While many organizations seek to monitor their cybersecurity posture with internal testing, such as table top exercises, simulated phishing attacks, and other proactive measures, the question always remains: is it enough to thwart a sophisticated threat actor? This simple question, with its many complexities and concerns, was a daily inquiry for me as a former FBI executive in charge of the data presentation and storage for operations.
Read more »Data Privacy & Cybersecurity
-
All Hail the Red Team! The Value of Penetration Testing for a Cybersecurity Culture Posted on: May 17, 2022 In: Data Privacy & Cybersecurity
-
Can Your Coffee Maker Be Hacked? Cybersecurity Issues and the Growing Internet of Things Posted on: May 09, 2022 In: Data Privacy & Cybersecurity
Internet of Things (IoT) devices have flooded the lives of consumers over the past few years, with the global IoT market valued at $384.7 billion in 2021, according to a March 2022 report from Fortune Business Insights. "Smart" technology has become a standard feature on most consumer products, and with a growing number of devices being connected to the internet, it is increasingly important that the public be sufficiently educated on the risks that accompany IoT devices.
Read more »
-
UPDATE: Strengthening American Cybersecurity Act of 2022 Signed Into Law Posted on: March 28, 2022 In: Data Privacy & Cybersecurity
On March 15, 2022, the Strengthening American Cybersecurity Act, which includes the Cyber Incident Reporting for Critical Infrastructure Act of 2022 was signed into law by President Biden, thereby creating new reporting requirements for critical infrastructure entities. Under the Act, entities considered to be critical infrastructure must notify the Cybersecurity and Infrastructure Security Agency within 72 hours of discovering a covered cyber incident and within 24 hours of a ransomware payment.
Read more »
-
Additional Data Protection Authorities Assess Legality Around Using Google Analytics Posted on: March 22, 2022 In: Data Privacy & Cybersecurity
In response to a 2020 European Court of Justice (ECJ) ruling that the EU-US Privacy Shield data transfer mechanism was not consistent with European data protection laws, the EU and U.S. began working to identify a new arrangement for transferring personal data from the EU to the U.S. However, to date, no substitute data transfer mechanism has been identified.
Read more »
-
Standing Up the Strengthening American Cybersecurity Act of 2022 Posted on: March 16, 2022 In: Data Privacy & Cybersecurity
The U.S. Senate unanimously passed the Strengthening American Cybersecurity Act on March 1, 2022. If signed into law, it would create an affirmative obligation for critical infrastructure entities across 16 federally designated critical infrastructure sectors, including energy and financial services, to report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency.
Read more »
-
FinCEN Alert: Malware/Ransomware Updates & New Perimeter Device Vulnerability Posted on: March 08, 2022 In: Data Privacy & Cybersecurity
There have recently been a number of developments in cybersecurity due to the Russia/Ukraine conflict. The Financial Crimes Enforcement Network (FinCEN) released an alert on March 7 advising all financial institutions to be vigilant against efforts to evade sanctions imposed in connection with the Russian invasion of Ukraine. The primary focus of the alert appears to be eliciting cooperation of financial institutions in identifying hidden Russian and Belarusian assets.
Read more »
-
QR Codes – Consumer Convenience or Fraudulent Contrivance? Posted on: March 07, 2022 In: Data Privacy & Cybersecurity
During the halftime show of this year’s Super Bowl, a floating QR code took a star turn in a prominently placed advertisement from cryptocurrency exchange platform Coinbase. So many people reportedly followed the link from the QR code that the resulting traffic overwhelmed and crashed the Coinbase website landing page. The convenience of the code clearly worked, but while QR codes may be a welcome convenience, they may also be a potential tool for the commission of fraud.
Read more »
-
Russia-Ukraine Conflict: Ransomware Updates & Cybersecurity Consequences Posted on: February 28, 2022 In: Data Privacy & Cybersecurity
With cyberwarfare in the headlines due to the Russia-Ukraine conflict, it is another reminder that we must maintain a sense of urgency about our information security. We need to continuously harden our systems, which includes increasing the speed with which we implement software and operating system updates, deploying heuristic-based endpoint detection and response (EDR) tools, regularly conducting vulnerability scans, enhancing our logging and event management processes, and more.
Read more »
-
Cyber Extortion: Harvesting the Fruits of Business Email Compromises Posted on: February 25, 2022 In: Data Privacy & Cybersecurity
Business email compromises have long been the staple of online criminal activity. As they continue to enhance their ability to monetize unlawful access to email accounts, malicious actors are now accessing and downloading emails and attachments, as well as files stored in OneDrive and SharePoint platforms, and using the sensitive information to extort ransom payments from legitimate email account holders.
Read more »
-
Canada Reforms Its Data Privacy Laws Through Enactment of Quebec Bill 64 Posted on: February 16, 2022 In: Data Privacy & Cybersecurity
In September 2021, Quebec Bill 64, An Act to modernize legislative provisions as regards the protection of personal information, was unanimously adopted by lawmakers in the province. With a three-year phased implementation beginning on September 22, 2022, the new law aims to reform privacy laws in Canada by amending existing privacy laws and adding other requirements concerning public bodies and private enterprises handling personal information focusing on accountability in the use of personal information.
Read more »
-
Austrian DPA Says Google Analytics Use Violates GDPR Posted on: February 08, 2022 In: Data Privacy & Cybersecurity
In recent months, a total of 101 complaints have been filed against data exporters in Europe for allegedly transferring data to the United States in violation of the European Union’s General Data Protection Regulation (GDPR) by way of the use of Google Analytics. The first decision by the Austrian Data Protection Authority (DPA) on January 13, 2022 held that an Austrian company was in violation of GDPR for impermissibly transferring personal data to the US via Google Analytics.
Read more »
-
Recent Amendment to New York State Technology Law Demonstrates Rapid Evolution of Privacy Laws Posted on: December 29, 2021 In: Data Privacy & Cybersecurity
On December 22, 2021, New York Governor Kathy Hochul signed into law New York Senate Bill 7019, amending New York State Technology Law § 209 in an effort to remedy the miscommunications between various state agencies regarding notices of data breaches. The law now requires the Office of Information Technology Services to take certain steps when it discovers a data breach or network security breach. We discuss the background and details of the new law in this post.
Read more »