A Brief Overview of Data Breach Notification Requirements

A Brief Overview of Data Breach Notification Requirements

In an October 2016 data breach, the email addresses, phone numbers, and names of 57 million customers and personal information of approximately 7 million drivers was stolen from Uber. Although the company immediately worked to secure the data and prevent further unauthorized access, the data breach went unreported to authorities and victims for more than a year, with the company finally coming forward toward the end of 2017. Uber has openly stated that it mishandled the situation, but the attack and response raises the question: How long do companies have to notify regulating bodies and those affected when a data breach occurs?

Read More

How Will the GDPR Affect Your Business?

How Will the GDPR Affect Your Business?

With the May 25, 2018, enforcement deadline approaching, many businesses are wondering how the General Data Protection Regulation (GDPR) will affect them. Briefly, the GDPR is a joint effort from the Council of the European Union (EU), the European Commission, and the European Parliament to better protect citizens’ personal data, give them greater control over how companies handle and use their personal data, and make it easier for companies to comply with this single personal data oversight regulation.

Read More

How to Identify and Defend Against a Cryptocurrency Heist

How to Identify and Defend Against a Cryptocurrency Heist

Misinformation relating to cryptocurrency, such as Bitcoin, continues to increase public exposure and vulnerability to cyber crime. Some people have developed an overconfidence in the technology behind cryptocurrency (blockchain), while others have a misunderstanding of how it works entirely. However, the majority of those who trade digital currency have one common characteristic: They don’t fully recognize or mitigate against the risks and threats associated with cryptocurrency holdings.

Read More

Are You Liable for a Vendor Data Breach?

Are You Liable for a Vendor Data Breach?

According to the 2017 Ponemon Cost of Data Breach Study, the average global cost of a data breach is $3.62 million, and the average cost for each record lost or stolen with sensitive data is $141. The study also found that the size and number of breaches is increasing. And, not surprisingly, many of these incidents, approximately 63%, are the result of third-party vendor breaches. So where does responsibility lie for a vendor-caused data breach that affects your business?

Read More

What Exactly is a Bitcoin Heist? Real Life Examples

What Exactly is a Bitcoin Heist? Real Life Examples

With the growth of bitcoin popularity comes the danger of hacker attention. Industry insiders estimate that cryptocurrency attacks have cost governments and businesses nearly $11.3 billion in the past decade. As more people invest in bitcoins—some less savvy about security than others—there are new avenues for bitcoin attacks.

Read More

What Is GDPR? And is Compliance Required?

What Is GDPR? And is Compliance Required?

On May 25th, 2018, the General Data Protection Regulation (GDPR) becomes enforceable for any company that handles the personal data of individuals in the European Union (EU). This regulation, developed as a joint effort by the Council of the EU, the European Commission, and the European Parliament, was adopted in April 2016; however, compliance will be enforced beginning this spring. What does this mean for your company’s data handling processes?

Read More

What Your Event Log Manager Isn't Telling You

What Your Event Log Manager Isn't Telling You

Somewhere along the way, it became a best practice for administrators to set up event logs to capture as much data as possible. This big net method provides a sense that nothing will slip through the cracks if all incidents are captured. However, the vast quantities of data generated by this approach make it more difficult—not easier—to spot threats and remain compliant.

Read More

5 Data Security Plan Requirements for Every Business Owner

5 Data Security Plan Requirements for Every Business Owner

Whether an organization hasn’t developed a data security plan out of a false sense of security or a lack of expertise, the results will be the same. A security breach will be debilitating. Every business owner, regardless of company size, should develop and implement a concrete data security plan.

Read More

Selling a Social Engineering Attack

Selling a Social Engineering Attack

Social engineering techniques are not only becoming more common but also more sophisticated. Attackers seem to be taking notes from Marketing 101, ensuring that their lures strike a chord with their victims with emails that include customized messages with very official looking logos and layouts, fraudulent phone calls that cite actual employee names and titles, and even well-rehearsed seemingly innocuous facility access attempts.

Read More

5 Big Data Breach Myths the Hackers Don't Want Exposed

5 Big Data Breach Myths the Hackers Don't Want Exposed

We all have sneaking suspicions about security, but as with all assumptions, some of these beliefs are actually myths. And they’re myths that hackers hope stay around as long as Nessie and Yetis. Separating reality from fairytale can help you keep your organization secure.

Read More

Safe Browsing 101: What Is a Cross-Site Scripting Attack?

Safe Browsing 101: What Is a Cross-Site Scripting Attack?

Many users naively believe they can browse the Internet, and as long as they don’t click on anything, they are safe. Unfortunately, that is not the case. Cross-site scripting (XSS) attacks are one of many malicious threats looming in the web world—in fact, XSS vulnerabilities are rampant out there. Read and learn how to browse as safely as possible.

Read More

Learning from Equifax: 5 Ways to Guard Against Corporate Identity Theft

Learning from Equifax: 5 Ways to Guard Against Corporate Identity Theft

The recent Equifax credit bureau data breach has brought corporate identity (ID) theft to the forefront of our collective conscience; however, it's not just individuals at risk. Organizations, large and small, are tasked with storing an extensive amount of sensitive information in personnel files, human resources (HR) documents, and corporate collateral, putting them at risk for identify theft as well. Read these five tips on how to guard against corporate identity theft.

Read More

How to Improve PHI Compliance Without Alienating Patients

How to Improve PHI Compliance Without Alienating Patients

Securing electronic personal health information (ePHI) to maintain Health Insurance Portability and Accountability Act (HIPAA) and other regulatory compliance can be a challenging task. Doing so while ensuring patients feel welcome and confident in your organization’s data security practices is even more challenging.

Read More

Components of Cyber Resilience Part 3: Thinking Beyond Risk Management

Components of Cyber Resilience Part 3: Thinking Beyond Risk Management

In our two previous posts on cyber resilience (CR)—how you manage operational risk and protect your assets—we explored how a holistic approach is best practice for a security-minded organization. Continuing to build on that knowledge foundation, this third part in the series explores risk management, external dependencies management, training and situational awareness.

Read More