Author Archives: Meghan A. Collins

Central Intelligence Agency

Re-Thinking the U.S. Government’s Approach to Cybersecurity

Are the “cybersecurity” tools used by the CIA and NSA causing harm to U.S. businesses and citizens? An analysis of the WikiLeaks materials, and recent hacker activity, suggests the answer may be yes. This month, it was revealed that at least 40 cyber attacks on organizations in 16 countries were conducted with top-secret hacking tools, according to security researcher Symantic Corporation. While not formally blaming the CIA, Symmantic said it connected these attacks to the CIA hacking tools obtained by WikiLeaks, and that the targets…

Continue Reading....
Vector of highly detailed map of New Mexico state of the United States of America grunge style - easy edit to take off grunge effect or to edit colors

April Brings Showers … and Changes to State Data Breach Notification Laws

Over the past few weeks there have been noteworthy changes to data breach notification acts within several states. Of importance, New Mexico enacted its first notification law while Tennessee and Virginia amended existing legislation. New Mexico On April 6, 2017 New Mexico enacted HB 15, the Data Breach Notification Act, making it the 48th state to pass a notification law. The Act goes into effect on June 16, 2017, leaving Alabama and South Dakota as the only states without notification requirements. The Act, drawing…

Continue Reading....
463151329

IRS Student Loan Application Program Breach Affecting up to 100,000 Taxpayers

On April 6, 2017, IRS Commissioner John Koskinen testified during a Senate Finance Committee meeting that the personal data of up to 100,000 taxpayers may have been compromised by hackers accessing both students’ and parents’ tax information through the Data Retrieval Tool (DRT), a free application for federal student aid data retrieval connected with the Free Application for Federal Student Aid (FAFSA). Obtaining such information allowed these hackers to file fraudulent tax returns and steal refunds. The last breach of this magnitude occurred in 2015,…

Continue Reading....
iStock_000010623991_Medium

Lessons in Cyber-Hygiene: Securing Employee Passwords

The human element remains a significant threat vector for institutions of all sizes, and management is well advised to take proactive steps to educate and implement effective “cyber-hygiene” policies for all employees to minimize the risks associated the range of social engineering tactics, from phishing to inadvertent disclosures, as well as curb the opportunities for plain old mistakes. The area of password protection is among the most obvious areas for improvement in the world of cyber-hygiene. In a recent survey of 750 IT administrators and…

Continue Reading....
iStock_000074739907_Medium

Lessons From a Presidential Campaign Data Breach

It was perhaps the first major allegation of a cyber breach in a presidential campaign when the Democratic National Committee (DNC) claimed that staff members from the campaign of Bernie Sanders accessed unauthorized information from a voter database maintained by DNC. The DNC leases this database to various campaigns and the campaigns supplement it with their own information. However, campaigns are blocked via firewalls from viewing information supplied by rival campaigns. In this case, members of the Sanders campaign are alleged to have accessed information…

Continue Reading....
iStock_000050437260_XXXLarge

The Danger from Within: Banks Work to Combat Hackers Internally

While many companies work diligently to guard against external cyber threats, a number of banks are taking steps to protect themselves from another dangerous, yet equally damaging source — their own employees. According to the Association of Corporate Counsel, at least 30 percent of data breaches during 2015 were caused by seemingly harmless employee errors. To the unknowing employee, a simple click of the mouse could expose information or clues to those looking for an opportunity to breach even the most high-tech security systems.…

Continue Reading....
iStock_000038012250_Large

End of EU Data Privacy Safe Harbor Blockade in Sight?

Negotiators from the European Union and the United States are in the process of negotiating a new agreement that would effectively remove the blockade to the EU Data Privacy Safe Harbor for U.S. companies. We previously wrote about a decision by the European Court of Justice (ECJ) which opened U.S. companies up to potential fines for not protecting their data from U.S. government surveillance programs. Given the potential impact against companies like Facebook and other companies that utilize personal information, EU and U.S. leaders are…

Continue Reading....