A new trend in privacy law appears to be on the horizon. Earlier this year, Utah joined Ohio on the forefront of jurisdictions that provide data breach safe harbors to entities where certain conditions are met. What can your business learn from this new trend – and will it be coming to your state anytime soon?
Read MoreLong before I became the president of a cybersecurity company, I could see the writing on the wall: Cybersecurity was becoming a serious threat for businesses large and small. But although I come from a technology background, my experience was in distribution and management, so like most people, I assumed cybersecurity was an issue being taken care of by the folks in the IT department. I’m here to say I was wrong.
Read MoreWhile the pandemic shifted numerous industries and the workforce associated with them, working from home will be a trend that remains for the foreseeable future. As more companies work with employees to set up a home office, the question for businesses is how does the company keep a high level of cybersecurity for employees while working from home? Until now, most company associates would report to the office to work within their designated offices. The cybersecurity protocols installed at the office would handle all security aspects for the employees.
Read MoreAfter more than a year of working from home, research shows not much has changed when it comes to addressing the remote work cybersecurity challenge. According to the COVID-19 Cybersecurity in the Remote Workforce study, which surveyed more than 5,800 consumers in February 2021, data shows that employees working from home are still placing corporate data at risk, and companies are not taking many new steps to change that.
Even while there has been a 350% increase in ransomware attacks in the last year, security gaps for remote workers continue to be considerable, and support from IT for remote workers hasn’t improved. Consider these key findings:
Read MoreOn April 14, 2021, the New York Department of Financial Services (DFS) announced it settled an enforcement action against National Securities Corporation (“National Securities”) related to claims under the Cybersecurity Regulation, 23 NYCRR Part 500. The Consent Order imposes a $3 million penalty, various remediation measures and represents a flurry of cybersecurity activity by the regulator in the first quarter of 2021.
Read Morehe North American Securities Administrators Association (NASAA) is the oldest international organization devoted to investor protection. NASAA members include 67 state, provincial, and territorial securities administrators in the 50 states, the District of Columbia, Puerto Rico, the U.S. Virgin Islands, Canada, and Mexico.
Approved Model Rule For Cybesecurity and Technology
Read MoreOnly four months in and 2021 has already been a big year for state cybersecurity safe harbor legislation. Two states, Utah and Connecticut (and Ohio in 2020), have recently enacted or introduced a breach litigation safe harbor to incentivize businesses to protect personal information by adopting industry-recognized cybersecurity frameworks such as the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework and the Center for Internet Security’s (CIS) Critical Security Controls.
Read MoreAlso requires that a covered entity’s written cybersecurity program “reasonably conform to an industry-recognized cybersecurity framework.” It lists “the framework for improving critical infrastructure developed by [the National Institute of Standards and Technology]” (NIST) and the “Center for Internet Security Critical Controls for Effective Cyber Defense” (CIS), among others, as industry-recognized.
Read MoreFor the second time, DFS has fined a regulated entity for failure to comply with the Cybersecurity Regulation.
Read MoreConnecticut might soon follow Ohio and Utah by enacting a law that offers liability protection against ransomware and other cyberattacks, but only if victims follow security best practices.
Read More