Every quarter, we publish compliance and security insights that you can share with your employees to fulfill periodic security reminder requirements your organization may be subject to.
As an added bonus, we’ve highlighted some developing security trends and featured a quick tip to get more out of your compliance management.
Does Your Employee Security Training Make the Grade?
When it comes to training your employees for security best practices, there are several obvious programs that most companies already follow, including security awareness training at hire, plus an annual security awareness refresher training.
If your organization isn’t already doing both of these training programs, contact TCT for assistance getting your company headed in the right direction.
Those training programs are the bare minimum. There are also compliance requirements to provide regularly recurring security reminders (like this article) to your employees. These security reminders should be shared with your staff throughout the year — at least quarterly.
The more frequently you can provide reminders, the better. Every person in your organization should be on the same page and actively maintaining proper vigilance as a part of their daily work.
Other forms of directed training cover a myriad of aspects of your business. Adopt these outlier, circumstance-based trainings to cover the gaps in your existing security training program.
Attacks against individual employees
Train all staff to recognize and respond to various types of malicious attacks across various vectors. This includes phishing through email, text- or phone-based attacks, and social engineering attacks.
Keep in mind that just about everyone on the team has breadcrumbs (such as LinkedIn) on the Internet that will connect them with the company, so each of them becomes an indirect target for access to the company itself.
Everyone in your organization needs to be cognizant of the broad scope of communication channels that can be used by bad actors — even in their personal lives.
Incident response
Every organization should have some form of an incident response plan (IRP). It’s also required that you have associated training for all of your employees, so they understand their incident response responsibilities. As a part of this training, it is recommended to provide tabletop exercises that run through various scenarios so that employees can practice proper responses and dial in their IRP.
For many organizations, declaring an incident feels like a failure. As a result, they’re hesitant to declare their incidents and don’t invest in incident response training. I take a different approach: it’s far better to have the team fully prepared to step in and diagnose, triage, and remediate issues when they occur. An incident can be something as simple as a lost laptop to a five-alarm ransomware emergency.
Don’t be afraid to declare incidents, and exercise your incident response plan regularly throughout the year. Ultimately, you’ll have a stronger and more protected organization — and your personnel will be more prepared to handle issues skillfully when they arise.
Daily compliance practices
Beyond the official training opportunities, I’d add an unspoken consideration. Make sure you have a good training program in place for existing and new personnel, so they can get up to speed on their day-by-day compliance responsibilities.
For example, it’s important to stay on top of your hardware inventory. Every time a new device is purchased, the inventory should be updated. It’s easy to put off those updates, which makes it easy for the inventory to fall out of date.
Train your people to proactively stay on top of their compliance-related responsibilities, so that your compliance program maintains order, and efficiency — and so that nothing falls through the cracks unnoticed.
Software development
If you organization is one that writes code to support business processes, pProvide secure code training on an annual basis. This is required by certain compliance certifications, such as PCI, ISO, NIST and many others.
Don’t stop with the training, but also put your developers through their paces with secure code reviews. Be sure that your team is up to speed on secure code practices, based on the development language(s) they’re leveraging.
POS/POI devices
If your organization leverages Point Of Sale (POS) or Point Of Interaction (POI) devices, make sure everyone who uses a POS or a POI device receives training related to device inspections. Train employees to understand the kinds of attacks that can be made against the devices, and how to deal with those attacks properly.
Unlock Hidden Benefits within TCT Portal
TCT Portal is continually improving, with new features and capabilities to make your work more streamlined and less time consuming. Because the compliance tool goes through multiple updates each year, we’ve discovered that many of our customers haven’t made use of all the benefits they could be enjoying.
Over the past decade, TCT Portal has become more powerful and more helpful. If you’ve been a TCT Portal customer for a while, you may not realize all of the capabilities that have been added to the compliance management system since you began leveraging the platform.
Not every organization needs to make use of every capability within TCT Portal. However, you may be surprised to discover that we have incredible tools that you haven’t leveraged yet, right there at your fingertips. As helpful as the platform has been for you in the last several years, there may be more efficiencies to unlock that you haven’t yet discovered.
The features and capabilities you need depend on your particular compliance requirements and the specific use case of your organization. To best identify the optimal mix, TCT support and compliance personnel can meet with you to review your current Portal usage. We’ll help you uncover any additional TCT compliance management capabilities that could unlock additional streamlining for your organization.
By going through this brief exercise, you could uncover thousands of dollars in savings and hundreds of reduced man-hours per year.
If you’re leveraging TCT Portal to manage your compliance engagement, be sure you’re taking advantage of the opportunities that TCT offers by sitting down with the TCT team. Tell us how you’re using the tool today, what you’re seeking to improve, and we’ll collaborate with your team to show how we can make TCT Portal even more amazing for your organization.
Reach out to us today to schedule a call, or make your request through your TCT Consulting representative
Get your personalized demo
See what TCT Portal can do for your organization
What’s Going on in Security Today
22 Million Affected by Aflac Data Breach
AFLAC must notify 22.5 million customers that their personal information has been stolen,
dating back to June 2025. AFLAC disclosed initial suspicious activity on the network on June 20.
Right before Christmas, the investigation into the incident concluded. Names, addresses, SSNs,
DOBs, drivers’ licenses, health records, among other data were impacted/stolen. It goes beyond
just customers, and even beneficiary information for some customers was compromised.
Fresh MongoDB Vulnerability Exploited in Attacks
Through a vulnerability named MongoBleed, unauthenticated, remote attackers can get into MongoDB servers and leak/extort sensitive information. This particular finding impacts the zlib compression, allowing attackers to read heap memory without being authenticated. The patch for this was released on December 19, 2025. Some of the data that could be extracted include session tokens, passwords, API keys, and other sensitive information. Entire databases could be leaked with the right requests.
Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability
An old Fortinet vulnerability from 2020 resurfaced on Christmas Eve 2025, allowing for a
bypass of 2FA and not prompting when a username is changed. 2FA needs to be
enabled locally on the software, and remote authentication (LDAP) must be enabled.
Inconsistent case-sensitive matching to the local and remote usernames is the root cause of the
finding (an example of how this works is included in the article). This issue reinforces the need
for patching and hardened configurations, as there are over 1000 confirmed systems
vulnerable, in the US, to this 5 year old vulnerability!
What Are “Bring Your Own Vulnerable Driver” (BYOVD) Attacks?
BYOVD attacks, although not new, are gaining popularity among attackers. Bring Your
Own Vulnerable Driver (BYOVD) is an attack that uses legitimate but flawed driver software to
gain access to a system and disable security controls on workstations. This allows attackers to
deploy encryption malware on systems.
The attacker can then take advantage of stale drivers that already exist on the target system or, depending on their level of access to the device in question, even successfully load drivers known to be susceptible onto the target device. The attacks are effective due to the reuse of signed, legitimate drivers that the underlying operating system allows on the device.
Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors
NIST Cybersecurity Framework, ISO 27001, and CIS are three of the more commonly used
industry standards for compliance and regulation frameworks to follow in cybersecurity, but
they were created in a threat landscape completely different from today. None of those
frameworks have inclusions for AI (Artificial Intelligence) and the threats that it may pose.
Prompt injection is one example of a new AI-based attack using natural language instead of SQL injection, XSS, and command injection (which are looking for specific patterns, characters, or known attack signatures). This is one example of several new AI threats and threat models that modern cybersecurity is working to catch up to and protect against.
Get industry insider expertise delivered to your inbox
Subscribe to the TCT blog
