Data Privacy & Cybersecurity PracticeThe New York State Department of Financial Services (NYDFS) Cyber Security Regulation for Financial Services Companies 23 NYCRR 500, enacted in March 2017 (the “Regulation”), sets out the required framework for regulated entities’ information security programs. The NYDFS Cybersecurity Regulation applies to “Covered Entities,” which are organizations required to operate under NYDFS...
Read more »Data Privacy & Cybersecurity
January 2019
-
Cybersecurity: Who Can Certify Compliance to the NYDFS Posted on: January 30, 2019 In: Data Privacy & Cybersecurity
-
Massachusetts Amends Data Breach Law Notice Requirements, Mandates Credit Monitoring Services Posted on: January 24, 2019 In: Data Privacy & CybersecurityMassachusetts recently updated its breach notification statute, requiring an organization to provide additional services for individuals and greater disclosures to state regulators when a data breach occurs. The changes go into effect on April 10, 2019
Read more »
-
Modlishka – Exploiting Two-Factor Authentication Posted on: January 22, 2019 In: Data Privacy & CybersecurityTwo-factor authentication (2FA) is a commonly used means of securing access to website accounts through easily understood login procedures. Once the user provides the required information, whether a password or site generated code, a session cookie is generated and a secure session is established between the user and the site. But what if an unauthorized person eavesdrops and collects the 2FA information or session cookie?
Read more »
-
Identity Theft: The Crime of the New Millennium - Tips for Prevention and Recovery Posted on: January 17, 2019 In: Data Privacy & CybersecurityTwenty years ago, as I was working with the FBI and the Secret Service in prosecuting large identity theft rings – often associated with data breaches (although the term “data breach” had not yet entered our daily vernacular) – we created protocols to help consumers prevent identity theft and assist victims recovering from it.
Read more »
-
W-2 Image Exploits: With the Tax Season Come the Thieves Posted on: January 10, 2019 In: Data Privacy & CybersecurityIf you process or store Form W-2 Wage and Tax Statements, you are a target. The Form W-2 contains everything a malicious actor needs to file a false tax return with the Internal Revenue Service (IRS) and steal a refund. Because a W-2 contains a consumer Social Security number (SSN), it is highly valued on the dark web, and therefore highly sought after by thieves.
Read more »
-
Tax Return Theft: Tips for Prevention & Response Posted on: January 08, 2019 In: Data Privacy & CybersecurityAs the Internal Revenue Service warned tax professionals last month, malicious actors are currently attempting to hack into tax preparers’ networks to steal 2019 tax return information. If you are a professional tax preparer, you are a target – regardless of the size of your business. Malicious actors target information including tax returns filed in previous years, Form W-2 Wage and Tax Statement images, and anything than contains unredacted Social Security numbers
Read more »
-
Ransomware: Recommendations for Preparation and Response Posted on: January 03, 2019 In: Data Privacy & CybersecurityThe response to an encryption attack can be very difficult. Encrypted critical data usually places a business in a crisis with no ability – or an extremely limited ability – to conduct basic operations. Too few organizations have developed incident response plans providing for contingent or out-of-band communications. Often, before consulting any incident response experts, the victim business has communicated with the attacker and revealed information that the attacker is able to leverage in negotiations.
Read more »
-
Michigan Next State to Adopt Insurance Data Security Model Law Posted on: January 03, 2019 In: Data Privacy & CybersecurityMichigan is poised to become the next state to adopt a data security law similar to the Insurance Data Security Model Law advocated by the National Association of Insurance Commissioners (NAIC). Michigan House Bill 6491, passed by the Michigan House during Michigan’s 99th Legislative Session on December 6, 2018, and passed by the Michigan Senate on December 19, 2018, was presented to its then-Governor Rick Snyder on December 27, 2018.
Read more »
Blog Search
Featured Posts
- December 06, 2022 Just In Time: Last Minute Compliance Tips for the CPRA and VCDPA
Blog Tags
audit
bank secrecy act
biometric data
blockchain
breach notification
california
canada
ccpa
cisa
client notification
colorado
congress
connecticut
consumer data
consumer notification
consumer rights
coronavirus
covid-19
cpa
cppa
cpra
cryptocurrency
cyberattack
cyber insurance
cybersecurity
cyber threat
cyberwarfare
data breach
data privacy
data protection
data security
email
employment
equifax
eu
european union
executive order
fbi
fcra
federal trade commission
financial fraud kill chain
fincen
fraud
ftc
gdpr
hacking
healthcare
hhsocr
hipaa
holiday season
human resources
identity theft
illinois
incident response
information security
irs
legislation
legislative alert
malware
managed service providers
maryland
massachusetts
microsoft exchange servers
microsoft office 365
multi-factor authentication
multi-factor identification
new jersey
new mexico
new york
ninth circuit
nist
nist security controls
ofac
office for civil rights
opt out
personal data
personal information
phishing
privacy law
privacy protection patchwork
protected health information
ransomware
regulations
reporting requirements
russia ukraine conflict
sec
social engineering
social media
statute
strengthening american cybersecurity act
supreme court
tax returns
utah
vcdpa
video-teleconferencing
virginia
w2
washington
websites
zoom