Showing 22 posts in Cybersecurity.
2021 may be the year that privacy legislation explodes across the US. Already, several states including New York, Virginia, and Washington have introduced some form of privacy legislation (many are re-introducing bills that did not pass in 2020).
Many businesses devoted substantial resources to privacy compliance in 2020, thanks to the California Consumer Privacy Act (CCPA). They will be rewarded for that effort: during the fall election, Californians approved a ballot initiative that will strengthen the CCPA, dedicate billions of state dollars to privacy enforcement, and create a new enforcement agency for personal privacy rights.
The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have published a warning regarding attacks to certain VPN products by a known threat actor based in Iran. The CISA warning is here for reference. Once it has attacked the specified vulnerabilities, the threat actor is able “to gain initial access to targeted networks and then maintained access within the successfully exploited networks for several months using multiple means of persistence,” according to CISA.
News emerged this week that the Irish data authority will order Facebook to stop use in the US of data and information about Irish residents. This development is part of a long-running saga between the EU and the US about what constitutes “adequate” protection of personal data about European individuals. If your company has employees, customers, or suppliers in Europe and relies on contracts, government certification, or other formal mechanisms to allow you to use data about those individuals on systems located in the US, the Facebook news and related issues may be relevant.
The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning regarding a new “voice phishing” scam arising from the massive shift to teleworking during the pandemic. Under the new scheme, threat actors posing as the company IT department call workers and request usernames and passwords for the company’s systems in order to log into a new VPN link. The “bad guys” then have access to the company’s existing VPN and log in as if they are legitimate employees.
The temperature is rising in the data breach arena. Clearview AI, which produces facial recognition technology widely used by law enforcement, suffered a massive data breach last month.
The California Attorney General, complying with the terms of the California Consumer Privacy Act (“CCPA”), has released a new draft version of implementing regulations for that Act.
Every crisis is an opportunity for bad guys, it seems. The FTC issued a warning yesterday that can be found here.
It is a good idea to remind employees that they may see an upsurge in scam activity due to current events and remind them about personal and professional vigilance.
If are considering remote working arrangements for all or part of your employee pool due to Covid-19, now is the time to make sure your remote systems are secure. Adding remote capabilities requires extending your network’s connectivity, potentially adding multiple new devices to your network, and considering workflow and security measures when workers are not under your roof. All of these measures add vulnerability to any system. In order to protect your own company data as well as private information of individuals, it is helpful to have a plan in place earlier rather than later.
The spread of corona virus is making headlines for economic, health, and political reasons. Business-focused news also makes note of the impact of corona on international corporate travel planning. One other aspect of corona is worth noting for companies with international operations, however: data privacy. Many companies abroad are asking employees to declare whether they have been tested for corona, and/or what the test results show.