Don’t “WannaCry”? Take Charge & Raise Cybersecurity Awareness 9:52, June 1, 2017

Our Resources

Category: data security

If even the National Security Administration (N.S.A.) can have its secrets stolen and exploited, what about private companies that have profit (not data security and intelligence) as their prime directive? According to the New York Times, cybercriminals turned stolen N.S.A. hacking tools into malicious software (malware) called “WannaCry.” On May 12, 2017, WannaCry began to […]

read more

We’ve written before about how a company’s data security can be compromised by employees, whether through insider negligence or through unauthorized sharing of files. But an ex-employee who is fired, or who leaves under less than favorable circumstances, can also wreak havoc with your data on the way out the door. One case in May […]

read more

Metrics and narratives are all the rage in compliance. Metrics allow companies to benchmark and measure compliance program effectiveness, business risk, and, increasingly, employee behavior. And adult learning research shows that narratives are an effective way to teach adults new concepts. Fortunately, Verizon has released its popular Data Breach Investigations Report (“Report”), which delivers data […]

read more

Data breaches don’t just happen when some malicious outsider orchestrates a massive hack or absconds with company secrets. They also happen when ordinary workers don’t see the harm of improperly sharing confidential information with one another or of innocent but unsafe practices. Unauthorized data sharing can undermine your best efforts at data security — even […]

read more

We have written a lot about data security risks like password reuse, the value of data security training, employee negligence, and cybersecurity enforcement actions. Every so often, we write about data security legal updates. This post summarizes four posts that discussed data security laws, explains if they are still up to date, and supplies takeaways. […]

read more

The Bad News.  Data breaches are on the rise. The Identity Theft Resource Center (ITRC), which has been tracking data security risks since 2005, released a report in which it counted 430 data breaches between April 2016 and April 2017. This shows a 37% increase from 2015-2016, according to Credit Union Times. This is a scary […]

read more

The US Department of Health and Human Services Office for Civil Rights (OCR) fined a hospital over $3 million for failing to keep patients’ electronic protected health information (ePHI) secure.  To make things worse, the hospital knew that its security was insufficient to protect ePHI, but it didn’t take steps to secure the information until it […]

read more

Five states have introduced new data security laws that either moved forward in the legislative process or failed in 2017. They all require organizations to implement stronger data security efforts when handling personal information, a regulatory boon for a company’s practical efforts to keep ahead of the constantly changing cybersecurity curve. New York New York […]

read more

After some delay, the New York State Department of Financial Services (DFS) released final cybersecurity requirements for financial services companies. This post will describe what has changed between the final version and the previous proposed version, and generally highlight what the regulation will require of New York financial institutions (“companies”). The Big Changes DFS proposed […]

read more

It was a true data security horror story. Hackers, according to a recent appeals court opinion in Pennsylvania, accessed and stole confidential information of 62,000 employees and former employees of the University of Pittsburgh Medical Center (UPMC). The information included names, birth dates, social security numbers, tax information, addresses, salaries, and bank information which employees […]

read more
1 2 3 4

White Paper
Data Security training
for employees

  |   Download White Paper

 

Compliance Course Catalog
  |   Download Catalog