• November 1, 2018

  Canada’s Breach Notification Regulation Goes into Effect Today

  Back in April, Canada adopted additional regulations related to its cyber security law, the Personal Information Protection and Electronic Documents Act (“PIPEDA”). The new regulations dictate requirements for reporting a data breach and they go into effect November 1, 2018. Specifically, a report to Canada’s Office of the Privacy Commissioner must contain: a description of … Continue reading Canada’s Breach Notification Regulation Goes into Effect Today → READ MORE >

  • 0
  • read more
• October 9, 2018

  Is Your Cybersecurity Program Protecting Against Hardware Threats?

  By Seth Jaffe. Last week, Bloomberg exposed a hardware backdoor surreptitiously placed on circuit boards by operatives from a unit of the China People’s Liberation Army. This tactic is not new. Indeed, the article claimed that U.S. officials had caught China attempting this in the past. Edward Snowden, back in 2014, famously accused the NSA … Continue reading Is Your Cybersecurity Program Protecting Against Hardware Threats? → READ MORE >

  • 0
  • read more
• September 27, 2018

  SMBs face costs of up to $2.5 million after a data breach

  According to a security report released by Cisco yesterday, SMBs can face costs of up to $2.5 million after experiencing a data breach. That might not sound like a lot of money to a large Fortune 500 company but for a mid-market company, it could be devastating. The study also shows that 53 percent of … Continue reading SMBs face costs of up to $2.5 million after a data breach → READ MORE >

  • 0
  • read more
• July 30, 2018

  Business Email Compromise and the Importance of Being Earnest

  By Justin Silbert. Business Email Compromise (BEC), along with all cyber crime, is continuing to thrive.  The FBI is now estimating that the cost of BEC has reached $12 billion since October 2013 and the losses continue to grow.  When talking about financial cyber crimes, BEC is one of the simplest and most effective scams. … Continue reading Business Email Compromise and the Importance of Being Earnest → READ MORE >

  • 1
  • read more
• July 26, 2018

  Insurance Occurrence Assurance?

  You may have seen our friend Brian Krebs’ post regarding the lawsuit filed last month in the Western District of Virginia after $2.4 million was stolen from The National Bank of Blacksburg from two separate breaches over an eight-month period. Though the breaches are concerning, the real story is that the financial institution suing its insurance … Continue reading Insurance Occurrence Assurance? → READ MORE >

  • 0
  • read more
• July 12, 2018

  Cyber Security ROI: It may happen sooner than you think

  By Seth Jaffe. You’ve heard it before. Companies are slow to invest in cyber security because they see few returns.[1]  But that is likely to change, and it may occur sooner than we expected. Let’s first set the context. An executive recently made the comment to me that “cyber security is just another cost of … Continue reading Cyber Security ROI: It may happen sooner than you think → READ MORE >

  • 0
  • read more
• June 7, 2018

  Alabama Requires Entities to Safeguard Sensitive Information

  By Seth Jaffe. Alabama recently became the 50th state to pass a data breach notification law, but in doing so, the state upped the ante by including security obligations generally found in industry-specific cyber security laws. I’ve written about the Eight Principles of Cyber Security Laws in a prior blog post. Alabama adopted seven of … Continue reading Alabama Requires Entities to Safeguard Sensitive Information → READ MORE >

  • 0
  • read more
• June 5, 2018

  The 8 Principles of Cyber Security Laws

  By Seth Jaffe. The United States has yet to promulgate a comprehensive federal cyber security law aimed at improving the cyber hygiene of companies serving its citizens. But a collation of industry-specific laws (both federal and state), proposed bills, guidance documents, and cyber strategies yields a fair indication of where our nation is headed. This … Continue reading The 8 Principles of Cyber Security Laws → READ MORE >

  • 0
  • read more
• May 15, 2018

  Lowering Risk By Putting Response Before Incident

  Justin Silbert As individuals, some people are good at improvisation, that is, dealing with things as they come and creating the best outcome for it. But, organizations in the midst of an incident are notoriously terrible at improvising. There is no better example than Equifax, whose initial response was fraught with missteps. First, it downplayed … Continue reading Lowering Risk By Putting Response Before Incident → READ MORE >

  • 1
  • read more
• May 11, 2018

  When It Comes to Cyber Security, Lack of Vendor Oversight Can Lead to Legal Trouble

  By Seth Jaffe. Third-party cyber security programs got a shot in the arm this week in the form of two legal actions. The first, well summarized by Sue Ross over at Norton Rose Fulbright, is a proposed consent agreement by the Federal Trade Commission against mobile phone manufacturer BLU Products, Inc., alleging that BLU’s failure … Continue reading When It Comes to Cyber Security, Lack of Vendor Oversight Can Lead to Legal Trouble → READ MORE >

  • 1
  • read more