The New York State Department of Financial Services (NYDFS) Cyber Security Regulation for Financial Services Companies 23 NYCRR 500, enacted in March 2017 (the “Regulation”), sets out the required framework for regulated entities’ information security programs. The NYDFS Cybersecurity Regulation applies to “Covered Entities,” which are organizations required to operate under NYDFS...
Read more »Data Privacy & Cybersecurity
-
Cybersecurity: Who Can Certify Compliance to the NYDFS Posted on: January 30, 2019 In: Data Privacy & Cybersecurity
-
Massachusetts Amends Data Breach Law Notice Requirements, Mandates Credit Monitoring Services Posted on: January 24, 2019 In: Data Privacy & Cybersecurity
Massachusetts recently updated its breach notification statute, requiring an organization to provide additional services for individuals and greater disclosures to state regulators when a data breach occurs. The changes go into effect on April 10, 2019
Read more »
-
Modlishka – Exploiting Two-Factor Authentication Posted on: January 22, 2019 In: Data Privacy & Cybersecurity
Two-factor authentication (2FA) is a commonly used means of securing access to website accounts through easily understood login procedures. Once the user provides the required information, whether a password or site generated code, a session cookie is generated and a secure session is established between the user and the site. But what if an unauthorized person eavesdrops and collects the 2FA information or session cookie?
Read more »
-
Identity Theft: The Crime of the New Millennium - Tips for Prevention and Recovery Posted on: January 17, 2019 In: Data Privacy & Cybersecurity
Twenty years ago, as I was working with the FBI and the Secret Service in prosecuting large identity theft rings – often associated with data breaches (although the term “data breach” had not yet entered our daily vernacular) – we created protocols to help consumers prevent identity theft and assist victims recovering from it.
Read more »
-
W-2 Image Exploits: With the Tax Season Come the Thieves Posted on: January 10, 2019 In: Data Privacy & Cybersecurity
If you process or store Form W-2 Wage and Tax Statements, you are a target. The Form W-2 contains everything a malicious actor needs to file a false tax return with the Internal Revenue Service (IRS) and steal a refund. Because a W-2 contains a consumer Social Security number (SSN), it is highly valued on the dark web, and therefore highly sought after by thieves.
Read more »
-
Tax Return Theft: Tips for Prevention & Response Posted on: January 08, 2019 In: Data Privacy & Cybersecurity
As the Internal Revenue Service warned tax professionals last month, malicious actors are currently attempting to hack into tax preparers’ networks to steal 2019 tax return information. If you are a professional tax preparer, you are a target – regardless of the size of your business. Malicious actors target information including tax returns filed in previous years, Form W-2 Wage and Tax Statement images, and anything than contains unredacted Social Security numbers
Read more »
-
Ransomware: Recommendations for Preparation and Response Posted on: January 03, 2019 In: Data Privacy & Cybersecurity
The response to an encryption attack can be very difficult. Encrypted critical data usually places a business in a crisis with no ability – or an extremely limited ability – to conduct basic operations. Too few organizations have developed incident response plans providing for contingent or out-of-band communications. Often, before consulting any incident response experts, the victim business has communicated with the attacker and revealed information that the attacker is able to leverage in negotiations.
Read more »
-
Michigan Next State to Adopt Insurance Data Security Model Law Posted on: January 03, 2019 In: Data Privacy & Cybersecurity
Michigan is poised to become the next state to adopt a data security law similar to the Insurance Data Security Model Law advocated by the National Association of Insurance Commissioners (NAIC). Michigan House Bill 6491, passed by the Michigan House during Michigan’s 99th Legislative Session on December 6, 2018, and passed by the Michigan Senate on December 19, 2018, was presented to its then-Governor Rick Snyder on December 27, 2018.
Read more »
-
Cybersecurity Resolutions for 2019 Posted on: December 28, 2018 In: Data Privacy & Cybersecurity
A new year is upon us, which means people across the world will resolve to exercise more, eat healthier, eliminate financial debt and, most importantly, enhance their cybersecurity over the coming year. More than the typical New Year’s resolutions, improving your individual and corporate cybersecurity defenses can be easier to achieve and sustain. With that in mind, here are a few cybersecurity resolutions to add to your new year’s list, and a few tips for achieving them in 2019.
Read more »
-
Lack of Code Diversity in Cryptocurrency Ethereum May be Propagating Bad Code Posted on: November 12, 2018 In: Data Privacy & Cybersecurity
Ethereum, one of the most popular cryptocurrencies with a market cap of more than $21.8 billon, is causing serious anxiety in the cryptocurrency marketplace. Code integrity concerns have resulted in $170 million in cryptocurrency being frozen, and one recent security compromise caused $38,000 in losses to users. New research has further heightened concerns about the coin’s ecosystem itself.
Read more »
-
Social Media and the Workplace – Why and How Employers Should Limit the Use of Social Media in the Workplace Posted on: November 09, 2018 In: Data Privacy & Cybersecurity
Social media has revolutionized the way people communicate and stay in contact with one another. But in the workplace, trying to “friend” an employee or sharing a photo with sensitive information in the background can create legal liabilities that employers may not have thought about before.
Read more »
-
New Canadian Data Breach Notification Requirements Take Effect as PIPEDA Amendments Come Into Force Posted on: October 31, 2018 In: Data Privacy & Cybersecurity
On November 1, 2018, the long-awaited amendments to Canada’s main federal data privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), take effect.
Read more »