Data Privacy & Cybersecurity Blog Posts From January 2019
Blog: Cybersecurity: Who Can Certify Compliance to the NYDFS
Date: January 30, 2019
Title: Cybersecurity: Who Can Certify Compliance to the NYDFS
Summary: The New York State Department of Financial Services (NYDFS) Cyber Security Regulation for Financial Services Companies 23 NYCRR 500, enacted in March 2017 (the “Regulation”), sets out the required framework for regulated entities’ information security programs. The NYDFS Cybersecurity Regulation applies to “Covered Entities,” which are organizations required to operate under NYDFS......
Blog: Massachusetts Amends Data Breach Law Notice Requirements, Mandates Credit Monitoring Services
Date: January 24, 2019
Title: Massachusetts Amends Data Breach Law Notice Requirements, Mandates Credit Monitoring Services
Summary: Massachusetts recently updated its breach notification statute, requiring an organization to provide additional services for individuals and greater disclosures to state regulators when a data breach occurs. The changes go into effect on April 10, 2019 ...
Blog: Modlishka – Exploiting Two-Factor Authentication
Date: January 22, 2019
Title: Modlishka – Exploiting Two-Factor Authentication
Summary: Two-factor authentication (2FA) is a commonly used means of securing access to website accounts through easily understood login procedures. Once the user provides the required information, whether a password or site generated code, a session cookie is generated and a secure session is established between the user and the site. But what if an unauthorized person eavesdrops and collects the 2FA information or session cookie?...
Blog: Identity Theft: The Crime of the New Millennium - Tips for Prevention and Recovery
Date: January 17, 2019
Title: Identity Theft: The Crime of the New Millennium - Tips for Prevention and Recovery
Summary: Twenty years ago, as I was working with the FBI and the Secret Service in prosecuting large identity theft rings – often associated with data breaches (although the term “data breach” had not yet entered our daily vernacular) – we created protocols to help consumers prevent identity theft and assist victims recovering from it....
Blog: W-2 Image Exploits: With the Tax Season Come the Thieves
Date: January 10, 2019
Title: W-2 Image Exploits: With the Tax Season Come the Thieves
Summary: If you process or store Form W-2 Wage and Tax Statements, you are a target. The Form W-2 contains everything a malicious actor needs to file a false tax return with the Internal Revenue Service (IRS) and steal a refund. Because a W-2 contains a consumer Social Security number (SSN), it is highly valued on the dark web, and therefore highly sought after by thieves....
Blog: Tax Return Theft: Tips for Prevention & Response
Date: January 08, 2019
Title: Tax Return Theft: Tips for Prevention & Response
Summary: As the Internal Revenue Service warned tax professionals last month, malicious actors are currently attempting to hack into tax preparers’ networks to steal 2019 tax return information. If you are a professional tax preparer, you are a target – regardless of the size of your business. Malicious actors target information including tax returns filed in previous years, Form W-2 Wage and Tax Statement images, and anything than contains unredacted Social Security numbers...
Blog: Ransomware: Recommendations for Preparation and Response
Date: January 03, 2019
Title: Ransomware: Recommendations for Preparation and Response
Summary: The response to an encryption attack can be very difficult. Encrypted critical data usually places a business in a crisis with no ability – or an extremely limited ability – to conduct basic operations. Too few organizations have developed incident response plans providing for contingent or out-of-band communications. Often, before consulting any incident response experts, the victim business has communicated with the attacker and revealed information that the attacker is able to leverage in negotiations....
Blog: Michigan Next State to Adopt Insurance Data Security Model Law
Date: January 03, 2019
Title: Michigan Next State to Adopt Insurance Data Security Model Law
Summary: Michigan is poised to become the next state to adopt a data security law similar to the Insurance Data Security Model Law advocated by the National Association of Insurance Commissioners (NAIC). Michigan House Bill 6491, passed by the Michigan House during Michigan’s 99th Legislative Session on December 6, 2018, and passed by the Michigan Senate on December 19, 2018, was presented to its then-Governor Rick Snyder on December 27, 2018. ...