I came across an article last week that indicated there was a successful attack on Microsoft’s Office 365 and Google’s G Suite environments that was able to bypass multi-factor authentication (MFA). However, after reading the article it was immediately clear the attack leveraged an old protocol, IMAP (Internet Message Access Protocol), which does not support

According to reports by WhoWhatWhy and the Associated Press, five security experts have confirmed a private citizen’s allegation that the Georgia Online Voter Database contains a major security flaw and is vulnerable to hackers. According to one of the experts from the University of Michigan, anyone with access to an individual voter’s personal information could alter that voter’s information in the database. Another commented that the problem is easily detectable, and that it was clear that the system “has never been audited by any computer security professional.”
Continue Reading Election Day: Five Security Experts Conclude that Georgia’s Online Voter Database is Easily Hackable

Federal legislation recently took effect that prohibits consumer reporting agencies from charging a fee to place or remove (lift) a security freeze on a consumer credit report in response to a consumer request. The “Economic Growth, Regulatory Relief, and Consumer Protection Act” (the Act) was passed on May 24, 2018. The Act includes important updates to the Fair Credit Reporting Act (FCRA) that may in turn affect the information that businesses provide to customers or clients in response to a data breach or similar security incident.
Continue Reading Federal Legislation Enables Consumers to Obtain Security Freezes on Credit Reports Free of Charge

According to recent documents made public by the U.S. Patent and Trademark Office (USPTO) IBM has applied for a patent for a system that would use distributed ledger technology to address privacy and security concerns associated with the increasing usage of drones in both commercial and recreational applications. In the application for this patent, IBM’s

December is traditionally a busy month for charitable giving, as many donors are inspired by the holiday season to give generously to those in need, while others look to make year-end gifts that will qualify for a tax deduction in the current tax year.

Unfortunately, because of the increase in charitable giving, there is often an increase in charity scams during the holiday season. Donors should be wary of communications from unfamiliar organizations, including emails, texts, and phone calls, and should not provide personal or financial information without verifying the legitimacy of the request. Scammers often use popular charitable causes to solicit contributions, for example, by claiming that contributions will be used to help veterans, children, or cancer patients. The New York Attorney General recently announced the forced dissolution of one such organization, VietNow National Headquarters, which falsely claimed that contributions would be used to provide services and medical treatment to veterans.
Continue Reading Protect Yourself From Year-End Charitable Giving Scams

Top mutual fund firm The Vanguard Group, Inc. unveiled a plan last week to incorporate blockchain smart contract technology into some of its indexing operations beginning early next year. Vanguard’s initiative will be carried out through a partnership with the Center for Research in Security Prices (CRSP) and technology provider Symbiont and is intended to simplify Vanguard’s index data sharing process. By utilizing a dedicated blockchain network created by Symbiont, Vanguard hopes to make CRSP data available to investment managers on a nearly instantaneous basis.
Continue Reading Early Adopter—Vanguard Announces Plan to Utilize Blockchain Technology

On March 1, 2017, New York’s Cybersecurity Regulation (23 NYCRR Part 500)[1] became effective.  The regulation is the first of its kind in the nation and requires certain companies, including banks, insurance companies and other financial services institutions regulated by the Department of Financial Services (“Covered Entities”), to have:

  • a cybersecurity program designed to protect consumers’ private data;
  • a written policy or policies that are approved by the Board of Directors or a senior officer;
  • a Chief Information Security Officer to help protect data and systems; and
  • in place controls and plans to help ensure the safety and soundness of New York’s financial services industry.[2]

In addition, pursuant to the regulation, Covered Entities must report a cybersecurity event if (a) the event impacts the Covered Entity and notice of it is required to be provided to any government body, self-regulatory agency or any other supervisory body; or (b) the event has a reasonable likelihood of materially harming any material part of the normal operation(s) of the Covered Entity.  Details regarding what makes up such an event are detailed on the New York Department of Financial Services website.[3] 
Continue Reading Compliance With New York’s Cybersecurity Regulation 23 NYCRR Part 500

It’s that time of the year again, budget season. A time when organizations set priorities on how to strategically spend their money in 2018. In the information technology (IT) world this can be a daunting task for any CIO.

According to Gartner, artificial intelligence (AI), machine learning, and tools such as conversational platforms, digital twins and blockchain should be at the top of the list.
Continue Reading A CIO Budget Playbook for 2018

Considering the recent Equifax data breach which put an estimated 145.5 million American’s identity at risk, main stream media outlets are starting to ask an important question; if we can’t stop data breaches, how do we project our identity? According to data from the Identity Theft Resource Center, U.S. companies and government agencies have disclosed 1,022 breaches in 2017 so far. The idea that the social security number is the foundation of our identity is under more scrutiny than ever. Bloomberg reported recently that the Trump administration is considering ways in which it can replace the social security number as a means of federal identification. So, can blockchain technology solve our identity management (IDM) problem?

Continue Reading Is Blockchain the Answer to Identity Management?

The Acting Director of the FTC’s Bureau of Consumer Protection, Thomas B. Pahl, recently commenced a ‘Stick with Security’ series of blog posts that analyze the data security principles championed by the FTC in its Start with Security guidance. The posts are intended to impart lessons the FTC has learned via investigations and enforcement actions, and to highlight good/bad practices implemented by businesses, since the FTC’s issuance of its Start with Security guidance in June 2015.

In its first three posts (available here, here, and here), the FTC emphasized a number of straightforward best practices that can help businesses mitigate potential penalties in the event of a data security incident, including:
Continue Reading FTC Issues ‘Stick with Security’ Guidance Emphasizing Data Security Best Practices