MSP Data Security Risk

Weighing the Security Risks Your Managed Service Providers Pose

What makes managed service providers valuable makes them a high-value security target for breaches. Take these steps to mitigate the risks your MSP poses and help protect your interests.

Federal Cybersecurity Grants

Cybersecurity Plan is First Step to Tap into Infrastructure Investment and Jobs Act Grants

Tap into the Infrastructure Investment and Jobs Act grants by creating a cybersecurity plan.

IoT Labeling Program

NIST Labeling Program for Consumer IoT Cybersecurity

Launched in mid-2021, NIST is leading two labeling programs on cybersecurity capabilities of IoT consumer devices and software development practices.

Supply Chain Risk Management and Security

What is Supply Chain Risk Management and Security? Why is it a growing priority?

Cyber threats to supply chain security have increased. Steps to de-risk your supply chain security.

Self-Induced Data Breaches in Healthcare

Self-Induced Data Breaches in Healthcare

Employee error causes nearly 40% of data breaches in healthcare. Understand the nature of the causes of PHI loss due to internal actors.

New CISO’s First Security Audit

New CISO’s First Security Audit

Four ways a compliance audit can inform your strategy as a new CISO.

Healthcare Cybersecurity Trends

Healthcare Cybersecurity Trends

Healthcare cybersecurity trends are demonstrating that cybercriminals are changing tactics and healthcare organizations must adapt to heightened and evolving threats.

Healthcare Increased Ransomware Risk

Healthcare’s Increased Ransomware Risk

Half of data breaches in healthcare are due to ransomware and that trends is accelerating since the pandemic.

ew CISO Strategy: Making the Most of Your First 100 Days

New CISO Strategy: Making the Most of Your First 100 Days

Are you a newly-hired Chief Information Security Officer or Director of Security? We offer tips and strategies to maximize your impact in your first 100 days as CISO.

Maximize Your Cybersecurity Budget

Maximize Your Cybersecurity Budget

Maximize Your Cybersecurity Budget: Four areas where you’re spending too much and four where you’re spending too little on cybersecurity.

Maximizing Microsoft 365 Security Features

Maximizing Microsoft 365 Security Features

While O365’s popularity makes it a benchmark in business, there are cybersecurity concerns that every organization should address. Here are 6 tips to maximize O365 security features.

The Problem of CISO Turnover

The Problem of CISO Turnover

CISOs and CSOs stay an average of 18-26 months. Why is CISO turnover so high and how to ensure you have security leadership coverage and business continuity in times of transition.

Comparing three cybersecurity models MSSP vs. SIEM vs. MDR

Which Cybersecurity Service Model is Right for You? MSSP, SIEM, or MDR

We compare and contrast three service models – MSSP, SIEM, and MDR – that offer options for improving threat detection, remediation and response.

Cybersecurity Risks as Employees Return to the Office

Cybersecurity Risks as Employees Return to the Office

As IT and Security plan for transitioning back to the office or a home-office hybrid working environment, we rundown the various areas to consider and prioritize.

Microsoft Exchange Server Breach

Microsoft Exchange Server Breach

We summarize 4 major vulnerabilities that were leveraged to breach Microsoft Exchange Server, highlighting the need to stay diligent with vulnerability management, even cloud services.

Firing Cybersecurity Company

Top 10 Reasons Clients Fire their Cybersecurity Provider

Is it time to fire your cybersecurity provider? Here are the top reasons we hear why clients choose a new cyber vendor and symptoms of a successful client-vendor relationship.

Application Security

Case Study: Reducing Application Security Vulnerabilities for Highmark Health Solutions

Case Study: HMHS selected CyLumena to evaluate their application Vulnerability Management program, identify process gaps and recommend areas for improvement in execution and outcomes.

IT Audit Vs. Security Assessment

IT Audit vs. Security Assessment

A Security Assessment and an IT Audit are very similar. Knowing which one you need depends on your cybersecurity or risk management objective and how you will use the findings.

cybersecurity audit

Overcoming Cybersecurity Assessment & Audit Confusion

Don’t Take Vendor and Customer Cybersecurity Risk for Granted. Their cybersecurity weakness is your data breach risk.

BBBS Cloud Migration

Case Study: Youth Non-Profit Modernizes & Migrates to Cloud During Pandemic

Case Study: How we helped Big Brothers Pittsburgh modernize and migrate to Microsoft 0365 and Cloud operations in admidst of “work from home” requirements.

Cybersecurity NICE Framework

NICE Framework Updates by NIST

How well do your employees understand cybersecurity? NIST updates their NICE framework to build better cybersecurity education.

Pharma’s Challenge To Understanding Threat Vectors

Webinar Recap: Pharma’s Challenge to Understanding Threat Vectors

Sepio & CyLumena Webinar Recap: “Pharma’s Challenge to Understanding Threat Vectors” plus current cybersecurity risk to pharma, life science & biotech.

