Global Privacy & Security Blog

News and Developments in Data Privacy and Cybersecurity

Blog Authors

Dustin Berger

Latest from Global Privacy & Security Blog

Global Privacy & Security Blog

Working from Home? Here are 12 Steps to Reduce Data Privacy and Security Risk

By Hunter Ferguson, Ronak Chokhani & Jon Washburn

March 19, 2020

Businesses are instituting widespread remote work policies and procedures to facilitate social distancing and “flatten the curve.” Enterprises simultaneously need to be mindful of increased data privacy and security risks. The risks can range from pandemic-related phishing emails to increased pressure on network architecture to well-intentioned employee shortcuts. Hackers will try to take advantage of uncertain and sometimes chaotic circumstances. Below is a checklist of fundamental measures businesses and employees should implement to mitigate the…

Global Privacy & Security Blog

Soon, all ransomware attacks may be data breaches

By Jon Washburn & Romaine Marshall

March 18, 2020

As this recent article illustrates, many ransomware operators are now collecting information from victims before encrypting their data, and then threatening to release what they’ve collected – or actually releasing some of it – to increase the chance they’ll get paid. There have been many cases already where at least a portion of data has been released when the victim doesn’t pay up. If this becomes the norm – and it looks like it will…

Global Privacy & Security Blog

Family Educational Rights and Privacy Act in the Age of COVID-19

By Hunter Ferguson

March 17, 2020

The U.S. Department of Education released some FAQs related to the Family Educational Rights and Privacy Act (FERPA) and corona virus. The Department’s Student Privacy Policy Office prepared the FAQs to assist officials in educational agencies and institutions such as school districts, schools, colleges and universities in managing public health issues related to COVID-19 while protecting the privacy of students. Below is a summary: A parent or eligible student must provide written consent before an…

Global Privacy & Security Blog

Your Security Program Must Think Beyond Malware Protection

By Jon Washburn

March 9, 2020

According to Crowdstrike’s most recent Global Threat Report, in 2019 they observed that malware-free attacks – attacks where malicious files are not written to disk – outpaced malware attacks by 51% to 49%. In Malware-free attacks, the attackers leverage Tactics, Techniques and Procedures (TTPs) that are less likely to be detected by traditional anti-malware solutions. For example, attackers can use stolen administrator credentials to roam virtually unchecked if the victim does not have a…

Global Privacy & Security Blog

Utah Considers a Cybersecurity Safe Harbor as Ransomware Runs Riot

By Romaine Marshall

February 25, 2020

Last year the FTC mandated what an organization’s written cybersecurity program should include to avoid being deemed “unfair and deceptive” to consumers,[1] and this year California consumers whose personal information is compromised may file lawsuits against organizations that failed to implement “reasonable security.”[2] But several states provide legal safe harbors to organizations with written cybersecurity programs. Now, Utah is considering joining them. Under House Bill 158, referred to as the Cybersecurity Affirmative Defense…

Global Privacy & Security Blog

NIST Releases a Standard for Privacy

By Romaine Marshall

February 7, 2020

As states fill the legal void for consumer privacy rights,[1] a new federal standard has emerged to assist companies with their compliance efforts. The National Institute of Standards and Technology (“NIST”) Privacy Framework (“PF”) was released last month to help organizations manage the risks associated with their data processing activities. What the PF Does The PF purports to improve risk management through mitigation, transfer, avoidance, and acceptance principles. It is designed for all types…

Global Privacy & Security Blog

CCPA Is Here – Is Your Security “Reasonable”?

By Romaine Marshall

January 7, 2020

Under the California Consumer Privacy Act, any California consumer whose personal information is compromised “as a result of the business’ violation of the duty to implement and maintain reasonable security procedures and practices … may institute a civil action.”[1] Consumers can initiate this private right of action right now, whereas other consumer rights can only be enforced by the Attorney General beginning in July.[2] Why This Matters Most civil actions filed against companies…

Global Privacy & Security Blog

CCPA is Here – Are Your Agreements Ready?

By Romaine Marshall

December 27, 2019

On January 1, 2020, if your company sells goods or services to California consumers and meets certain criteria,[1] the agreements you have with companies that handle personal information on your behalf should be analyzed and, if necessary, updated just as your privacy notices should be updated.[2] Examples of companies that handle personal information on a company’s behalf include marketing companies, managed security service providers (MSSP), and software-as-a-service (SaaS) providers such as…

Global Privacy & Security Blog

CCPA is Here – Is Your Privacy Notice Ready?

By Romaine Marshall

December 11, 2019

Last year towards the end of May, a barrage of emails and pop-ups informed online users about how companies use cookies – small bits of software that track website activity – in accordance with a requirement under the European Union’s General Data Protection Regulation. On January 1, 2020, many companies will inform consumers about updates to their privacy notices – agreements between companies and their consumers about how personal information is processed – in accordance…

Global Privacy & Security Blog

Trickbot and Emotet Financial Malware Now Attacking the Healthcare Industry

By Jon Washburn

November 25, 2019

In a recent Cybercrime Tactics and Techniques Report focusing on the health care industry, cybersecurity company Malwarebytes discovered a significant 82% spike in Trojan malware attacks on health care organizations in Q3 2019. Emotet and TrickBot, two especially sophisticated and dangerous forms of malware, were mostly responsible for this surge. Used primarily as ’banking Trojans” to steal credentials and financial information, these intrusive, fast-replicating Trojans spread quickly. Emotet is polymorphic, which makes it…

Global Privacy & Security Blog

News and Developments in Data Privacy and Cybersecurity

Blog Authors

Working from Home? Here are 12 Steps to Reduce Data Privacy and Security Risk

Soon, all ransomware attacks may be data breaches

Family Educational Rights and Privacy Act in the Age of COVID-19

Your Security Program Must Think Beyond Malware Protection

Utah Considers a Cybersecurity Safe Harbor as Ransomware Runs Riot

NIST Releases a Standard for Privacy

CCPA Is Here – Is Your Security “Reasonable”?

CCPA is Here – Are Your Agreements Ready?

CCPA is Here – Is Your Privacy Notice Ready?

Trickbot and Emotet Financial Malware Now Attacking the Healthcare Industry

Stay Connected

Company

Support

New to the Network