Data Privacy & Cybersecurity PracticeA business email compromise (BEC) is a cyber crime that utilizes access to an organization’s email to defraud that organization and its employees, customers, or partners. In 2020, COVID-19 has provided attackers with a new source for BEC exploits. Attackers are taking advantage of the need for communications surrounding COVID-19 and increased remote work connections from employee home networks to their employers’ corporate networks.
Read more »Data Privacy & Cybersecurity
-
Business Email Compromise Attacks on the Rise in 2020 Posted on: June 18, 2020 In: Data Privacy & Cybersecurity, COVID-19 Response
-
California AG Submits CCPA Regulations for Final Approval, Paving the Way Toward Enforcement Posted on: June 03, 2020 In: Data Privacy & CybersecurityOn Monday, June 1, 2020, the California Attorney General’s Office announced that it had submitted the final version of its proposed regulations under the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL) for review and approval.
Read more »
-
Legislative Alert: Washington Expands Definition of Personal Information for Public Agencies Posted on: April 22, 2020 In: Data Privacy & CybersecurityOn March 18, 2020, Washington State Governor Jay Inslee signed into law Senate Bill 6187, which amends the state’s security breach notification statute as applicable to state and local agencies by expanding the definition of “personal information” to include the last four digits of an individual’s Social Security number.
Read more »
-
Legislative Alert: D.C. Passes Security Breach Protection Amendment Act, Creating New Notice Requirements and Cybersecurity Safeguards Posted on: April 17, 2020 In: Data Privacy & CybersecurityOn March 26, 2020, District of Columbia Mayor Muriel Bowser signed into law Act 23-268, known as the “Security Breach Protection Amendment Act of 2020.” The Act, which amends section 28 of Chapter 38 of the District of Columbia Code, broadens the existing definition of “personal information,” increases the breach notice contents requirements, provides attorney general notice requirements, and mandates cybersecurity safeguards.
Read more »
-
Accounting Firm Vulnerability During Tax Season – Now Extended to July 15 Posted on: April 16, 2020 In: Data Privacy & Cybersecurity, COVID-19 ResponseLast month, the IRS extended the usual April 15 tax filing deadline to July 15. While this brings relief to those facing financial hardship due to the COVID-19 pandemic, it also extends the window of opportunity for cybercriminals to attack accounting firms.
Read more »
-
Remaining Vigilant Against State-Sponsored Cyberattacks Posted on: April 15, 2020 In: Data Privacy & CybersecurityState-sponsored cyberattacks have increased in recent years. These attacks, which are supported and funded by foreign governments, typically reflect geopolitical dynamics, with hacking campaigns often emerging following international conflicts. Frequently, the nations responsible for cyberattacks seek to achieve specific goals through their hacking campaigns. Their objectives may include conducting economic espionage or disrupting another nation’s political or economic stability.
Read more »
-
How to Protect Yourself from Zoom-Hijacking Posted on: April 09, 2020 In: Data Privacy & Cybersecurity, COVID-19 ResponseOn March 30, 2020, the FBI announced that it has received multiple reports of video-teleconferencing (VTC) hijacking attacks in recent weeks. The attacks target the VTC platform Zoom and involve unidentified individuals joining online meetings and disrupting them with pornographic and/or hate images and speech. This type of attack is being referred to as “Zoom-bombing.”
Read more »
-
Legislative Alert: Virginia Expands Insurance Data Security Requirements Posted on: March 31, 2020 In: Data Privacy & CybersecurityOn February 25, 2020, the Virginia State Legislature passed House Bill 1334, the Insurance Data Security Act, which establishes data security requirements applicable to persons licensed by the insurance laws of the Commonwealth. Following on other state laws that have created data security regimes applicable to the insurance industry, the Virginia law requires licensees to maintain the security of information systems and nonpublic information.
Read more »
-
OCR Announces HIPAA Telehealth Security Waiver in Response to COVID-19 Pandemic Posted on: March 20, 2020 In: Data Privacy & Cybersecurity, COVID-19 ResponseThe Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS), which is the body responsible for enforcing certain regulations pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), is exercising its enforcement discretion to meet the needs of health care providers and patients during the COVID-19 (Coronavirus) public health emergency.
Read more »
-
Legislative Alert: Vermont Expands Definition of Personal Information and Enacts Protections for Student Privacy and Automatic Subscription Renewals Posted on: March 19, 2020 In: Data Privacy & CybersecurityOn March 5, 2020, Vermont Governor Phil Scott signed into law Senate Bill 110, which amends sections of Chapter 62 of the Vermont Statutes Annotated - “Protection of Personal Information” - including Sections 2430, 2435, and 2454. The bill also adds Section 2443 to the chapter, which governs the privacy of student information belonging to preschool, kindergarten, elementary, and secondary school students.
Read more »
-
Washington State Data Breach Notification Statute Updates Go Into Effect, Imposing New Requirements on Businesses Posted on: March 17, 2020 In: Data Privacy & CybersecurityEffective March 1, 2020, amendments to the Washington State data breach notification statute made the law significantly more onerous for companies dealing with data security incidents. The amendments, which we first covered in May 2019, expanded the definition of personal information, shortened the deadlines for notification, and imposed additional requirements for notice contents.
Read more »
-
ALERT: COVID-19 / Coronavirus-Related Ransomware and Phishing Attacks Posted on: March 13, 2020 In: Data Privacy & Cybersecurity, COVID-19 ResponseWith the advent of the Coronavirus, criminals have begun to take advantage of what consumers expect to receive via email to conduct phishing attacks. Criminals are also expected to take advantage of millions of vulnerable remote connections from employee home networks to their corporate networks.
Read more »
Blog Search
Featured Posts
Blog Tags
alabama
anti-money laundering
arkansas
audit
audit logging
bank secrecy act
biometric data
bitcoin
blockchain
breach notification
california
ccpa
client notification
colorado
commission
congress
consumer notification
coronavirus
covid-19
cryptocurrency
cybersecurity
cyber threat
data breach
dataprivacy
data privacy
data privacy officer
data security
department of health and human services
department of state
department of transportation
electronic benefit transfer
email
employment
equifax
eu
eu-u.s. privacy shield
european union
fbi
fcc
fcra
federal trade commission
financial services
fraud
gdpr
hacking
healthcare
hhsocr
hipaa
holiday season
homeland security
human resources
identity theft
illinois
information security
insurance
insurance industry
internet
irs
legislative alert
malware
managed service providers
maritime cybersecurity
maryland
microsoft office 365
multi-factor identification
nevada
new jersey
new mexico
new york
ninth circuit
nist security controls
office for civil rights
personal data
personal information
phishing
pre-breach services
privacy
privacy notification
ransomware
regulations
research
scare scam
scareware
search warrant
security vulnerabilities
social engineering
social media
ssn
statute
students
supreme court
tax returns
utah
vermont
video-teleconferencing
virginia
virus
w2
washington
workplace policy