Blog

Practical Advice At Buffalo NYDFS 23 NYCRR 500 Pathways to Compliance Event
Cybersecurity Data security News

Practical Advice At Buffalo NYDFS 23 NYCRR 500 Pathways to Compliance EventFollowing our successful event in Rochester, the second of the NYDFS 23 NYCRR 500 roadshow events at Phillips Lytle LLP in Buffalo, NY on May 17, 2017 brought together executives, insurance, legal, and security professionals in a great forum to discuss challenges for financial services organizations to meet the new cybersecurity regulations that went into effect on March 1, 2017.  A full house heard some practical advice designed to assist entities regulated by the New York Division of Financial Services (NYDFS) comply with the new regulations.

Jennifer Beckage of Phillips Lytle LLP started with her “Survival Guide to Navigating the NYDFS Cybersecurity Regulation”.  Jennifer talked about the challenges covered entities face not only developing their own cybersecurity programs, but how those spill over to their service providers.  Developing, implementing and monitoring vendor management programs will affect contracts, day-to-day operations and the technology used to secure and control information shared.

Data Breaches Cost Executives Money
Cybersecurity Data breach

Data Breaches Cost Executives MoneyThe problem of data breaches has just reached a new high, or maybe low, as executives are losing money because of them.  A case in point is that Yahoo CEO Marissa Mayer will not receive a bonus nor stock award because of the mishandling of security breaches in 2013 and 2014.

The decision came after an internal investigation found that senior executives at Yahoo mishandled the company’s security breaches.  In September of last year, Yahoo disclosed that a massive security breach occurred in 2014. About 500 million Yahoo accounts were compromised. Hackers obtained personal information, but not credit card details. Then in December of last year, Yahoo disclosed that another breach occurred in 2013, but this one was even bigger: Nearly one billion user accounts were hacked, making it the biggest breach in history.

Cyber Security Legislation Will Change the Face of Business
Cybersecurity Data breach Privacy

Cyber Security Legislation Will Change the Face of BusinessAs 2017 gets underway, cyber security legislation will strengthen and force businesses to change the way they approach information security.  At the federal level in the United States, the US Congress and President have proposed numerous updates to existing regulations and new regulations to cover all facets of cybersecurity.  These include the Cyber Preparedness Act of 2016, Cybersecurity Systems and Risk Reporting Act and others.

At the state level, legislation was introduced or considered in at least 28 states in 2016. Fifteen of those states enacted legislation, many addressing issues related to security practices and protection of information, and cyber crimes in general, including dealing with rasomware.

Keep Your High-Value Information Close, and Your Employees Closer
Cybersecurity Data breach Insider threat

Ron Arden article in Corporate Compliance Insights on protecting high-value corporate dataI recently wrote an article for Corporate Compliance Insights that focused on the importance of organizations taking proactive steps to safeguard high-value corporate data from internal and external vulnerabilities. High value information such as trade secrets, product designs, financial data and customer data can change hands often within an organization, including among people who may not need access to this confidential material. It is the sole responsibility of that organization to protect the data from employee error in the greater effort to protect the data from external malicious actors.

As our Ponemon study, “Risky Business: How Company Insiders Put High Value Information at Risk,” taught us, employees, particularly those in the sales department, C-level executives, and finance and human resources, pose the biggest security risk to their companies.  The IT security practitioners at these companies admittedly do not have the resources to prevent data leaking by employees. Not a calming thought for those who trust their information to be safe.

Strengthen Your Security On World Password Day 2016
Data breach Data security Privacy

Strengthen Your Security On World Password Day 2016Today is World Password Day 2016 and it’s a great time to take a look at how you use, manage and protect your work and online identity.  Many of the data breaches you read about in the headlines, like the recent Reuters breach, are the results of exposed or compromised passwords.  While better identity and authentication systems exist using biometrics, OAuth, OpenID and others, most systems still rely on the good old password for access.

