Archives: New + Now

Subscribe to New + Now RSS Feed

Have Questions About CMMC? Don’t We All

I had the pleasure of participating as a panelist this week for companies primarily involved in the maritime industry, and one of the topics discussed was the Department of Defense’s (DOD) Cybersecurity Maturity Model Certification Program (CMMC). The discussion generated questions that I thought merited sharing. Simply put, the DOD’s CMMC Program was designed to … Continue Reading

Financial Services Information Sharing Group Warns of Increased Phishing Attacks

The Financial Services Information Sharing and Analysis Center (FS-ISAC) has warned that financial services firms, and in particular smaller ones, are being attacked at an increased rate during the coronavirus pandemic. According to FS-ISAC, phishing attacks against financial services firms increased by one-third in the first quarter of 2020. In that time period, FS-ISAC identified … Continue Reading

Small Business Administration Loan Portal Compromised

Following the devastating impact of the coronavirus on small businesses, many small businesses applied for a disaster loan through the Small Business Administration (SBA) for relief. Small businesses that qualify for the disaster loan program, which is different than the Paycheck Protection Program offered by the SBA, can apply for the loan by uploading the … Continue Reading

Privacy, Security and Data Loss Prevention

I always enjoy hosting and participating in the CISO Executive Network meetings. The meetings offer Chief Information Security Officers (CISOs) the opportunity to discuss together ways they can improve security in their organizations, get ideas from each other on strategies and products, and vent with colleagues about particular issues and complaints. It gives me great … Continue Reading

Interpol Issues Alert on Increased Risk of Ransomware Attacks Against COVID-19 Medical Organizations

Interpol has issued an alert to global law enforcement agencies about the increased risk of ransomware attacks on hospitals, health care providers and other organizations on the front line of response to the COVID-19 pandemic. The Purple Notice, issued to all 194 member countries, notified them that Interpol’s Cybercrime Threat Response team has detected a … Continue Reading

Working from Home During the Pandemic? Turn Alexa and Siri Off!

The transition from work-from-the-office to work-from-home has been rapid during the pandemic. All of a sudden, millions of workers are working from home, while data security personnel were not able to plan and operationalize the transition in an optimal way. Many security measures are being put in place now as everyone settles into the new … Continue Reading

Ransomware—to Pay or Not to Pay and Should We Get a Bitcoin Wallet Just in Case?

There’s nothing worse than paying criminals. And paying a ransom for data is just that—paying criminals for a criminal act. All you get out of the payment is access to your data. It doesn’t fix the vulnerability or the root problem. Let the record reflect that the FBI does not recommend paying ransoms to cyber … Continue Reading

Changing the Conversation About Sharing and Using Health Information

Some app developers know more about our health than our doctors do. Take, for instance, FitBit, which is attached to our wrist and measuring in real time our temperature, our heart rate, our steps and whether we have had enough exercise for our age in a day. Some people sleep with their phones on their … Continue Reading

States and Municipalities on High Alert for Iranian Originated Cyber-Attacks

The Department of Homeland Security (DHS) is warning critical infrastructure operators to be on high alert for Iranian backed cyber-attacks because of the vulnerability of state and municipal computer systems, they are at high risk for attack from Iranian-based hackers. We have seen states and municipalities get hammered with ransomware in the past year. Now … Continue Reading

CCPA Recap for the New Year

After much anticipation and trepidation, the California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. Many companies are understandably still grappling with the details of the law, the amendments, and the proposed regulations and how to comply with them. If you have not determined whether the CCPA applies to your company, and … Continue Reading

Biometric Suit Not Preempted by Workers’ Compensation Statute

An Illinois employee of Power Solutions International Inc. (Power Solutions) filed suit against his employer alleging violations of the Illinois Biometric Information Privacy Act (BIPA) when Power Solutions collected his fingerprints through a timekeeping system without providing consent to do so. Under BIPA, companies, including employers, are required to provide notice and consent to employees … Continue Reading

To Extend or Not to Extend Consumer Rights to All

Microsoft announced this week that it would extend the consumer rights currently given to California consumers through the California Consumer Privacy Act to all consumers—no matter where they reside. I applaud this move (especially because I don’t reside in CA). But why should my personal information be protected differently than those who live in California? … Continue Reading

CCPA Amendment Details to Consider

In delving deeply into the California Consumer Privacy Act (CCPA), the Amendments recently signed by the California Governor, and the proposed Regulations issued by the California Attorney General, we thought it would be helpful to point out some details that are important to consider for compliance which are not obvious in the CCPA discussions we … Continue Reading

FBI Warns of E-Skimming Threats

For those of you that have websites that process online payments (such as retail, hospitality, health care, entertainment and utilities), the Federal Bureau of Investigation (FBI) recently issued a warning about e-skimming threats to those websites. E-skimming occurs when an attacker introduces malicious code on the website to obtain in real time debit and credit … Continue Reading

NSA Warns of Hackers Attacking VPN Service Applications

The National Security Agency issued an advisory last week to warn companies and users that nation-state actors are actively exploiting vulnerabilities in several virtual private network (VPN) service applications to obtain access to users’ devices. The hackers are leveraging vulnerabilities in older versions of VPN applications, and if successful, the attackers can then remotely execute … Continue Reading

Department of Defense Subcontractors: Cybersecurity Compliance is Top Priority

The Office of the Under Secretary of Defense for Acquisition and Sustainment has been on a fast track mission to shore up the cybersecurity measures of defense contractors and the supply chain to the Department of Defense (DOD). It is in the process of developing a Cybersecurity Maturity Model Certification (CMMC) requirement for those vendors. … Continue Reading

Important Tool in Your Box: Spam Filter

I have been hanging out a lot with Chief Information Officers (CIO) and Chief Information Security Officers (CISO) these days at speaking engagements and conferences, as October – National Cybersecurity month – is always busy. The topic that keeps coming up in these conversations is phishing and how most ransomware attacks are started because an … Continue Reading
LexBlog