Some more thoughts on Smart Cards

EMV compliant cards will be issued by next year. The intent is to provide better protection of the data on the cards through more robust encryption. This is a great step but some weaknesses still exist. Credit cards will still have magnetic strips with data in relatively the same manner as today. For the individual… Read more »

iOS 8 and The Enterprise

Last week Apple announced some big changes to their product lineups. On Friday September 19, Apple will release the two biggest iPhones yet, a 4.7 inch iPhone 6 and the 5.5 inch iPhone Plus. These new devices will be loaded with an updated iOS (iOS 8) which includes many new enterprise features. For those of… Read more »

Bad USB

USB (Universal Serial Bus) has gained wide industry acceptance over the past fifteen years. Device manufacturers have adopted this protocol as the primary method used to connect peripheral devices (cell phones, keyboards, flash drives, etc.) to a computer or power source. While USB’s versatility, acceptance, and ease of use is one of its greatest benefits,… Read more »

Where Did My File Go?

We have all had that moment where we deleted a file only to realize it was the wrong file.  Not to worry, just go to the Recycle Bin and there it is… right click the file and then click Restore. Done, the file is back where it was. This works most of the time but… Read more »

Service Organization Control Reports Part 3

In the last newsletter (and blog) we covered the use of the SSAE 16/SOC 1 report. The primary purpose of a SOC 1 report is to provide assurance to management of user organizations and their financial auditors (called user auditors) about the internal controls at the service organization. Reliance is placed on the SOC 1… Read more »

Service Organization Control Reports Part 2

We return now to Service Organization Control Reports and what they accomplish, who might have them, and how they can benefit your organization. This week we will cover the SOC 1 Report. But before we dive too deeply into SOC Reports, it will be valuable to provide some definitions. These apply no matter which SOC… Read more »

Where did TrueCrypt Go?

Risk Advisory Services has taken the firm stance over the past several years that if your company uses laptops, they should be protected with full disk encryption. The data accessed on a laptop probably contains sensitive information about your customers, employees, trade secrets, or some other sensitive information. Encrypting the hard drive greatly reduces the… Read more »

What You Need to Know About SOC Audits

Nearly all the companies we have the opportunity to work with– community banks, non-profit organizations, government entities, associations, construction companies, heath care, etc.–outsource some component of their IT system to a Service Organization. This outsourcing arrangement allows companies to reduce capital and personnel expenses, and be more flexible with their technology dollars. However, when your sensitive data… Read more »

Run, Transform, Grow

Once again I am faced with doing the IT Budget for YHB and I decided to look back at a blog I wrote a couple years ago.  I wrote this in 2012 but it is all still relevant. Most businesses run on budgets.  And it’s a safe assumption that all successful businesses use a budget. … Read more »