The 5 Best Ways to Handle Sensitive Data (Tripwire)

*As featured on - October 21, 2020

There are two significant trends occurring right now that shouldn’t be a surprise to anyone reading this post. First, businesses are gathering and leveraging more and more data to improve their core services. Second, more compliance and regulatory standards are popping up from governments and private organizations. As these businesses realize that collecting and utilizing data improves efficiencies, sales or other goals, regulators are waiting in the wings to scrutinize how the data is being used.

This is for the best, of course. Businesses need to be able to access and use data quickly to maintain profitability and effectiveness, but they also need to ensure they are securing the data to protect the privacy interests of everyone involved. An organization’s productivity is essentially rendered meaningless if it begins incurring fines from violations of GDPR, HIPAA, PCI or any of the numerous and growing state regulations on personal data.

Good data governance requires businesses to keep productivity high while also securing the privacy and integrity of the data. In this article, I offer advice on how to properly handle sensitive data in the 2020 landscape.

View More »


About a year ago, we started hearing about new requirements for organizations doing business with the United States Federal Government, particularly with the Department of Defense (DoD). In the interest of protecting sensitive information, the government began developing and introducing the Cybersecurity Maturity Model Certification, or CMMC. While there are many similarities for the goals and framework of CMMC as compared to other standards such as HIPAA/HITECH and PCI, the CMMC adjusted standards in a way that are meaningful and important to discuss.

I want to outline some key pieces of information you should know about CMMC so that you can meet and maintain strong cybersecurity controls that satisfy the powers that be.

View More »

Back to School in a Socially Distanced World (Video)

We talk a lot about how our work lives have changed, in some ways permanently, by the pandemic. Most of us who typically would spend a lot of time in offices, or visiting clients, or participating in networking meetings and conferences have learned to adapt to doing these tasks in a virtual way as best we can. Working from home, while perhaps expanded these days, is nothing new.

But with schools back in session, we are now asking kids, who don’t have the experience and flexibility of the typical office employee, to learn in a completely unprecedented way. Part-time in person, part-time virtual, socially distanced education is not something we have done as a society before.

View More »

Social Media Threats in 2020 (Video)

Between Facebook, LinkedIn, Twitter, Tik Tok, Instagram, and whatever other Social Media platforms that are on the horizon, our lives are more public than ever before. There are definitely upsides and downsides to this landscape, but I’m not here to talk about that today. Whether we like it or not, it’s clear that Social Media is here to stay.

What I do want to talk about is what we should be thinking about as we engage with these platforms.

View More »

3 Big Trends in 2020 Social Engineering (Video)

Social Engineering sounds like a buzzword, but it is one of the most pervasive and relevant threats facing people today. Most hackers have simple motivations. They want to steal credit card, banking information, or commit other acts of fraud to make money… and social engineering aligns well with these goals.

When you think about it, social engineering is the evolution of “old school” fraud techniques like fake IDs or check cashing scams, but now the strategy is to impersonate a digital persona.

View More »

IT Policies That Every Organization Needs in 2020

Many businesses, especially smaller ones, have a blind spot when it comes to security and risk management, especially when it comes to internal policies. While there are ample technology solutions available to deal with the threat landscape to protect data and system uptime, there is no technology solution that will completely address the risks posed by irresponsible end user behavior. There are also limits on what technology investments most organizations can make, so it’s important to get the best return on investment on your risk management tools and efforts. Strong policies that are well understood by staff are often the least expensive and most effective ways to avoid costly IT challenges.

Data Compliance standards also demand internal policies as well as the technical controls, so even if you think the policies aren’t worthwhile, it’s possible that you still need to create them. In this blog, I outline the IT policies that every organization needs in 2020. Hopefully, you have some of these in place already, but if not, I encourage you to use this blog as a jumping off point. Keep in mind as you read this that some organizations may call these policies different things, but the important part is that the goals of these polices are intact.

View More »

Key Cybersecurity Trends for Professionals to Consider in H2 2020

Coronavirus 2019 (COVID-19) has made it more difficult for organizations to fulfill their chief digital security functions. In a recent study from (ISC)2, nearly half (47%) of security personnel revealed that their organizations had reassigned them to perform standard IT tasks amidst the pandemic. This decision limited organizations’ ability to defend themselves against security incidents despite the reports from nearly a quarter (23%) of survey participants that security incidents confronting their organization had increased, as reported by Channel Partners. Additionally, the move arrived at a moment when 81% of professionals revealed that their organizations had categorized security as an essential function during the COVID-19 pandemic.

The findings presented above highlight the need for organizations to direct special attention to their digital security posture for the rest of the year. Many organizations are already working with reduced security teams, so they need to be prepared. I recommend organizations focus their security efforts on three specific trends for the remainder of 2020: Cloud Security, Data Privacy and New Tools/Ways of Working.

View More »

Why Tech Implementations Fail (Video)

Technology changes are inevitable in almost any business. But sometimes, they don't go as planned.

Watch the video below to see why new technology implementations sometimes fail and how you can avoid these pitfalls

View More »

How to Start a Virtual Law Office

Long before current events made working remotely the norm, law firms began moving more and more towards the Virtual Law Office.

In addition to safety concerns, attorneys working remotely benefit from less frequent commutes, increased responsiveness to clients, the ability to “set up shop” anywhere, and improved work/life flexibility. And from a competitive standpoint, firms that utilize these tools are more likely to retain talent, efficiently manage cash-flow and minimize business expenses… all of which are more important now than ever.

In this blog, we look at the key areas where law offices should focus their efforts and resources to thrive in a virtual environment.

View More »

VPNs: What Do They Do, and What Don’t They Do? (Tripwire)

*As featured on - July 12, 2020

Virtual Private Networks, or VPNs, are not exactly a new technology. When I started my career in IT about 15 years ago, VPN tunnels were the standard way we connected remote offices by extending private networks over the public Internet.

Recently, as workforces continue to decentralize due to the rise of Cloud Computing as well as the current pandemic, VPN has become an even hotter topic and is being marketed as a critical security solution.

View More »