Data Security Talk
Conversations about business data security, and how organizations can protect themselves from ever-evolving cyber threats.
info_outline
007 - MSP Growth Strategies
04/25/2025
007 - MSP Growth Strategies
In this episode, Bill Falk welcomes Alex Courson, founder of , for a conversation about how MSPs can unlock new revenue and better manage cybersecurity challenges. Alex shares insights into why monetizing existing tools, improving execution, and embracing delegation are key to MSP growth today. They discuss the evolution of the MSP role—from technical service providers to business risk advisors—and how cybersecurity insurance is creating new opportunities for MSPs to differentiate themselves. Alex also explains how tools like Actifile help MSPs uncover hidden vulnerabilities, protect against liability, and position themselves for success in a rapidly changing market. If you're an MSP looking to expand services, drive compliance conversations, and grow your business smarter, you won’t want to miss Alex’s advice.
/episode/index/show/1e2030c9-fd50-4302-a01e-3c66c5894498/id/36317615
info_outline
006 - Discovering, Monitoring, and Encrypting ePHI
03/30/2025
006 - Discovering, Monitoring, and Encrypting ePHI
In this episode of Data Security Talk, host Bill Falk, President of Go-to-Market at Actifile, sits down with James Oliverio, CEO and Founder of Ideabox, to explore the evolving landscape of data security in healthcare and beyond. With over 30 years of experience, James shares actionable insights on achieving HIPAA compliance, securing ePHI, and managing data risks effectively. Hear real-world case studies, including how Actifile helped a not-for-profit (AHI) navigate NIST 800-53 certification and how a regional hospital system tackled a phishing breach. Learn why knowing where your data is—and protecting it—is critical for any organization, from healthcare providers to employers handling employee records. Plus, discover the shift from Data Loss Prevention (DLP) to Data Security Posture Management (DSPM) and its role in the age of AI. Key Topics: HIPAA compliance beyond healthcare providers Discovering, monitoring, and with Actifile Lessons from real breaches and audits Building a security culture that protect patient data and drives business growth
/episode/index/show/1e2030c9-fd50-4302-a01e-3c66c5894498/id/35924750
info_outline
005 - The Economic Imperative
03/03/2025
005 - The Economic Imperative
Host Bill Falk and guest James Oliverio explore the economic imperative of cybersecurity and the evolving role of data risk management. Oliverio, drawing on his extensive background from investment banking to founding his own security firm, emphasizes that cyber investments should be seen as strategic initiatives rather than mere expenses. He introduces the concept of Return on Mitigation (ROM) to quantify the benefits of proactive security measures, arguing that properly secured data can provide a competitive advantage. The conversation highlights how modern breaches often stem from internal vulnerabilities, discusses real-world examples of data leakage, and examines the challenges posed by emerging AI tools in enhancing cyber threats. Both speakers stress the need for robust data classification, comprehensive compliance policies, and an integrated approach to safeguarding sensitive information in today’s cloud-dominated landscape.
/episode/index/show/1e2030c9-fd50-4302-a01e-3c66c5894498/id/35516795
info_outline
004 - CMMC Compliance
02/01/2025
004 - CMMC Compliance
A detailed discussion about CMMC (Cybersecurity Maturity Model Certification) 2.0 between Bill Falk from Actifile and Steve Rutkovitz from Choice Cyber Solutions. Steve, with 21 years of MSP experience, explains that approximately 80,000 companies will need starting in 2025. The discussion covers the transition from CMMC 1.0 to 2.0, reducing from five levels to three levels, with Level 2 requiring 110 requirements (320 individual controls) under NIST-171. Steve emphasizes that companies handling CUI (Controlled Unclassified Information) must achieve Level 2 certification. The certification process requires extensive documentation, with SSPs (System Security Plans) typically exceeding 110 pages. Audit costs vary significantly, by tens of thousands of dollars. The certification is valid for three years but requires annual attestation and risk assessments. Steve predicts that CMMC standards will expand beyond the DoD to other government entities and industries.
/episode/index/show/1e2030c9-fd50-4302-a01e-3c66c5894498/id/35111130
info_outline
003 - Data Encryption
01/06/2025
003 - Data Encryption
A discussion about between Guy Bavly, CEO of Actifile, and co-founder Assaf Litai. They explore the evolution of encryption from ancient ciphers to modern standards like AES. Assaf explains different types of encryption (symmetric, asymmetric, and PKI), their applications in e-commerce, and how they ensure data security. The discussion covers the CIA (Confidentiality, Integrity, Availability) model, encryption management approaches (user-managed vs. centrally managed), and practical challenges MSPs face when implementing encryption. They also address compliance requirements, cloud security, and future concerns about quantum computing. Assaf emphasizes that modern CPUs handle encryption efficiently, with minimal performance impact, and highlights that encryption is crucial for regulatory compliance, particularly for HIPAA, GDPR, and FTC safeguard rules. The conversation concludes with a discussion about post-quantum cryptography.
/episode/index/show/1e2030c9-fd50-4302-a01e-3c66c5894498/id/34739550
info_outline
002 - CIS Controls
12/09/2024
002 - CIS Controls
This episode is a detailed discussion between Guy Bavly (CEO) and Assaf Litai (CTO) of Actifile about the CIS (Center for Internet Security) controls framework. Asaaf explains that CIS is a general-purpose security framework designed to help organizations improve their security stance, unlike specific frameworks for healthcare, DOD, or credit cards. The discussion explores how MSPs can benefit from implementing CIS controls, with Assaf emphasizing that it provides a standardized approach to security implementation across customers. He notes that while CIS isn't necessarily 'best-in-class,' it represents a 'best effort' approach that balances security needs with cost considerations. The conversation also covers the relationship between CIS and privacy regulations like HIPAA and GDPR, practical implementation challenges, and how tools like Actifile can help meet CIS requirements, particularly in data security controls.
/episode/index/show/1e2030c9-fd50-4302-a01e-3c66c5894498/id/34357205
info_outline
001 - Legacy Cybersecurity Systems
10/29/2024
001 - Legacy Cybersecurity Systems
A discussion between Bill Falk, President of GTM, and Guy Bavly, co-founder and CEO of Actifile. Bill and Guy discuss the limitations of legacy cybersecurity systems and how they were designed for a different computing environment with local networks, desktop computers, and smaller data volumes. Guy explains that the evolution of cloud computing, remote work, privacy regulations, and the proliferation of shadow IT applications have made these legacy systems obsolete. He highlights the need for that is accessible, automated, and user-friendly. They also discuss the challenges of encryption management and the importance of protecting data across hybrid environments, including cloud repositories and shadow IT applications.
/episode/index/show/1e2030c9-fd50-4302-a01e-3c66c5894498/id/33674097