GDPR 2 years on- what happened to all the hype?

May 2020 marks the second year that GDPR has been in effect and we have already seen some significant fines totalling over $126 million.  Google has...
Read

How SOC audits help businesses during uncertain times

How is your business showing compliance to operational and business risks during these uncertain times? Many companies turn to the popular SOC report...
Read

Business Efficiency: the hidden benefit of an information security program

During these difficult times it is understandable that organizations may be looking for creative ways to cut costs or gain efficiency.  While...
Read

How can a Risk Management platform support your business during a crisis?

We are all getting used to our new “normal” but many businesses, both big and small, have been caught off-guard by the COVID-19 crisis. Having to...
Read

Using Risk Management strategies to help us effectively Socially Distance

As we start to adapt to our new quarantined life, one of the things that has struck me is how different people have benchmarked what they constitute...
Read

Is Zoom just the tip of the iceberg?

From the recently announced privacy issues being investigated by the New York Attorney General at Zoom, all the way back to the Zenefits scandal in...
Read

7 Tips to Reduce Risk Stemming from Remote Work

If you have a team working remotely due to the COVID-19 virus you are obviously not alone as we adjust to this new normal way of work.  At present, 1...
Read

5 Biggest Mistakes Companies Make in Vendor Risk Management -- and how to avoid them

Vendor Risk Management is a hot topic at the moment and for good reason.  A recent study by the Ponemon Institute showed 59% of companies have...
Read

Top 5 Questions (and answers) about Vendor Risk Management

If you missed our recent webinar “Re-thinking Vendor Risk Management” you can listen to it free and on-demand here.  In the webinar we talked about...
Read

Checking in on HIPAA in 2020

What do you need to know about HIPAA in 2020? This year, the changes are not so much about HIPAA itself, but about things that directly affect how...
Read

Top 10 Considerations for GRC Software Tools

When we talk to customers, prospects and even audit partners, they are often overwhelmed with the choices they have for GRC tools.  There is a lot of...
Read

Cybersecurity Predictions 2020: CCPA Leads in a year of oversight and regulation!

The start of a decade is always an exciting time. When you think about how technology has changed in the last 10 years you can only imagine what...
Read

8 Highlights of Ostendio’s Success in 2019

2019 was an incredible year of growth for Ostendio.  We continue to ramp up our business while working hard every day to deliver on our promises to...
Read

Our Top 5 Most Popular Security, Audit and Risk Management Webinars of 2019

Webinars are some of our most popular content on the Ostendio web site. Across 2019 we hosted a series of webinars that combined best practices and...
Read

5 Must-Read Ostendio Blog Posts of 2019

We’ve had an incredible year of growth at Ostendio and, as our company has grown, so has our blog readership.  At the end of every year, we revisit...
Read

The 10 Step Process for Building an Incident Response Team

We are all used to doing regular fire drills at the office or at school, and we accept the benefits of having defined roles and responsibilities...
Read

5 Mistakes Companies Make in the Security Audit Process

It’s easy to make mistakes.  We’ve all done it. Maybe you’ve put the milk in the cupboard and the cereal in the fridge this morning! These things...
Read

Easing the Pain of Security Audits with MyVCM Auditor Connect

Today we announced an exciting new addition to the Ostendio MyVCM platform - MyVCM Auditor Connect. You can read the press release here, but I...
Read

What Anyone in Healthcare Needs to Know about Data Breaches

There is no single industry with greater sensitivity to data breaches than healthcare. But unfortunately, breaches across healthcare companies,...
Read

How to Stay Safe Online with National Cybersecurity Awareness Month (NCSAM)

Ostendio is a champion of National Cybersecurity Awareness Month (NCSAM) which is observed every October. This month of awareness was created as a...
Read

Unpacking the SCF Capability Maturity Model

If you aren’t familiar with the Secure Controls Framework (SCF), you should be. It’s a non-profit organization dedicated to providing content that...
Read

Cybersecurity Dictionary for 2019

In case you are new to the world of cybersecurity and are struggling to learn or understand some of the new terms you are hearing, don’t worry, we’re...
Read

7 Reasons Companies Can’t Avoid a Security Risk Assessment

If you’re a company with the view that cybersecurity is largely an IT issue, you may take the attitude of “We’ve got this.” Hold that thought. When...
Read

5 Tips for Creating a Culture of Cybersecurity

You’ve likely heard about organizations having a culture of compliance but not as much about having a culture of cybersecurity. Yet as threats to our...
Read

5 Ways to Integrate your Cybersecurity and Compliance Programs

Data breaches aren’t just a problem for security professionals. The impact is felt across the whole business—from your legal team, embroiled in...
Read

Why SMBs Need to Ramp up Security Awareness Training

Did you know that small to medium-sized businesses (SMBs) may have a higher cybersecurity risk than larger counterparts when you consider...
Read

What the HITRUST & NIST Alignment Brings to Healthcare Organizations

HITRUST (Health Information Trust Alliance) and NIST (National Institute of Standards and Technology) recently announced that they have teamed up and...
Read

HIPAA Plus: What Healthcare Needs to Understand about Cybersecurity

When it comes to HIPAA compliance and cybersecurity, the danger comes with thinking one assures the other. It doesn’t.  Just skim the daily headlines...
Read

I’m Not an IT Employee, How Can I Protect Sensitive Data?

With so much data being created, sometimes it’s hard to tell what’s sensitive data and what isn’t, what’s a risk to it and what’s not. This can be...
Read

Why the IoT Security of Medical Devices falls on Device Makers

When you’re a medical device manufacturer, your primary goal is to get your product into hospitals and care provider networks. The internet of things...
Read

How about a Cybersecurity Resolution for 2018?

It’s a new year with a new budget, and a new year’s resolution for laser-focus on cybersecurity. That should be easier to keep than the ones for no...
Read

Compliance and Security: Why One Does NOT Equal The Other

It’s an all-too- common misunderstanding, but a robust information security program doesn’t mean you’re in compliance with whatever regulations...
Read

ePHI Data Breaches: How to Reduce the Human Risk

As we wrap up 2017, the number of healthcare data breaches are up over 2016, with 41% caused by “insiders” per the Protenus Breach Barometer mid-year...
Read

Small Businesses “Get It” when it comes to Cybersecurity

As we wrap up Cybersecurity Awareness Month, keep in mind that cybercriminals are indiscriminate in who they attack. Large business, small business,...
Read

4th of July Tech Tips (and for Travel in General)

As America gears up for hot dogs, fireworks and celebrating with friends and family, keep in mind these five security tips to help protect your...
Read

Top 5 Predictions for Healthcare Cybersecurity in 2017

As 2016 draws to a close, it was a busy year for both companies defending themselves, and cyber criminals creating new forms of attack. As CEO of...
Read

Compliance & Risk: Has the Zenefits Lesson Changed the Game?

After a lengthy process of “putting things to rights” in 17 states, Zenefits is paying up to US$7 million in penalties. As with other digital health...
Read

Ransomware Cyberattacks: 7 Steps to Protect Yourself!

In the last few months we have seen a spike in cybercrime with a series of ransomware attacks in the healthcare industry. Hospitals, from California...
Read

The Brave (not so new) World of Compliance & Cybersecurity

GUEST BLOG: Our guest blog post  this week is written by Chris Apgar, CEO of Apgar and Associates, LLC. Chris is a recognized expert in Information...
Read

FDA takes on Mobile Security

A recent Healthcare IT News article revealed that 95% of FDA approved mobile health apps lack important technical protection layers. That means our...
Read