Data Privacy & Cybersecurity PracticeOne of the best qualities an information technology (IT) professional can possess is the tenacity to fully troubleshoot and resolve system issues as they occur. Unfortunately, that same drive and sense of urgency to gather relevant facts and to restore inoperable systems as quickly as possible can create issues for the necessary digital forensic investigations following a data security incident.
Read more »Data Privacy & Cybersecurity
-
Digital Forensic Experts are a Resource for IT Professionals Posted on: April 23, 2019 In: Data Privacy & Cybersecurity
-
Utah Requires Warrant for Law Enforcement Access to Certain Types of Data Posted on: April 12, 2019 In: Data Privacy & CybersecurityOn March 27, 2019, Utah Governor Gary Herbert signed House Bill (HB) 57 – known as the Electronic Information or Data Privacy Act – into law, making Utah the first state to protect information that individuals have shared with certain third parties. Among its provisions, HB 57 states that, effective May 14, 2019, law enforcement may not generally obtain certain types of “electronic information or data” for use in a criminal investigation or prosecution without first obtaining a search warrant.
Read more »
-
Virginia & Utah Amend Data Breach Statutes Posted on: April 09, 2019 In: Data Privacy & CybersecurityOn March 18, 2019, the commonwealth of Virginia enacted House Bill (HB) 2396, amending the commonwealth’s data breach notification statute. Specifically, HB 2396 expanded the commonwealth’s definition of “personal information” sufficient to trigger a notification obligation following a data security incident. Effective July 1, 2019, “personal information” will be defined to include both passport number and military identification number in addition to those data sets that were previously regulated.
Read more »
-
Improving Your Office365 Security Posture to Stop Phishing at Email’s Shores Posted on: April 03, 2019 In: Data Privacy & CybersecurityPhishing attacks and other email compromise schemes are not just an annoyance in the modern workspace. A successful email compromise can allow malicious actors to intrude into an organization’s enterprise email accounts, expose sensitive data contained in users’ inboxes, and give cyber criminals the ability to successfully impersonate an employee to others within and without the organization by using the employee’s own email account.
Read more »
-
The Financial Fraud Kill Chain: Combatting Fraudulent Money Transfers Posted on: April 02, 2019 In: Data Privacy & CybersecurityBusinesses are constantly targeted by criminals attempting to gain access to information that will allow them to fraudulently divert wire transfers. This often occurs after the criminal has conducted sufficient reconnaissance to determine who likely has an occupational role to approve or initiate wire transfers. The employee will then be targeted – often a financial executive like a Chief Financial Officer – and their email account will be compromised. But this can be prevented.
Read more »
-
Emerging Trend: Managed Service Providers Targeted with Ransomware Posted on: March 25, 2019 In: Data Privacy & CybersecurityAn emerging cyber-attack trend is shifting the paradigm for both cyber-preparedness and incident response: ransomware attacks targeting managed service providers. This is, in part, because the size of these attacks can be an order of magnitude larger in terms of the number of entities that are simultaneously affected, and because of the corresponding large-scale efforts that must be undertaken to swiftly and effectively remediate these attacks.
Read more »
-
Choosing the Wrong Partners in a Ransomware Attack - Making a Bad Situation Worse Posted on: March 22, 2019 In: Data Privacy & CybersecurityCompanies who make a Bitcoin payment in the face of a ransomware attack may run afoul of U.S. anti-money laundering laws. In particular, any company that makes such a payment risks being categorized as a “money service business” under the Bank Secrecy Act and corresponding U.S. Treasury regulations, opening them up to a whole host of compliance statutes and regulations.
Read more »
-
Illinois Expands the Definition of “Injury” Under the Biometric Information Privacy Act Posted on: March 01, 2019 In: Data Privacy & CybersecurityA recent decision issued by the Supreme Court of Illinois seems to stand for the proposition that the risk of harm to an individual stemming from a violation of the Illinois Biometric Privacy Act is so great that an impacted individual need not establish actual harm or injury to bring a claim. Rather, according to the Supreme Court of Illinois, exposure to the risk of actual harm or injury, standing alone, is sufficient.
Read more »
-
It’s a Bird, It’s a Plane, No… It’s Cryptojacking! Posted on: February 27, 2019 In: Data Privacy & CybersecurityYou attempt to log on to your computer, but it is non-responsive. Other users are also having trouble logging on. The system becomes so slow that it is non-functional. Is it an encryption attack? Is there some sort of malware affecting the network that will result in some form of extortionate demand? Or is it something else? Could it be that someone has “cryptojacked” the network?
Read more »
-
HIPAA Breach Reporting: Focus on Remediation in Responding to an HHS/OCR Investigation Posted on: February 25, 2019 In: Data Privacy & CybersecurityLast year was another banner year for HIPAA data breaches reported to the Department of Human Services Office of Civil Rights (HHS/OCR), and the reporting period hasn’t yet closed, as organizations experiencing breaches affecting fewer than 500 individuals have until 60 days after the end of the calendar year in which the breach occurred to make the report.
Read more »
-
Cybersecurity: Who Can Certify Compliance to the NYDFS Posted on: January 30, 2019 In: Data Privacy & CybersecurityThe New York State Department of Financial Services (NYDFS) Cyber Security Regulation for Financial Services Companies 23 NYCRR 500, enacted in March 2017 (the “Regulation”), sets out the required framework for regulated entities’ information security programs. The NYDFS Cybersecurity Regulation applies to “Covered Entities,” which are organizations required to operate under NYDFS...
Read more »
-
Massachusetts Amends Data Breach Law Notice Requirements, Mandates Credit Monitoring Services Posted on: January 24, 2019 In: Data Privacy & CybersecurityMassachusetts recently updated its breach notification statute, requiring an organization to provide additional services for individuals and greater disclosures to state regulators when a data breach occurs. The changes go into effect on April 10, 2019
Read more »
Blog Search
Featured Posts
Blog Tags
anti-money laundering
audit
audit logging
bank secrecy act
bitcoin
blockchain
breach notification
california
checklist
client notification
colorado
commission
congress
consumer notification
cryptocurrency
cybersecurity
cyber threat
data breach
data privacy
data privacy directive
data privacy officer
data protection officer
data security
delaware
department of commerce
department of health and human services
department of state
department of transportation
electronic benefit transfer
electronic information
email
employment
ethereum
ethics
eu
eu-u.s. privacy shield
european union
executive order
fbi
fcc
fcra
federal communication
federal trade commission
financial firms
financial fraud kill chain
financial services
gdpr
hacking
hipaa
hippa
homeland security
identity fraud
identity theft
illinois
incidence response plan
internet
irs
malware
maritime cybersecurity
maryland
microsoft office 365
multi-factor identification
net neutrality
new mexico
ninth circuit
nist security controls
nydfs
ocabr
office for civil rights
patching
personal data
personal information
phishing
pre-breach services
privacy act
protected health information
ransomeware
ransomware
rdp
regulations
remote desktop protocol
research
search warrant
security posture assessment
security vulnerabilities
service provider agreement
social engineering
social media
ssn
statute
supreme court
tax returns
tennessee
third party
utah
virginia
virus
w2
washington
workplace policy