Data Privacy & Cybersecurity PracticeThe New York State Department of Financial Services (NYDFS) Cyber Security Regulation for Financial Services Companies 23 NYCRR 500, enacted in March 2017 (the “Regulation”), sets out the required framework for regulated entities’ information security programs. The NYDFS Cybersecurity Regulation applies to “Covered Entities,” which are organizations required to operate under NYDFS...
Read more »Data Privacy & Cybersecurity
-
Cybersecurity: Who Can Certify Compliance to the NYDFS Posted on: January 30, 2019 In: Data Privacy & Cybersecurity
-
Massachusetts Amends Data Breach Law Notice Requirements, Mandates Credit Monitoring Services Posted on: January 24, 2019 In: Data Privacy & CybersecurityMassachusetts recently updated its breach notification statute, requiring an organization to provide additional services for individuals and greater disclosures to state regulators when a data breach occurs. The changes go into effect on April 10, 2019
Read more »
-
Modlishka – Exploiting Two-Factor Authentication Posted on: January 22, 2019 In: Data Privacy & CybersecurityTwo-factor authentication (2FA) is a commonly used means of securing access to website accounts through easily understood login procedures. Once the user provides the required information, whether a password or site generated code, a session cookie is generated and a secure session is established between the user and the site. But what if an unauthorized person eavesdrops and collects the 2FA information or session cookie?
Read more »
-
Identity Theft: The Crime of the New Millennium - Tips for Prevention and Recovery Posted on: January 17, 2019 In: Data Privacy & CybersecurityTwenty years ago, as I was working with the FBI and the Secret Service in prosecuting large identity theft rings – often associated with data breaches (although the term “data breach” had not yet entered our daily vernacular) – we created protocols to help consumers prevent identity theft and assist victims recovering from it.
Read more »
-
W-2 Image Exploits: With the Tax Season Come the Thieves Posted on: January 10, 2019 In: Data Privacy & CybersecurityIf you process or store Form W-2 Wage and Tax Statements, you are a target. The Form W-2 contains everything a malicious actor needs to file a false tax return with the Internal Revenue Service (IRS) and steal a refund. Because a W-2 contains a consumer Social Security number (SSN), it is highly valued on the dark web, and therefore highly sought after by thieves.
Read more »
-
Tax Return Theft: Tips for Prevention & Response Posted on: January 08, 2019 In: Data Privacy & CybersecurityAs the Internal Revenue Service warned tax professionals last month, malicious actors are currently attempting to hack into tax preparers’ networks to steal 2019 tax return information. If you are a professional tax preparer, you are a target – regardless of the size of your business. Malicious actors target information including tax returns filed in previous years, Form W-2 Wage and Tax Statement images, and anything than contains unredacted Social Security numbers
Read more »
-
Ransomware: Recommendations for Preparation and Response Posted on: January 03, 2019 In: Data Privacy & CybersecurityThe response to an encryption attack can be very difficult. Encrypted critical data usually places a business in a crisis with no ability – or an extremely limited ability – to conduct basic operations. Too few organizations have developed incident response plans providing for contingent or out-of-band communications. Often, before consulting any incident response experts, the victim business has communicated with the attacker and revealed information that the attacker is able to leverage in negotiations.
Read more »
-
Michigan Next State to Adopt Insurance Data Security Model Law Posted on: January 03, 2019 In: Data Privacy & CybersecurityMichigan is poised to become the next state to adopt a data security law similar to the Insurance Data Security Model Law advocated by the National Association of Insurance Commissioners (NAIC). Michigan House Bill 6491, passed by the Michigan House during Michigan’s 99th Legislative Session on December 6, 2018, and passed by the Michigan Senate on December 19, 2018, was presented to its then-Governor Rick Snyder on December 27, 2018.
Read more »
-
Cybersecurity Resolutions for 2019 Posted on: December 28, 2018 In: Data Privacy & CybersecurityA new year is upon us, which means people across the world will resolve to exercise more, eat healthier, eliminate financial debt and, most importantly, enhance their cybersecurity over the coming year. More than the typical New Year’s resolutions, improving your individual and corporate cybersecurity defenses can be easier to achieve and sustain. With that in mind, here are a few cybersecurity resolutions to add to your new year’s list, and a few tips for achieving them in 2019.
Read more »
-
Lack of Code Diversity in Cryptocurrency Ethereum May be Propagating Bad Code Posted on: November 12, 2018 In: Data Privacy & CybersecurityEthereum, one of the most popular cryptocurrencies with a market cap of more than $21.8 billon, is causing serious anxiety in the cryptocurrency marketplace. Code integrity concerns have resulted in $170 million in cryptocurrency being frozen, and one recent security compromise caused $38,000 in losses to users. New research has further heightened concerns about the coin’s ecosystem itself.
Read more »
-
Social Media and the Workplace – Why and How Employers Should Limit the Use of Social Media in the Workplace Posted on: November 09, 2018 In: Data Privacy & CybersecuritySocial media has revolutionized the way people communicate and stay in contact with one another. But in the workplace, trying to “friend” an employee or sharing a photo with sensitive information in the background can create legal liabilities that employers may not have thought about before.
Read more »
-
New Canadian Data Breach Notification Requirements Take Effect as PIPEDA Amendments Come Into Force Posted on: October 31, 2018 In: Data Privacy & CybersecurityOn November 1, 2018, the long-awaited amendments to Canada’s main federal data privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), take effect.
Read more »
Blog Search
Featured Posts
- January 22, 2019 Modlishka – Exploiting Two-Factor Authentication
- January 08, 2019 Tax Return Theft: Tips for Prevention & Response
Blog Tags
2fa
aba
alabama
american bar association
arkansas
audit
breach notification
california
ccpa
checklist
client notification
colorado
congress
consent order
consumer consent
consumer notification
critical security controls
cryptocurrency
cybersecurity
cyber threat
data breach
data privacy directive
data protection officer
data security
delaware
department of commerce
department of financial services
electronic protected health information
employment
encryption attack
equifax
ethereum
ethics
eu
eu-u.s. data privacy shield
eu-u.s. privacy shield
european parliament
european unioin
european union
fcra
federal communication
federal trade commission
financial firms
fines
fraud alert
gdpr
hacking
hippa
identity theft
incidence response plan
irs
it
malware
maryland
massachusetts
michigan
microsoft office 365
model law
modlishka
multi-factor identification
naic
net neutrality
new mexico
new york
ninth circuit
nist framework
nist security controls
nydfs
ocabr
oregon
patching
penalties
personal data
phishing
pipeda
privacy act
ransomware
rdp
regulations
remote desktop protocol
security posture assessment
security vulnerabilities
service provider agreement
social engineering
social media
south dakota
spear-phishing
spectre
spokeo
statute
supervisory authorities
supreme court
tax preparers
tax returns
tennessee
third party
utah
virginia
virus
workplace policy