CEO Confidence in Strategic Growth

CEO Confidence Rises for 2021

Vistage CEO Confidence Index shows SMBs are recovering and planning growth for 2021. What role does cybersecurity play in business continuity and growth goals?

Healthcare Compliance

Healthcare Compliance Isn’t Just About Providers and Payers Anymore

If your organization works with Personal Health Information (PHI), it doesn’t matter what industry you’re in. Decrease PHI privacy and security violation risk by understanding your data and potential compliance requirements.


Ransomware Prevention and Recovery

Ransomware is a hot topic for a good reason. In 2019, there were around 61M ransomware cases. Recently, Gartner reported that the average ransom cost to recover their data rose to $84K without accounting for the 5-10x cost for downtime and recovery efforts. A sneak attack that grinds your business and operations to a halt would be costly on multiple levels.

CyLumena BIA White Paper

White Paper: “Business Continuity Starts with a Business Impact Analysis”

This whitepaper walks through the four phases of Business Impact Analysis and gives concrete steps, guidance, and tips from our work conducting successful BIAs for our clients.


Achieving CMMC to Secure Bigger Bids & Contracts

By 2025, all DoD suppliers need CMMC certification. However, contractors need to achieve Level 3 or above to secure many government bids & contracts now. We provide CMMC overview and readiness.

Stages of Cyber Attack

Five Stages of a Cyber Attack

Do you know the phases of a cyber attack? To defeat hackers, you must understand how they strategize and execute cyber crime. We outline the five phases of a cyber attack.

RPA Security Best Practices: Digital Worker Profile

RPA Security Best Practices: Digital Worker Profile

If you have an automation or strategy using bots, you need to ensure they’re secure. We outline RPA security best practices for your Digital Worker Profile.

Standardize & Strengthen Your Vendor Security

Standardize & Strengthen Your Vendor Security

What more can you do to enhance third-party risk management? We highlight why risks are increasing and 4 ideas to standardize and strengthen your vendor security.

2020 Twitter Hack & Bitcoin Scam

2020 Twitter Hack & Bitcoin Scam

On July 15th, Twitter experienced a hack of high-profile accounts. While focused on celebrities, there are lessons to learn for every account holder. We share what is known and what to do.


Patch Management Basics: Three Core Functions

We offer three core functions of an effective patch management strategy, providing critical assessment and maintenance for managing cybersecurity vulnerabilities with each software release.

Work from Home Stronger Security

Webinar Recap: Keeping Your Security Strong and Your Employees Stronger

CyLumena and Insperity, an HR solutions company, came together to deal with two critical topics organizations are facing during the pandemic – increased cybersecurity risks and challenges engaging employees in a work-from-home environment.

vCISO header

Six Cases: When to Choose a Virtual CISO vs. CISO as a Service

CyLumena explores six client cases to share tips on when to choose a Virtual CISO or CISO as a Service.

Risk Based Approach Cybersecurity - SDLC Partner

Taking a Risk-Based Approach to Cybersecurity

Cybersecurity gets a bad rap when many develop a blind and singular focus on cybersecurity as compliance with government regulations. Unfortunately, this has ingrained a “checklist” mentality that works against an organization’s security program’s primary objective: reducing risks.


Cybersecurity in the “Work from Home” Scenario

As hundreds of thousands, maybe millions, of people work from home for the near- or long-term, ensuring that your employees take key cybersecurity protection measures is critical.

Cybersecurity Shield

Gartner Webinar Recap: Fighting Ransomware

Gartner recently hosted a webinar on ransomware and the increasing threat to mid-sized organizations, as well as steps to take to improve vulnerability management and best practices for a ransomware response.

Cybersecurity lockdown

Gartner Webinar Recap: Security in 2020

As organization reach critical mass with the adoption of cloud and containers, tools like cloud workload protection platforms and posture management approaching mainstream adoption.

Cybersecurity for social media

Cybersecurity for Corporate Social Media

What you and your employees can do to protect corporate data and personal privacy. Don’t give away vital information in your corporate posts that hackers can use.

Cybersecurity for Data Sharing

Don’t Take Vendor and Customer Cybersecurity Risk for Granted

Don’t Take Vendor and Customer Cybersecurity Risk for Granted. Their cybersecurity weakness is your data breach risk.

Cybercrime by industry

Who’s Committing Cybercrime? It Depends on Your Industry

Cybercrime is more prevalent in 2020 than ever. Over four billion records were stolen in the first half of 2019, and, according to a Bromium study, over $1.5 trillion in illicit profits were acquired, laundered, spent, and invested by cybercriminals in 2018.

Cyber Hacker unlocking medium businesses

The Cybersecurity Criminal’s New Target: Medium-Sized Enterprises

Six Steps to Start a Cybersecurity Program for Middle-Market. Did you know that 88% of cyber insurance claims are from companies under $2B in revenue?  

cyber locks and code

Cost of a Data Breach in 2020: 7 Hidden Soft-Costs

Big corporations attract the most press when they are hacked, but mid-sized organizations are increasingly becoming an attractive target for data breaches because of their size and potential for easier infiltration.

