Last week, the Securities and Exchange Commission joined the group of regulators issuing public guidance on cybersecurity matters. The SEC has taken this public position in light of the risk that cyberthreat actors pose to publicly traded companies and, by extension, to national financial markets.
Do you carry cyber insurance for your business? Do you know whether it covers “ransomware” attacks that delete or disable your data unless you pay the hacker to release it?
Ransomware attacks are increasingly common in all industrial sectors, and they frequently hit smaller and medium-sized companies. Such businesses make good targets, because they are less likely to have in place a robust security and incident response plan, and therefore have no alternative way to get their business data back in place.
The Department of Homeland Security has issued a strong warning to U.S. businesses to pay close attention to their cyber security to guard against any attacks from Iran, which has a history of cyberattacks in the U.S.
With the EU’s new privacy rules (GDPR) that took effect earlier this year, the California Consumer Privacy Act that takes effect January 1st, 2020, and the clamor for a federal data privacy law in the United States, it is increasingly clear that privacy will not, in the future, be an optional part of business operations.
For any U.S. business that has spent 2018 gearing up to comply with the EU’s new privacy rules General Data Protection Regulation (GDPR), which took effect in May, your time and effort were well spent. One month after the GDPR took effect, California rushed through a new law, the California Consumer Privacy Act (CCPA) that clearly took inspiration from broad aspects of the GDPR.
If you’ve ever wondered why all the hullabaloo about cyber planning, here is a great example:
Equifax has said that it “owed no duty to safeguard the personal information of millions of consumers and financial institutions” affected by its massive 2017 data breach, and has asked to have the resulting lawsuits dismissed. (Daily Report, 24 July 2018.)
A recent court dispute makes clear that there are many elements to cyber planning and protection for any company to consider. Although some do involve technical bells and whistles, many or most are merely business operation decisions involving non-technical matters. Just like other operational decisions, the success of these planning measures can have a direct impact on your bottom line.
If you have received a deluge of emails regarding updated privacy policies from services you use, you are not alone. They relate to a new set of data privacy rules that went into effect across the European Union on May 25, known as the General Data Protection Regulation (GDPR). The new rules have sweeping implications for businesses around the world. In fact, Facebook and others have already been sued for non-compliance with the GDPR.
The continuing fall-out from the Equifax breach reported last month makes great headline fodder, and is really good for Congressional representatives eager to show themselves hard at work protecting voters.
It’s National Cybersecurity Month. You’d hardly know this momentous occasion was coming: in September of 2017, we kept waking up to headlines about hacks at major outfits such as Equifax, Deloitte, and the SEC.