A Strong Case for Mobile Device Management

The San Bernardino County government paid for, but never installed, a feature allowing employer access to any employee mobile devices. If the installation of the new feature was done, the current legal and philosophical battle between Apple and the FBI over how to access shooter Syed Rizwan Farook’s iPhone may have been avoided. What’s more, the county not only had the software, but also a longstanding policy eliminating any expectation of privacy by the employee: “No User Should Have an Expectation of
Continue reading...

The Danger from Within: Banks Work to Combat Hackers Internally

While many companies work diligently to guard against external cyber threats, a number of banks are taking steps to protect themselves from another dangerous, yet equally damaging source — their own employees. According to the Association of Corporate Counsel, at least 30 percent of data breaches during 2015 were caused by seemingly harmless employee errors. To the unknowing employee, a simple click of the mouse could expose information or clues to those looking for an opportunity to breach even the most high-tech security systems.…
Continue reading...

Potential Storms A-Brewin’ for Countries Enjoying the Calm of the EU Cyber Safe Harbor

EU law provides that personal data from the EU can only be transferred to countries that can ensure adequate protection of that data. The European Commission has authority to designate certain countries as “safe harbors” based on the domestic law of that country or that country’s international commitments. The EU Commission granted the United States safe harbor status. However, the European Court of Justice recently held that while the European Commission has authority to make these decisions, they are not binding on individual EU country…
Continue reading...

Out of Security Concerns, Navy Tells Midshipmen to Look to the Stars

The United States Navy is now requiring its midshipmen to learn a skill that seems more relevant in the 19th Century rather than the 21st century: how to navigate by the stars. The training is limited to just a few hours, but will serve a critical function. Computers aboard a ship are susceptible to cyber attacks and Navy personnel need a backup system should the computers fail. On the open ocean, this means looking to the stars. The Navy taught celestial navigation until…
Continue reading...

Data Breach “Sky Is Falling”

Much like Chicken Little, data breach vendors and pundits continue to decry that the data breach sky is falling!  But is it?  A group of researchers set out to answer this very question. “Neither size nor frequency of data breaches has increased over the past decade,” concludes a new statistical analysis by Benjamin Edwards, Steven Hofmeyr and Stephanie Forrest presented during the June 2015 Workshop on the Economics of Information Security in the Netherlands. Instead, the three argue, the increases that have attracted recent media…
Continue reading...

PwC Issues 2015 Cybercrime Survey Results

“It’s been a watershed year for cybercrime,” explains PricewaterhouseCoopers LLC in its 2015 report analyzing data from 500 executives across US businesses, law enforcement and government agencies.  The survey and report, co-sponsored by PwC, CSO, Carnagie Mellon University and the United States Secret Service, provides a comprehensive analysis of trends in cybercrime and cyberthreats, as well as security spending and overall manage of these growing business risks. This year, a record 79 percent of respondents detected a security incident during the past 12 months, with…
Continue reading...

Can A SAFETY Act Designated Product Provide Cyber-Attack Liability Protection?

“So if you use FireEye’s product you basically are prevented from being sued in the criminal justice system of America, which can save a lot of money.” According to CEO Dave DeWalt’s recent comments, it sounds like the U.S. Government stamped FireEye with a seal of approval — a ringing endorsement that’s worth a closer look.  FireEye, Inc. was issued “Certification” under the SAFETY Act for its Multi-Vector Execution (MVX) Engine and Cloud Platform.  It isn’t the only SAFETY Act approved technology; DHS’s website…
Continue reading...

Connecticut Supreme Court Makes Significant Ruling in Data Breach Case

The Connecticut Supreme Court made a very significant ruling yesterday in Recall Total Information Management, Inc. v. Federal Insurance Co., adopting wholesale the Appellate Court’s well-reasoned ruling that an insured’s loss of sensitive records, without more, does not constitute a “publication” of material that violates a person’s right of privacy. Notably, the Appellate Court held that absent proof of an unauthorized third party’s access to the personal identification information, the “publication” element of the Privacy Offense (under the definition of “personal and advertising injury”…
Continue reading...