EXTEND Resources Renews ISO 27001 Certification for Information Security Management

EXTEND Resources is proud to announce the company has renewed its ISO 27001 certification for information security management.

ISO/IEC 27001:2013 CertificationThe certification scope includes every level of EXTEND’s people, processes, and technology. Moreover, the scope covers the company’s IT infrastructure stack, access control, asset management, operational and HR processes, and technology applications. In addition, the certification also includes EXTEND’s global operations in the U.S. and the Philippines.

Read More

The New Cyberwar Part 3: What are the “Best” Cybersecurity Practices?

In Part 3 of this series on the New Cyberwar, we will address the current best practices approach to preventing cyberattacks, such as ransomware and other cybercrime, and reacting to data breaches. When it comes to cybersecurity practices, is there really such a thing as “best?” How can you focus on developing the right practices for your organization? In addition, we’ll discuss the questions organizations should ask before performing a cybersecurity gap analysis project. Finally, we will dive into Data Vulnerability – what is it and where does it come into play? 

Read More

PODCAST: The Future of Data Privacy and Information Security

EXTEND’s Steve Henn recently sat down with Paul Starrett of PrivacyLabs to discuss the ways data privacy and information security are interconnected, a modern take on managing compliance across both focus areas, and the four questions companies should ask themselves as they work to protect the data their organizations create, handle, and store. Jam-packed with insights from two leaders who bring extensive AI, technology, information security, legal management, and data risk management expertise to clients, IT, InfoSec, Compliance, and Legal teams can leverage the on-demand recording to support their compliance initiatives. 

Read More

The New Cyberwar Part 1: Awakening a Sleeping Giant

It is an open secret that cyberwars have been going on for quite some time. To most of us, it is an unseen war – carried out by nations and nation-state actors against other countries. Consequently, the “civilian” populations of the nations at war were – for the most part – unaffected.

No more.

Criminal enterprises supported by nations have greatly increased cyberwar attacks on commercial companies and other non-governmental organizations. The SolarWinds hack, the Colonial Pipeline and JBS ransomware attacks, and others are just the beginning.

Read More

Cyber Risk Realities Part 2: Remediating Your Law Firms’ Security Gaps

The current information security environment is hostile to organizations seeking to ensure information integrity of the confidential legal content their law firms hold and generate. Hackers see professional services firms such as law firms and CPAs as the number one industry to target with ransomware attacks. In fact, professional services firms experience more than twice the number of attacks than the second-highest industries: Healthcare and the Public Sector. Consequently, the cybersecurity environment is getting worse for law firms every day. As proof, we have seen numerous legal industry companies – firms and vendors – suffer severe attacks in the past 18 months. 

Read More

Cyber Risk Realities Part One: How To Evaluate Your Law Firms

Between April 1, 2020 and June 25, 2020, cybercriminals managed to steal personal health information (PHI) and personally identifiable information (PII) from over 36,000 patients at the University of Pittsburgh Medical Center (UPMC). The hackers did not, however, obtain this information by hacking into UPMC. In 2020, hackers managed to access the email of one of UPMC’s law firms, Charles J. Hilton and Associates, an eight-member firm focused on billing-related services. The hackers have allegedly generated over $2,000,000 in fraudulent financial transactions. There is now a large class action lawsuit hitting both UPMC and the law firm regarding the breach. The lesson: Law firms that lack good cybersecurity hygiene create cyber risk for corporate legal departments and their companies.

Read More