For small and medium organizations, implementing a formal security program can see like a huge task. 

However, breaking this into small steps can help make that goal seem more attainable. 

The CIS 20 security controls is a framework that every SMB should begin implementing. Under CCPA, organizations that are following a proven framework, will be exempt from some of the litigation liabilities. CIS 20 is one of the frameworks that California attorney generals have accepted in the past. 

If you don't have a security program in place, your organization is like tacking the problem in an ad-hoc manner. Should an attack happen, being organized will give a much greater attempt of surviving. 

https://www.cisecurity.org/controls/cis-controls-list/

With the widespread adoption of cloud technologies in the last decade or so, we so often hear about cloud security.

In this episode, Adam Gordon, an educator and experienced professional discusses cloud security with us. What exactly is the cloud? How is it different? Is it really new? And the top attack vectors are a few of the topics that we discuss.

 Check out the show notes here:

https://cyberx.tech/podcast/what-exactly-is-cloud-security-is-it-different-than-traditional-security/

Curtis Brazzell is a security consultant who has been working in information security for several decades. 

One day, while reading a bed-time book to his toddler, Curtis had an idea. 

Why not write a cybersecurity A-B-C book for kids. 

We know that children need to be taught security principles early, right? Curtis's book is the perfect piece to start conversations with children. 

To support his book launch, check out his kickstarter here:

https://www.kickstarter.com/projects/curtbraz/m-is-for-malware

Donna Grindle from www.helpmewithhipaa.com shares amazing advice with us. 

You see:

HIPAA is a great example of the minimum controls most organizations should have in place. Even though HIPAA compliance is only mandated to healthcare practices and their business associates, there are examples for all. 

Donna breaks down the various components of the HIPAA regulations - the privacy rule, the security rule, and enforcement. 

She also explains that many organizations are considered business associates to HIPAA covered entities and don't even know it. You'll want to listen to be sure your organization isn't in violation. 

Does your organization have a security awareness program in place? If not, why? Security awareness training is one of the best security controls that an organization can implement. 

You know what's even better? It's completely free. Yes FREE. 

Gabriel Friedlander from Wizer Training joins us in this episode to talk about his resource that he has developed. Most organizations have a shortage of trained IT security professionals. With training, you can turn all of your employees into security lookouts to give you early warnings when attacks are underway. 

Every organization and person that uses the internet today is at risk of cyber attacks. 

In this episode, we are looking at the common attacks that SMBs face every day. We begin with a brief look at the evolution of cyber attacks and end looking at various attack methods and what exactly attackers want from you and your organization. 

Cyber attacks are not the same as they have been. Criminals are continuously evolving. So must the security professionals. In this episode, we take a deep dive into the evolution of cyber attacks and the main threats that organizations face today.