If you have to use passwords, you need to make them harder to guess and compromise.  Numerous studies over the past few years by Verizon and others show that about 90 percent of successful data breaches started with a weak or default password.  With a little ingenuity people can guess weak passwords, especially when you use a default password, like “admin” or something simple like “123456”.  The challenge we all have is to make it harder to compromise, but still easy for you to remember.

Financial Crime Goes Big In 2015
Cybersecurity Data breach Insider threat

Financial Crime Goes Big In 2015Whether people claim that 2015 was the year of the data breach or not, it’s clear that we saw major data breaches in financial institutions through external attacks, insider threats or exploiting serious vulnerabilities in systems.  Many incidents were a lack of IT security basics, such as disabling default passwords and accounts or simple implementation errors.

There were a number of incidents in financial institutions in 2015 that showcased how dangerous both external hackers and motivated or careless insiders can be.  As Fahmida Rashid says in her article on Innovative and Damaging Hacks in 2015, people intent on stealing data and money are becoming more sophisticated in their attacks.  Rather than just targeting consumer information, thieves are going after systems or data that are more lucrative.  The Carbanak advanced persistent threat (APT) attack against financial institutions around the world was a good example of targeting banks’ internal systems and operations that may have caused as much as $1 billion in losses.

15 Things That Businesses Should Be Thankful For
Data security

15 Things That Businesses Should Be Thankful ForToday is Thanksgiving Day in the United States and I was thinking about some of the things I’m thankful for when doing business everyday.  Of course I’m thankful for the great people I work with, my family for putting up with me and for all the customers I can help.  But I’m also thankful for all the technology I use.

Sometimes using technology can be a real headache, especially when something doesn’t work and you have a deadline in 5 minutes.  But most of the time, I’m amazed at how well things work.  I remember the old days before using a computer, but I can’t think how we actually got things done.  Does anyone really remember what business was like before the Internet?

We all use technology to work and play and a lot of it has made life easier.  Here are a few people and things I’m thankful for that make business easier.

Stop Unauthorized Use of Confidential Data
Cybersecurity Data breach Insider threat

Former Morgan Stanley Financial Adviser Guilty In Connection with Data Breach

Stop Unauthorized Use of Confidential DataA former employee of Morgan Stanley pleaded guilty to stealing confidential data from about 730,000 customer accounts. He copied names, addresses, account numbers, investment information and other data to his home computer so he could work on it.

While improperly accessing the information, he was interviewing for a new job with two Morgan Stanley competitors.

Fasoo Was Busy In October Showing Data Security Solutions
Cybersecurity Data breach Data security Insider threat

Fasoo Had a Busy Month in October Showing Data Security SolutionsThe month of October was very busy for Fasoo as we were all over the US talking to people about data-centric security and how it is the best solution to protect your sensitive information from insider threats and external hackers (APTs).

We started the month by attending the Rochester Security Summit in Rochester, NY.  This two-day event brought together executives and technical staff from numerous organizations in the Rochester area to share intelligence on how to protect their businesses from cyber attacks.  Fasoo was part of a vendor pavilion with our partner Brite Computers showing attendees how to protect data localized from databases, files downloaded from content management systems and those shared through the cloud and on mobile devices.  Ron Arden, Vice President – North America, presented to a packed room on “Closing the Threat Gap: A 21st Century Approach to Minimizing Risk” as part of the Threat Landscape track at the event.

Breaking the 2015 Data Breach Trends
Data breach

Breaking the 2015 Data Breach Trends

In a recent article regarding the top six data breach trends of 2015, we should expect more breaches in the healthcare industry, legal and regulatory pressure will increase on CEOs and boards, despite headlines involving breaches by hackers and foreign countries disgruntled or negligent employees will be companies’ biggest security threats, hackers increasingly will target data stored in the cloud, credit card breaches will rise over the next few months and the Internet of Things will provide an easy entry point to all your devices and data.

How worried should we be about these trends? Well, let us be honest, this is not so much of a surprise judging by the events of this year. Already we are reaching a record pace for data breaches and what was once only limited to healthcare, retail and finance has strongly made a mark in the government sector as well.