// NOTES
Working notes on HIPAA and GLBA compliance, website hardening, ransomware response, and the things small businesses actually need to know about cybersecurity — without the enterprise jargon.
Most HIPAA risk assessment templates are designed for hospitals. Here's what one actually looks like in a real small practice — the questions worth asking first, the risks you'll almost certainly find, and what 'documenting' really means.
ReadThe 2023 amendments changed what the FTC actually expects from collection agencies. Here's what applies, who needs a Qualified Individual, and what your written information security program has to cover — without the regulatory jargon.
ReadMost ransomware response advice is written for enterprises with security operations teams. Here's what to do if it happens to a 10-person business at 9:15 on a Tuesday morning, in the order it should happen.
Read