006 - Discovering, Monitoring, and Encrypting ePHI

007 - MSP Growth Strategies

In this episode, Bill Falk welcomes Alex Courson, founder of CyberSells [https://cyber-sells.com/], for a conversation about how MSPs can unlock new revenue and better manage cybersecurity challenges. Alex shares insights into why monetizing existing tools, improving execution, and embracing delegation are key to MSP growth today. They discuss the evolution of the MSP role—from technical service providers to business risk advisors—and how cybersecurity insurance is creating new opportunities for MSPs to differentiate themselves. Alex also explains how tools like Actifile help MSPs uncover hidden vulnerabilities, protect against liability, and position themselves for success in a rapidly changing market. If you're an MSP looking to expand services, drive compliance conversations, and grow your business smarter, you won't want to miss Alex's advice.

006 - Discovering, Monitoring, and Encrypting ePHI

In this episode of Data Security Talk, host Bill Falk, President of Go-to-Market at Actifile, sits down with James Oliverio, CEO and Founder of Ideabox, to explore the evolving landscape of data security in healthcare and beyond. With over 30 years of experience, James shares actionable insights on achieving HIPAA compliance, securing ePHI, and managing data risks effectively. Hear real-world case studies, including how Actifile helped a not-for-profit (AHI) navigate NIST 800-53 certification and how a regional hospital system tackled a phishing breach. Learn why knowing where your data is—and protecting it—is critical for any organization, from healthcare providers to employers handling employee records. Plus, discover the shift from Data Loss Prevention (DLP) to Data Security Posture Management (DSPM) and its role in the age of AI. Key Topics: * HIPAA compliance beyond healthcare providers * Discovering, monitoring, and encrypting sensitive patient data [https://actifile.com/hipaa-encryption-requirements/] with Actifile * Lessons from real breaches and audits * Building a security culture that protect patient data and drives business growth

005 - The Economic Imperative

Host Bill Falk and guest James Oliverio explore the economic imperative of cybersecurity and the evolving role of data risk management. Oliverio, drawing on his extensive background from investment banking to founding his own security firm, emphasizes that cyber investments should be seen as strategic initiatives rather than mere expenses. He introduces the concept of Return on Mitigation (ROM) to quantify the benefits of proactive security measures, arguing that properly secured data can provide a competitive advantage. The conversation highlights how modern breaches often stem from internal vulnerabilities, discusses real-world examples of data leakage, and examines the challenges posed by emerging AI tools in enhancing cyber threats. Both speakers stress the need for robust data classification, comprehensive compliance policies, and an integrated approach to safeguarding sensitive information in today's cloud-dominated landscape.

004 - CMMC Compliance

A detailed discussion about CMMC (Cybersecurity Maturity Model Certification) 2.0 between Bill Falk from Actifile and Steve Rutkovitz from Choice Cyber Solutions. Steve, with 21 years of MSP experience, explains that approximately 80,000 companies will need CMMC certification [https://actifile.com/cmmc-2-level-2/] starting in 2025. The discussion covers the transition from CMMC 1.0 to 2.0, reducing from five levels to three levels, with Level 2 requiring 110 requirements (320 individual controls) under NIST-171. Steve emphasizes that companies handling CUI (Controlled Unclassified Information) must achieve Level 2 certification. The certification process requires extensive documentation, with SSPs (System Security Plans) typically exceeding 110 pages. Audit costs vary significantly, by tens of thousands of dollars. The certification is valid for three years but requires annual attestation and risk assessments. Steve predicts that CMMC standards will expand beyond the DoD to other government entities and industries.

003 - Data Encryption

A discussion about data encryption [https://actifile.com/data-encryption/] between Guy Bavly, CEO of Actifile, and co-founder Assaf Litai. They explore the evolution of encryption from ancient ciphers to modern standards like AES. Assaf explains different types of encryption (symmetric, asymmetric, and PKI), their applications in e-commerce, and how they ensure data security. The discussion covers the CIA (Confidentiality, Integrity, Availability) model, encryption management approaches (user-managed vs. centrally managed), and practical challenges MSPs face when implementing encryption. They also address compliance requirements, cloud security, and future concerns about quantum computing. Assaf emphasizes that modern CPUs handle encryption efficiently, with minimal performance impact, and highlights that encryption is crucial for regulatory compliance, particularly for HIPAA, GDPR, and FTC safeguard rules. The conversation concludes with a discussion about post-quantum cryptography.