614-322-2222 or 877-770-8324

What can we learn from these government agencies that are failing external audits in protecting our data?

Aug

30

What can we learn from these government agencies that are failing external audits in protecting our data?

What can we learn from these government agencies that are failing external audits in protecting our data?

From Charles Robbins

August 30, 2021

What can we learn from these government agencies that are failing external audits in protecting our data? In general, these agencies “consistently failed to implement certain key cybersecurity requirements including encryption of sensitive data, limiting each user’s access to the information and systems needed to perform their job, and multi-factor authentication”. From reading through these three simple tasks, at your organization, it begins with an assessment. We contact the platform developer to get their CSF certification, the data on their penetration tests and their encryption standard. Oh, if you are at a government agency or large enterprise, the developer is missing all three. Failure point 1.

In your assessment, you check 25 random accounts. In the first five you have checked, the users have too much access and have not met their security credentials requirements and training. Failure point 2. In the assessment, we can use their station under our login and there is not 100% MFA. Failure point 3. This type of audit does not need to take expensive external teams to find your problems. Any executive can do this inspection. We do ask executives all the time why they are not aware of these issues. Once leaders start to get control of their own departments, they can fix the data security issues by applying the NIST standard.

TechR2 does ISO 31000 Assessments for our clients and for IBM’s clients.



  • Providing complete “Cradle to Grave” data eradication solutions, sound experience, industry best practices and resources to support you.


  • About An Industry Leader

    TechR2 is the only company in the industry that has earned a US patent for its Track-Contain-Destroy-Verify data security process, is OEM approved, upholds critical ISO certifications, and is recognized for compliance with GDPR, NIST and all governmental regulations concerning data destruction, including ISO 27001, ISO 14001, ISO 9001, and ISO 45001.


  • Why risk it? Get started today!
    Call 614-322-2222 or use this form.