Data Privacy Best Practices on Data Privacy Day

Data Privacy Day is the perfect time to make sure that you – and your company’s employees – are practices data privacy best practices.  We’ve put together a list if best practices to keep your data secure:
  • Develop a data protection plan, including privacy policies, terms of use for online devices, data breach plans, and an assessment of your company’s current cybersecurity practices and weaknesses. 
  • Keep software up to date.  This might seem obvious, but it’s a surprisingly common pratfall.  This includes not

Continue reading...

National Counterintelligence and Security Center Launches Effort to Protect Industry Against State Actors

On January 7, 2019, the National Counterintelligence and Security Center (NCSC), which coordinates counter-intelligence efforts within the U.S. government, announced that it would begin disseminating its “Know the Risk, Raise Your Shield” materials in an effort to assist the private sector in guarding against threats from foreign intelligence entities and other adversaries.  This campaign appears to have been prompted by the Trump administration’s efforts to drive U.S. companies to better protect their trade secrets from foreign hackers.  This comes on the heels of recent cyber-attacks…
Continue reading...

Department of Health and Human Services Releases Cybersecurity Guide for Healthcare Providers

Over a year of collaboration between the Department of Health and Human Services (HHS) and industry partners has culminated in the publication of a cybersecurity guide for medical providers of all sizes. HHS describes it as “a set of voluntary, consensus-based principles and practices to improve cybersecurity in the health sector,” that looks to “raise the cybersecurity floor” across the country. Although the guide emphasizes its wide applicability, much of the discussion appears directed at small and mid-sized providers. For example, HHS highlights a recent…
Continue reading...

2018 Year in Review: Major Brands Falling Under Attack

After tallying them all up, 2018’s cyber attacks might not have come across as anything new to most individuals. However, while the number of people affected by data breaches in 2018 did not necessarily hit new records, the volume of attacks and as well as the number of individuals affected still signifies that this is a problem that won’t be going away any time soon. In 2018, billions of individuals were affected by data breaches. Cyber attacks increased by 32 percent over the prior year…
Continue reading...

TSA Releases Cybersecurity Roadmap to Guard Against Evolving Cyber Threats

The Transportation Security Agency (TSA) has released its first Cybersecurity Roadmap to prioritize cybersecurity measures within the TSA and the nation’s transportation system, the Transportation Systems Sector (TSS). The TSA’ Cybersecurity Roadmap closely aligns with the more general DHS Cybersecurity Strategy published earlier this year. The roadmap notes that TSA’s mission responsibilities include: (1) securing its own networks, and (2) working with its partners and TSS stakeholders, in coordination with the Department of Homeland Security (DHS), to secure its cyberspace. In order to ensure cybersecurity…
Continue reading...

Congress Concludes Additional Federal Oversight Needed after Equifax Data Breach

“Equifax…failed to implement an adequate security program to protect this sensitive data…Such a breach was entirely preventable.” So concludes the December 2018 report on “The Equifax Data Breach” by the U.S. House of Representatives Committee on Oversight and Government Reform. The cause, according to the report, was Equifax’s “acquisition strategy [to benefit] bottom line and stock price,” which “growth brought increasing complexity to Equifax’s IT systems, and expanded data security risks.” Risks, it seems, Equifax did not manage. In 2017, the Department of Homeland Security…
Continue reading...

Colorado Data Privacy Act a Landmark in Dealing with Protection of Personally Identifiable Information

Colorado’s Protections for Consumers Data Privacy Act, unanimously approved by the state legislature on May 29, imposes heightened data protection and breach notification requirements on businesses of all sizes and government entities. It affects all entities that receive, collect, create or save personally identifiable information (PII) from Colorado residents, customers, employees or even prospective employees.  The law comes in the wake of the Equifax data breach in 2017, and Colorado being rated the second riskiest state for identity theft in a 2017 study, only…
Continue reading...

In Pennsylvania, Employers (and Others) may be Liable for Failing to Protect Personal Information that They Collect

On November 21, 2018 Pennsylvania’s highest court ruled that employers in Pennsylvania have an affirmative legal duty to protect workers’ sensitive data from possible hacking.  This ruling has profound implications for employers, which may now be subject to liability for failing to take reasonable precautions to protect their employees from cyber attacks. In a proposed class action, employees of the University of Pittsburgh Medical Center sought damages after a data breach exposed the personal information – including names, dates of birth, addresses, Social Security numbers,…
Continue reading...

Russian Company Whose Employee Was Charged With Election Meddling Sues Facebook to Have Account Restored

A Russian company known as Federal Agency of News, LLC (FAN), whose accountant was indicted by federal prosecutors for her alleged role in “Project Lakhta” – a Russian interference operation in political and electoral systems targeting populations in, among other places, the United States – has sued Facebook alleging it is a legitimate news outlet whose Facebook account must be restored. On November 20, 2018, FAN and its sole shareholder, Evgeniy Zubarev, commenced suit against Facebook in the United States District Court, Northern District of
Continue reading...

Pennsylvania Federal Court Dismisses Law Firm’s Case Against Bank in Social Engineering Cyber Attack

The unfortunately reality of cyber theft is that it’s much like any other type of theft – even if the criminal is caught, it’s unlikely that the ill-gotten gains will ever be fully recovered. There are simply too many ways to hide their destination or make them disappear. This often means the victim will seek other avenues for recouping losses, including filing a civil action against entities or individuals who allegedly could have helped prevent the theft. In the case of O’Neill, Bragg & Staffin,
Continue reading...