Compliance & Regulations

Security awareness tips, industry news, and product updates.

Business owner reviewing a cyber insurance application with security control documentation
Compliance & RegulationsFor MSPs & Partners

Cyber Insurance 2026: MFA and Training Requirements

In 2026, no MFA can mean no coverage, and underwriters now want documented awareness training and phishing simulations too. Here is what insurers look for and how to evidence it.

James Thornton·7/8/2026·7 min read
Financial services professionals reviewing digital operational resilience requirements in a meeting
Compliance & Regulations

DORA: Security Awareness and Training Requirements

DORA is best known for ICT risk and incident reporting, but it also makes security awareness training a compulsory module for staff and management. Here is what financial entities must do, and how to evidence it.

Sarah Mitchell·7/8/2026·6 min read
Department-level training analytics
Compliance & RegulationsProduct Updates

Department Training Management and Compliance Digests

empowsec lets you organize employees into departments, give managers scoped visibility into their team's training and phishing results, and deliver weekly compliance digests so nothing slips through the cracks.

Natalie Hoffmann·7/7/2026·7 min read
Compliance officer reviewing ISO 27001 awareness program documentation during an audit
Compliance & Regulations

ISO 27001 Security Awareness Requirements Explained

ISO/IEC 27001:2022 expects more than a once-a-year slideshow. Here is what the standard actually requires for security awareness, and how to prove it to your auditor.

Natalie Hoffmann·7/6/2026·7 min read
Employee processing a card payment at a point-of-sale terminal in a retail environment
Compliance & Regulations

PCI DSS 4.0 Security Awareness Training Requirements

PCI DSS v4.0 raised the bar for security awareness, naming phishing and social engineering explicitly. Here is what the standard now requires if you handle card data.

Lisa Brennan·7/4/2026·7 min read
Security and governance team reviewing AI policy implications around a conference table
Compliance & Regulations

EU AI Act: What Security and Awareness Teams Must Know

The EU AI Act is no longer theoretical. From the AI-literacy duty to deepfake transparency rules, here is what security and awareness teams need to act on now.

Daniel Okafor·7/3/2026·8 min read
Clinical staff working in a hospital corridor where IT system outages directly affect patient care
Compliance & RegulationsThreat Intelligence

Healthcare Phishing and Ransomware: 2026 Sector Trends

Ransomware is hitting healthcare harder than ever in 2026, and the stakes are measured in patient safety. Here are the trends, HIPAA duties, and human-layer defenses that matter.

Marcus Chen·7/2/2026·7 min read
Security awareness reporting dashboards
Compliance & RegulationsProduct Updates

empowsec Reporting Dashboards: Metrics That Drive Action

empowsec reporting dashboards consolidate training completion, phishing simulation results, and risk scores into a single view - filterable by user, department, or company - with the same data available via API for your existing BI tools.

David Kowalski·7/1/2026·7 min read
A security training completion certificate
Compliance & RegulationsProduct Updates

Training Completion Certificates: Proof for Audits

empowsec issues verifiable completion certificates every time a learner finishes an assignment or course, giving compliance teams clean, downloadable PDF evidence they can present to auditors without any extra effort.

Natalie Hoffmann·6/27/2026·7 min read
Abstract visualization of connected cloud applications and integrations
Compliance & RegulationsThreat Intelligence

When the Vendor Is the Breach: The Salesloft Drift Lesson

One compromised chatbot integration exposed 700+ organizations through stolen OAuth tokens. The Salesloft Drift attack shows why third-party access is now your biggest blind spot.

Rachel Andersen·6/20/2026·4 min read
Employee entering text into an AI chatbot on a laptop at work
Security Awareness TipsCompliance & Regulations

Shadow AI: When Employees Leak Company Data to Chatbots

98% of organizations report unsanctioned AI use, and most have no policy to manage it. Shadow AI has become a top insider data-loss risk — and it's a security awareness problem.

Natalie Hoffmann·6/17/2026·4 min read
Cross-functional team gathered around a conference table running an incident response exercise
Security Awareness TipsCompliance & Regulations

Tabletop Exercises: Rehearsing Your Incident Response

A real breach is the worst time to discover that no one knows who decides whether to pay a ransom. Tabletop exercises expose those gaps in a conference room instead of a crisis.

Marcus Chen·6/15/2026·7 min read
« Previous12Next »