Data Privacy & Cybersecurity PracticeWhile many organizations seek to monitor their cybersecurity posture with internal testing, such as table top exercises, simulated phishing attacks, and other proactive measures, the question always remains: is it enough to thwart a sophisticated threat actor? This simple question, with its many complexities and concerns, was a daily inquiry for me as a former FBI executive in charge of the data presentation and storage for operations.
Read more »Data Privacy & Cybersecurity
-
All Hail the Red Team! The Value of Penetration Testing for a Cybersecurity Culture Posted on: May 17, 2022 In: Data Privacy & Cybersecurity
-
Can Your Coffee Maker Be Hacked? Cybersecurity Issues and the Growing Internet of Things Posted on: May 09, 2022 In: Data Privacy & CybersecurityInternet of Things (IoT) devices have flooded the lives of consumers over the past few years, with the global IoT market valued at $384.7 billion in 2021, according to a March 2022 report from Fortune Business Insights. "Smart" technology has become a standard feature on most consumer products, and with a growing number of devices being connected to the internet, it is increasingly important that the public be sufficiently educated on the risks that accompany IoT devices.
Read more »
-
UPDATE: Strengthening American Cybersecurity Act of 2022 Signed Into Law Posted on: March 28, 2022 In: Data Privacy & CybersecurityOn March 15, 2022, the Strengthening American Cybersecurity Act, which includes the Cyber Incident Reporting for Critical Infrastructure Act of 2022 was signed into law by President Biden, thereby creating new reporting requirements for critical infrastructure entities. Under the Act, entities considered to be critical infrastructure must notify the Cybersecurity and Infrastructure Security Agency within 72 hours of discovering a covered cyber incident and within 24 hours of a ransomware payment.
Read more »
-
Additional Data Protection Authorities Assess Legality Around Using Google Analytics Posted on: March 22, 2022 In: Data Privacy & CybersecurityIn response to a 2020 European Court of Justice (ECJ) ruling that the EU-US Privacy Shield data transfer mechanism was not consistent with European data protection laws, the EU and U.S. began working to identify a new arrangement for transferring personal data from the EU to the U.S. However, to date, no substitute data transfer mechanism has been identified.
Read more »
-
Standing Up the Strengthening American Cybersecurity Act of 2022 Posted on: March 16, 2022 In: Data Privacy & CybersecurityThe U.S. Senate unanimously passed the Strengthening American Cybersecurity Act on March 1, 2022. If signed into law, it would create an affirmative obligation for critical infrastructure entities across 16 federally designated critical infrastructure sectors, including energy and financial services, to report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency.
Read more »
-
FinCEN Alert: Malware/Ransomware Updates & New Perimeter Device Vulnerability Posted on: March 08, 2022 In: Data Privacy & CybersecurityThere have recently been a number of developments in cybersecurity due to the Russia/Ukraine conflict. The Financial Crimes Enforcement Network (FinCEN) released an alert on March 7 advising all financial institutions to be vigilant against efforts to evade sanctions imposed in connection with the Russian invasion of Ukraine. The primary focus of the alert appears to be eliciting cooperation of financial institutions in identifying hidden Russian and Belarusian assets.
Read more »
-
QR Codes – Consumer Convenience or Fraudulent Contrivance? Posted on: March 07, 2022 In: Data Privacy & CybersecurityDuring the halftime show of this year’s Super Bowl, a floating QR code took a star turn in a prominently placed advertisement from cryptocurrency exchange platform Coinbase. So many people reportedly followed the link from the QR code that the resulting traffic overwhelmed and crashed the Coinbase website landing page. The convenience of the code clearly worked, but while QR codes may be a welcome convenience, they may also be a potential tool for the commission of fraud.
Read more »
-
Russia-Ukraine Conflict: Ransomware Updates & Cybersecurity Consequences Posted on: February 28, 2022 In: Data Privacy & CybersecurityWith cyberwarfare in the headlines due to the Russia-Ukraine conflict, it is another reminder that we must maintain a sense of urgency about our information security. We need to continuously harden our systems, which includes increasing the speed with which we implement software and operating system updates, deploying heuristic-based endpoint detection and response (EDR) tools, regularly conducting vulnerability scans, enhancing our logging and event management processes, and more.
Read more »
-
Cyber Extortion: Harvesting the Fruits of Business Email Compromises Posted on: February 25, 2022 In: Data Privacy & CybersecurityBusiness email compromises have long been the staple of online criminal activity. As they continue to enhance their ability to monetize unlawful access to email accounts, malicious actors are now accessing and downloading emails and attachments, as well as files stored in OneDrive and SharePoint platforms, and using the sensitive information to extort ransom payments from legitimate email account holders.
Read more »
-
Canada Reforms Its Data Privacy Laws Through Enactment of Quebec Bill 64 Posted on: February 16, 2022 In: Data Privacy & CybersecurityIn September 2021, Quebec Bill 64, An Act to modernize legislative provisions as regards the protection of personal information, was unanimously adopted by lawmakers in the province. With a three-year phased implementation beginning on September 22, 2022, the new law aims to reform privacy laws in Canada by amending existing privacy laws and adding other requirements concerning public bodies and private enterprises handling personal information focusing on accountability in the use of personal information.
Read more »
-
Austrian DPA Says Google Analytics Use Violates GDPR Posted on: February 08, 2022 In: Data Privacy & CybersecurityIn recent months, a total of 101 complaints have been filed against data exporters in Europe for allegedly transferring data to the United States in violation of the European Union’s General Data Protection Regulation (GDPR) by way of the use of Google Analytics. The first decision by the Austrian Data Protection Authority (DPA) on January 13, 2022 held that an Austrian company was in violation of GDPR for impermissibly transferring personal data to the US via Google Analytics.
Read more »
-
Recent Amendment to New York State Technology Law Demonstrates Rapid Evolution of Privacy Laws Posted on: December 29, 2021 In: Data Privacy & CybersecurityOn December 22, 2021, New York Governor Kathy Hochul signed into law New York Senate Bill 7019, amending New York State Technology Law § 209 in an effort to remedy the miscommunications between various state agencies regarding notices of data breaches. The law now requires the Office of Information Technology Services to take certain steps when it discovers a data breach or network security breach. We discuss the background and details of the new law in this post.
Read more »
Blog Search
Featured Posts
Blog Tags
alabama
arkansas
audit
bank secrecy act
biometric data
breach notification
california
canada
ccpa
cisa
client notification
colorado
congress
connecticut
consumer notification
consumer rights
coronavirus
covid-19
cpra
cryptocurrency
cyber insurance
cybersecurity
cyber threat
cyberwarfare
data breach
data privacy
data privacy act
data protection
data security
delaware
email
employment
equifax
eu
eu-u.s. privacy shield
european unioin
european union
executive order
fbi
fcra
federal trade commission
fincen
fraud
fraud alert
ftc
gdpr
hacking
healthcare
hhsocr
hipaa
holiday season
human resources
identity theft
illinois
incident response
information security
irs
legislation
legislative alert
malware
managed service providers
maryland
massachusetts
microsoft exchange servers
microsoft office 365
multi-factor authentication
multi-factor identification
new jersey
new mexico
new york
ninth circuit
nist
nist security controls
online shopping
opt out
personal data
personal information
phishing
protected health information
ransomware
regulations
reporting requirements
russia ukraine conflict
social engineering
social media
statute
strengthening american cybersecurity act
subpoenas
supreme court
tax preparers
tax returns
utah
video-teleconferencing
virginia
w2
washington
websites
workplace policy
zero-day
zoom