There was unfortunately some bleak news out of the Department of Health & Human Services, (HHS) Office of the Inspector General (OIG) recently. The OIG recently released the results of a performance audit of the HHS’ compliance with the Federal Information Security Modernization Act of 2014 (FISMA). The OIG Report states that FISMA requires that

I came across an article last week that indicated there was a successful attack on Microsoft’s Office 365 and Google’s G Suite environments that was able to bypass multi-factor authentication (MFA). However, after reading the article it was immediately clear the attack leveraged an old protocol, IMAP (Internet Message Access Protocol), which does not support

According to reports by WhoWhatWhy and the Associated Press, five security experts have confirmed a private citizen’s allegation that the Georgia Online Voter Database contains a major security flaw and is vulnerable to hackers. According to one of the experts from the University of Michigan, anyone with access to an individual voter’s personal information could alter that voter’s information in the database. Another commented that the problem is easily detectable, and that it was clear that the system “has never been audited by any computer security professional.”
Continue Reading Election Day: Five Security Experts Conclude that Georgia’s Online Voter Database is Easily Hackable

Federal legislation recently took effect that prohibits consumer reporting agencies from charging a fee to place or remove (lift) a security freeze on a consumer credit report in response to a consumer request. The “Economic Growth, Regulatory Relief, and Consumer Protection Act” (the Act) was passed on May 24, 2018. The Act includes important updates to the Fair Credit Reporting Act (FCRA) that may in turn affect the information that businesses provide to customers or clients in response to a data breach or similar security incident.
Continue Reading Federal Legislation Enables Consumers to Obtain Security Freezes on Credit Reports Free of Charge

According to recent documents made public by the U.S. Patent and Trademark Office (USPTO) IBM has applied for a patent for a system that would use distributed ledger technology to address privacy and security concerns associated with the increasing usage of drones in both commercial and recreational applications. In the application for this patent, IBM’s

December is traditionally a busy month for charitable giving, as many donors are inspired by the holiday season to give generously to those in need, while others look to make year-end gifts that will qualify for a tax deduction in the current tax year.

Unfortunately, because of the increase in charitable giving, there is often an increase in charity scams during the holiday season. Donors should be wary of communications from unfamiliar organizations, including emails, texts, and phone calls, and should not provide personal or financial information without verifying the legitimacy of the request. Scammers often use popular charitable causes to solicit contributions, for example, by claiming that contributions will be used to help veterans, children, or cancer patients. The New York Attorney General recently announced the forced dissolution of one such organization, VietNow National Headquarters, which falsely claimed that contributions would be used to provide services and medical treatment to veterans.
Continue Reading Protect Yourself From Year-End Charitable Giving Scams

Top mutual fund firm The Vanguard Group, Inc. unveiled a plan last week to incorporate blockchain smart contract technology into some of its indexing operations beginning early next year. Vanguard’s initiative will be carried out through a partnership with the Center for Research in Security Prices (CRSP) and technology provider Symbiont and is intended to simplify Vanguard’s index data sharing process. By utilizing a dedicated blockchain network created by Symbiont, Vanguard hopes to make CRSP data available to investment managers on a nearly instantaneous basis.
Continue Reading Early Adopter—Vanguard Announces Plan to Utilize Blockchain Technology

On March 1, 2017, New York’s Cybersecurity Regulation (23 NYCRR Part 500)[1] became effective.  The regulation is the first of its kind in the nation and requires certain companies, including banks, insurance companies and other financial services institutions regulated by the Department of Financial Services (“Covered Entities”), to have:

  • a cybersecurity program designed to protect consumers’ private data;
  • a written policy or policies that are approved by the Board of Directors or a senior officer;
  • a Chief Information Security Officer to help protect data and systems; and
  • in place controls and plans to help ensure the safety and soundness of New York’s financial services industry.[2]

In addition, pursuant to the regulation, Covered Entities must report a cybersecurity event if (a) the event impacts the Covered Entity and notice of it is required to be provided to any government body, self-regulatory agency or any other supervisory body; or (b) the event has a reasonable likelihood of materially harming any material part of the normal operation(s) of the Covered Entity.  Details regarding what makes up such an event are detailed on the New York Department of Financial Services website.[3] 
Continue Reading Compliance With New York’s Cybersecurity Regulation 23 NYCRR Part 500

It’s that time of the year again, budget season. A time when organizations set priorities on how to strategically spend their money in 2018. In the information technology (IT) world this can be a daunting task for any CIO.

According to Gartner, artificial intelligence (AI), machine learning, and tools such as conversational platforms, digital twins and blockchain should be at the top of the list.
Continue Reading A CIO Budget Playbook for 2018