Encryption is Not Just a Buzzword

10Jul 2018
By HIPAA Vault

Data security has become a buzzword in recent weeks with the revelation of Cambridge Analytica’s involvement with Facebook’s data and election cycles worldwide. Now more than ever, ensuring the security and integrity of your customer’ information is a key requirement for business success in today’s modern climate.

So what steps are needed to ensure data security? The easiest step is to ensure all local (or on premises data) is encrypted. Fortunately, many software offerings have encryption built in, with features to protect your information. For example, Windows systems feature BitLocker, a full disk encryption system for encrypting your information.

So why…

Read more

Top 3 Website Security Vulnerabilities

24May 2018
By HIPAA Vault

When performing a scan of your system servers, applications, and network devices, it’s not uncommon to see certain, predictable vulnerabilities showing up in the results. As each vulnerability represents a potential “weak spot,” or opening for attackers to penetrate and compromise your system, it’s important to be aware of them. The following represent the most common vulnerabilities:

Weak Cipher Suites/Protocols

Cipher suites are unique sets of methods or cryptographic algorithms, used for securing and encrypting data. They are used to turn plaintext into ciphertext (i.e. the word “hello” would turn into a random scrambled text like “grkki”). In non-technical terms, data…

Read more

Blocking Foreign IPs

23May 2018
By HIPAA Vault

Cyber experts are noting a continuing increase in aggressive cyber attacks, with major players like China, Russia, Iran, and North Korea continuing to lead the way. The Ukraine and Brazil also represent growing threats in the cyber war.

The motives behind these foreign IP attacks may include monetary gain, political agenda, or access to confidential information. If your company works with any type of confidential information or sensitive data, configuring your web applications and server settings to block suspicious, foreign IP addresses is vital to add a greater layer of protection to your systems.

In addition, a huge market exists…

Read more

Session Hijacking

08May 2018
By HIPAA Vault

Session hijacking is the use of a valid computer session to gain access to otherwise prohibited parts of a computer system. Specifically, session hijacking refers to the use of a cookie to authenticate a user to a network that is breached. In this way, the attacker can use that cookie to trick the server into believing that he is actually the regular user.

Most modern computer systems are vulnerable to session hijacking attempts because they communicate using a standardized protocol to identify users. For example, one method an attacker might use is called a Session Fixation attack. A Session Fixation…

Read more

Identity Management

07May 2018
By HIPAA Vault

Many organizations have mission critical systems that contain sensitive information, such as protected health information (PHI) or personally identifiable information (PII). If those mission critical systems are breached by hackers, confidential PHI or PII may be extracted, negatively impacting the company’s welfare, operations, and customers they serve. The enforcement of strong identity (ID) management on a system-wide basis is therefore necessary for these organizations to ensure the protection of these mission critical systems.

ID management essentially consists of managing the identification, authorization, and authentication of users within an organization’s system. Identification simply refers to verifying the identity of a particular…

Read more

What is HTTPS and How Do You Enable It?

12Apr 2018
By HIPAA Vault


One of the easiest ways to protect the data of those who visit your website is by enabling HTTPS. HTTP, or Hypertext Transfer Protocol, is what web browsers use to communicate with web servers to display information; this traffic, however, is vulnerable to interception and “sniffing.” HTTPS, on the other hand, takes advantage of SSL Certificates to authenticate website traffic as legitimate, and ensure that data transferred between the site and the user is encrypted.

Data transferred using HTTPS travels over a secure tunnel known as Transport Layer Security. TLS uses three primary methods of securing your data….

Read more
Kali Linux

Use Kali Linux to Defend Against System Vulnerabilities

11Apr 2018
By HIPAA Vault

Securing our digital world involves utilizing the best offensive, cyber security penetration measures to test each environment’s security. Some of the finest tools available for this “ethical hacking” process are those offered through Kali Linux. Kali Linux is an open-source, Debian-derived distribution available to download and install through Windows and Linux. It is developed and maintained by Offensive Security, a group of highly skilled information security and certified penetration testing professionals. As such, it is intended for professional penetration testers and proven security specialists, and not as a basic Linux desktop distribution to be employed for development…

Read more

3 Basic Steps for Securing WordPress

10Apr 2018
By HIPAA Vault

WordPress is the world’s most popular open-source content management system (CMS). As such, it is also the most frequently attacked CMS. It is vital, therefore, to understand how to make your wordpress site more secure. Keeping in mind the following 3 concepts will go a long way toward meeting that goal.

Secure WP Access

The first and most obvious step is to make sure your passwords are secure. The most common type of attack is simply obtaining someone’s username/password combination. Easy to guess passwords like ‘password’ and ‘opensesame’ should be avoided. This will make hacking your password much more difficult, and…

Read more

How to obtain CISSP Status

05Apr 2018
By HIPAA Vault

As an organization that focuses on managed security, HIPAA Vault is often asked how to enter the cybersecurity field and become an IT Security Expert. As an aide to those interested in this field of study, a CISSP certification may be helpful for you. Here is guide to help you get your CISSP:

Pursuing CISSP certification

Excel in the information security career field. This certification status will raise visibility and credibility, improve job security, plus generate new business opportunities. The Certified Information Systems Security Professional (CISSP) curriculum includes a variety of Information Security topics to include Risk Management, Communications, Identity and…

Read more
DoS Attacker

DoS Attacks Threaten Organizations Around the World

04Apr 2018
By HIPAA Vault

Denial-of-Service (DoS) attacks are an especially common form of cyberattack, intended to overload a target’s system and resources by sending enormous amounts of traffic. This type of volumetric attack typically utilizes zombie hosts, or computers infected with botnets to flood networks or applications with requests and traffic. The primary hacker’s IP is difficult to track in system logs, which makes it hard to identify IPs accessing the system.

If a web server has been down for many hours, or even days, it may be a result of the web domain’s hosting server having errors, or a Denial-of-Service attack. The vast…

Read more

Our certifications