts. Many Yahoo users also trusted the company with their bank account and credit card

A Complete Guide to the Information Security Lifecycle

When it comes to the safety of your data and technology systems, it’s vital that your organization recognizes the reality of the “information security lifecycle.” By its very name, the info security lifecycle indicates that true information security is a process, not a “one and done” solitary project. Information security has no end-point, and

Why a Virtual CISO is the Best-Kept Secret in Information Security

The twin gas pedals of globalization and technology have increased the speed of business to the point where you can blink and suddenly not recognize the landscape around you. This is especially true when it comes to information security, where the very concept of “hacking” and data theft went from Hollywood science fiction to a pressing fact of

3 Key Guidelines for CISOs in the Era of the Cloud

Before the cloud, most business chose to store their data on internal servers they managed. Because of this, accessibility typically was limited to helping reduce how vulnerable a business's information was to hackers. With the inception of the cloud, companies have poured billions of dollars into this technology and the corresponding cyber

3 Tips to Encourage Collaboration In Your Organization's Security Processes

While information security has assumed top priority in many organizations, the steps that enterprises take to strengthen their overall cybersecurity often focus solely on improving the technology and processes involved in those efforts. Unfortunately, such a heavy focus on the technical mechanics of cybersecurity neglects the human side of the

5 Cyber Security Lessons Learned in 2015

It’s no secret that 2015 was another challenging year in cyber security. While fallout continued from the Sony hack, new threats emerged and each one offered a lesson for the future. Here’s what can be learned from the past year as you plan for 2016.

1. Keep Backups

One of the biggest cyber security stories of the year was the rise of “ransomware,”

5 Employee Password Habits that are Putting Your Enterprise at Risk

A truism of the modern workplace is that your employees underestimate the risk that their password habits present to your enterprise. Indeed, a study of password habits by CSID in 2012 showed that more than 60 percent of respondents used the same password on multiple sites. Even worse, nearly 45 percent of those respondents said they changed their