Woman working on laptop in airport

Three Steps to Keep Your Laptop Secure When Traveling for Work

Roughly one million Americans travel every day for work. When you consider that a laptop is stolen every 53 seconds and 86 percent of organizations have had an employee’s laptop stolen, keeping the computer safe and secure when traveling is a significant issue.

data breach open lock

Colossal Data Breaches Offer Cybersecurity Lessons for Every Organization

Stories of cybersercurity failures can reveal your data breach risks. Lessons learned from data breaches at Sony, Panera, Under Armour, Target, and Marriott.

Cybersecurity and information or network protection

How to Measure Cybersecurity Success and Value

CyLumena created CyberLean for mid-sized enterprises to have the right level of data security protection and quantify the value of their cybersecurity.

man typing on computer with cybersecurity shield overlay

Four Best Practices for Personal Data Security Protection

California now has the most stringent data protection law in effect of any state. And, the California Consumer Privacy Act 2018 (CCPA) goes beyond the General Data Protection Regulation (GDPR) instituted by the European Commission in 2018.

cybersecurity CCPA lock

CCPA is Live: What California’s data privacy act means for your cybersecurity policies and customers out the west

California now has the most stringent data protection law in effect of any state. And, the California Consumer Privacy Act 2018 (CCPA) goes beyond the General Data Protection Regulation (GDPR) instituted by the European Commission in 2018.

computer keyboard with Vote on key

8 Cybersecurity Reasons Why Online Voting May Never Happen

The 2020 presidential election is raising the question of why voting for U.S. elections isn’t held online…yet. “I can shop online. Why can’t I vote online?” “Why isn’t there an app that allows me to vote in my local congressional elections or even vote for president?” Voters will express their frustration with the time it takes to take off work or leave their family to drive, wait in line, and use seemingly, antiquated machines to cast their votes.

Management meeting on Cybersecurity

Cybersecurity Leaders Should Not Let Fear Drive Buying Decisions

Decisions should be articulated and anchored in business value terms like risk reduction or avoidance, productivity, cost, or other improvement indicators. Not in terms of emotional rhetoric of hyperbole intended to manipulate decisions or facilitate illicit responses. Four realizations to help ensure cybersecurity solutions are the best fit for your needs.

a man on mobile device looking at digital banking trends

2020 Digital Banking Trends: The Battle for Customer Data

In 2020, one of the most prominent digital banking trends we’ll see involve tech giants that want to learn more about your financial and shopping habits by getting into your wallet…literally. Companies like Google, Apple, and a host of start-ups are launching basic digital banking services known as neo-banks.

smart device icons in front of a house

IoT Risks: Smart Devices May Leave You Vulnerable To Cyber Attack

“Smart,” Internet-connected devices are becoming ubiquitous. However, Internet of Things (IoT) risks are a major concern as cybersecurity for these devices hasn’t kept pace with their adoption.

mother and young daughter looking at ipad

Internet Safety For Kids & Seniors: Teaching our young and elderly critical cybersecurity skills

In the last ten years, Internet use by seniors has increased by 92 percent. Today, 73 percent of seniors (who make up 14 percent of the US population) use the Internet.

connected internet people with cyber locks

Summer Film Provides a Child Identity Theft Wake-Up Call for Parents

Netflix launched a new documentary this summer. The Great Hack highlighted “the way data tracking, harvesting, and targeting take the strands of information we generate and ties them around us,” according to Wired magazine. It also highlighted the need for parents to focus on child identity theft protection.

cyber shields with checkmark on blue background

Cybersecurity Checklist for CEOs

According to Forbes, two-thirds of CEOs are taking the reins now that 59 percent of them control the cybersecurity budget. For them, having a cybersecurity checklist in place can help steer their decisions in the right direction.

computer screen with coding

Shining the Light on Security

Introducing the Newest Cyber Security Firm Headquartered in Pittsburgh, PAWe are pleased to introduce Pittsburgh’s newest cyber security…

cyber hacker graphic

IoT Security Presents Challenges for Large Enterprises

Internet of Things (IoT) devices are exploding in popularity, but they present serious cyber security challenges for large enterprises…

cybersecurity locks

Scary Stats & Cybersecurity Trends: Where to Focus in 2019

6 Cybersecurity Trends You Need to Know. Cybersecurity “trend” information is everywhere. The value of staying on top of what’s trending…

circles with governance, risk management, and compliance icons

Building an Integrated, Mature GRC Program: 7 Qualities and 7 Challenges

Enterprise risks and regulations are increasing exponentially. According to several industry experts, an upsurge in enforcement and fines…

Hand choosing an item on technology computer screen

Expert Q&A: Ensuring Digital Transformation Success By Building Cybersecurity Maturity

In January, a Frost & Sullivan study revealed that 60 percent of retailers had put their digital transformation programs on hold due to fear…