The California Consumer Privacy Act may not be the “American GDPR,” but it’s a harbinger of data privacy laws to come. As California goes, so does the rest of the country. While the California Consumer Privacy Act (CCPA), which was passed this summer and goes into effect in 2020, falls short of being an “American… Read More

SEC cyber enforcement action charges Iowa broker-dealer with “deficient cybersecurity procedures” Des Moines-based Voya Financial Advisors (VFA) has agreed to pay the U.S. Securities and Exchange Commission a $1 million penalty in the wake of an April 2016 breach that affected several thousand VFA customers. The SEC cyber enforcement action charged VFA with not having… Read More

NIST 800-171 Compliance Explained If your company is part of the federal supply chain, you likely need to comply with NIST 800-171. NIST 800-171 compliance applies to contractors for the DoD, GSA, NASA, and other federal and state agencies; universities and research institutions that accept federal grants; consulting firms with federal contracts; manufacturers who supply… Read More

Not only is PCI DSS compliance mandatory, it’s also the starting point for solid payment system cyber security PCI DSS compliance is mandatory for any organization that accepts or processes payment cards, yet shockingly, a recent study by SecurityScorecard found that over 90% of U.S. retailers fail to meet four or more PCI DSS requirements.… Read More

The biggest social media cyber security risks businesses face and how to avoid them Businesses tend to gloss over social media cyber security, thinking that it’s more of an issue in their employees’ personal lives than a threat to workplace cyber security. However, one in eight enterprises have suffered a security breach that was traced… Read More

How to Protect Yourself on Public WiFi Networks Once a luxury item, free public WiFi has morphed into a standard service that consumers expect when patronizing everything from restaurants and retail stores to airports and hotels. Free WiFi users aren’t just checking Facebook or posting vacation photos to Instagram, either; all of us have sat… Read More

Passwords are no longer enough; your business needs multi-factor authentication  Organizations can no longer depend on passwords alone to protect their systems and data, especially since 25% of employees admit to using the same password for all of their accounts, at home and at work, and stolen account credentials are hackers’ preferred way to break… Read More

Business email compromise scams have been reported in all 50 states and in 150 countries Global losses from business email compromise scams, a highly sophisticated form of phishing, grew by 136% between December 2016 and May 2018 and now exceed $12 billion, according to a public service announcement released by the FBI. What Is a… Read More

Size of Exactis Data Leak Could Surpass Equifax Last week’s data leak at Exactis, a Florida-based marketing and data aggregation firm, has cyber security experts and data privacy advocates up in arms. WIRED reports: Earlier this month, security researcher Vinny Troia discovered that Exactis, a data broker based in Palm Coast, Florida, had exposed a… Read More

Industrial Cyber Security is Just as Important as Securing Information Systems Massive data breaches are what grab headlines, but industrial cyber security attacks can be devastating in the real world. Tesla has just learned this lesson the hard way. CEO Elon Musk has accused a malicious company insider of altering product code, stealing data and… Read More

Air gapping is no longer a viable solution for ICS security. There has never been a power outage in the U.S. due to a cyber attack, but it happened in Ukraine over the Christmas holidays in 2015, and there have been attempts to breach U.S. power companies and hack the power grid. In March, the… Read More

Before you send out that next email marketing blast, make sure you’re compliant with the EU GDPR Email marketing is big business. MarTech Advisor reports that it is the best-performing channel for a company’s ROI, and 61% of consumers prefer to receive offers via email, as opposed to only 5% who prefer social media offers.… Read More

WHOIS service in jeopardy as EU authorities reject ICANN’s interim solution to GDPR compliance for vital “internet phonebook” The deadline for compliance with the EU’s General Data Protection Regulation (GDPR) is fast approaching, and an astounding number of organizations are woefully unprepared to meet it. A new survey of IT decision-makers by Crowd Research Partners… Read More

Hardware & Software Supply Chain Cyber Attacks Pose Significant Threats Due to globalization and outsourcing, enterprise supply chains are more intricate than ever. Most products are no longer manufactured by a single entity. Materials, components, and even final products pass through multiple hands before ending up in the hands of end users. Additionally, most companies… Read More

New CSA Report Reveals the Top 12 Cloud Security Threats in 2018 Cloud computing has opened up a world of opportunities for businesses, but it has also resulted in new cyber security threats. Some of these mirror the threats organizations have been combating on premises for years, while others are unique to the cloud. What… Read More

Two new reports illustrate the threat of employee carelessness and maliciousness to healthcare data security Healthcare data security is under attack from the inside. While insider threats – due to employee error, carelessness, or malicious intent – are a problem in every industry, they are a particular pox on healthcare data security. Two recent reports… Read More

Comprehensive anti-harassment policies are even more important in light of #MeToo movement The #MeToo movement, which was birthed in the wake of sexual abuse allegations against Hollywood mogul Harvey Weinstein, has shined a spotlight on the epidemic of sexual harassment and discrimination in the U.S. According to a nationwide survey by Stop Street Harassment, a… Read More

Hackers installed cryptojacking malware by compromising a popular browser extension Thousands of websites, including government sites in the United States, the U.K., and Australia, were ensnared in an international cryptojacking scheme, The Register reports: The affected sites all use a fairly popular plugin called Browsealoud, made by Brit biz Texthelp, which reads out webpages for… Read More

Stronger GSA Federal Contractor Cyber Security Rules Are Coming The General Services Administration (GSA) is planning to tighten up federal contractor cyber security requirements regarding sensitive non-classified data, according to a Federal Register Notice dated January 12. The rules would cover internal contractor systems, external contractor systems, cloud systems, and mobile systems. Technically, the proposed… Read More

Complying with SEC, NFA FINRA Cyber Security Standards  Both the SEC, NFA and FINRA have indicated that they will put heavy emphasis on cyber security enforcement throughout 2018. While FINRA is explicit – among other things, it publishes a cyber security checklist and a detailed report on best practices – the SEC’s guidance is far… Read More

Gartner Is Shifting Its Focus Toward IRM, and You Should, Too Over the summer, Gartner announced that it was moving its focus away from GRC and launching a new Magic Quadrant for integrated risk management, or IRM: IRM enables simplification, automation and integration of strategic, operational and IT risk management processes and data. IRM goes… Read More