Please join SmartEdgeLaw Attorney Richard Santalesa and colleagues for a January 31 webinar covering “2019 Privacy, Compliance and Risk Management Strategies for Infosec Professionals” Information and registration are at: http://www.infosecurity-magazine.com/webinars/2019-privacy-compliance-risk/ Description: 2018 saw a number of new privacy and security compliance acts introduced, including the GDPR, the NIS Directive and California’s Consumer Privacy Act (CCPA), […]
Category: Cyber Crime
ABA Journal Quotes SmartEdgeLaw Group on Cybersecurity in Law Firms
Founding attorney, Richard Santalesa, is quoted in the Sept. 2018 ABA Journal about cybersecurity in law firms. The legal profession as a whole has lagged behind other segments in keeping its digital house locked down #cybersecurity #infosec #ABAJournal #datasecurity via ABA Journal http://www.abajournal.com/…/law_firms_cybersecurity_awarene…
Cybersecurity Regulations Issued by NYS Dept of Financial Services
New York State’s long-awaited Cybersecurity Regulations for financial institutions were released last week by the New York State Department of Financial Services (“NYDFS”) for a 45-day public notice and comment period, starting Sept 28, 2016, after which the Regs will go into effect on January 1, 2017, unless modified, as codified at 23 NYCRR Part […]
1+ Billion Records Exposed So Far in 2016
With Labor Day over and summer now fading into memory, it’s the perfect time to take a fresh look at your data and information security, privacy and compliance postures. And to review fresh lessons from what 2016 has served up as to data breaches and incidents in the first six months. Background Earlier this year, […]
Is this the Definitive Cybersecurity Guide? NYSE Guide for Directors & Officers
The following post by SmartEdgeLaw Group attorney, Richard Santalesa, was originally published Oct. 27, 2015 at the International Association of Privacy Professionals’ Privacy Perspectives website. Is this the Definitive Cybersecurity Guide? While many companies come up short on their cybersecurity programs or ability to safeguard data privacy, one area where no gap exists is in the […]
Breach Update: Home Depot Confirms 56 Million Cards Impacted
Over the past week we’ve been assisting clients in responding to the recent confirmed Home Depot breach. While information regarding the scale and scope of the breach of point-of-sale systems in the U.S. and Canada has been developing, Home Depot’s release late yesterday of an updated press release (available here), provides additional public details: 56 million […]
FFIEC Rolls Out Cybersecurity Website For Financial Institutions
The Federal Financial Institutions Examination Council (“FFIEC”) recently launched a new cybersecurity website, effectively creating another valuable resource for financial institutions when it comes to addressing cybersecurity matters. Although less well known than Federal agencies with direct oversight and regulatory authority the FFIEC “is a formal interagency body empowered to prescribe uniform principles, standards, and […]
Thanks to those who attended our IAPP KnowledgeNet CT Meeting
A quick thanks to all those who attended our IAPP KnowledgeNet meeting, held yesterday in Hartford, and to my co-chairs Bruce Raymond and Catherine Itravina. There was a good turnout and many new faces around the table. After an informative presentation covering lessons learned from the Target data breach, by Pamela Gupta, President of Outsecure, Inc., […]
SEC Issues Cybersecurity Risk Alert
Building on its stated goals for 2014, the U.S. Securities and Exchange Commission (“SEC“) recently issued a Cybersecurity Risk Alert through its Office of Compliance Inspections and Examinations (“OCIE“) that provides important additional information regarding the SEC’s ongoing initiative to assess cybersecurity preparedness in the financial and securities industry subject to its jurisdiction. As we […]
Then there were 47… Kentucky enacts data breach statute
Since 2010 the number of states with data breach notification statutes was stalled at 46. No longer. Kentucky is now the 47th state to enact a data breach notification statute, effective July 14, 2014. Kentucky’s new data breach notification statute, appearing in Ken. Rev. Stat. Chapter 365 (as amended by H.B. 232 on April 10, […]
Procurement Takeaways of the Intersection of Cloud Computing and Mobility
The National Institute of Standards and Technology (“NIST”) held a two and a half day workshop last week, March 25-27, entitled The Intersection of Cloud and Mobility, to brainstorm on the issues, problems and realities of a world where “low-end mobile devices access diverse and scalable cloud computing resources and globally connected mobile enabled resources […]
How secure is your mobile app? Or the ones your employees use?
A new update from the Federal Trade Commission (“FTC”) highlights that mobile apps remain a key security weakness. In connection with its recent investigation of mobile apps from Fandango and Credit Karma, the FTC has warned consumers that app developers (even those with the best of intentions) continue to drop the ball in ensuring security […]
Why the Cybersecurity Framework Matters for Your Security Programs
Richard Santalesa’s latest IAPP Privacy Perspectives commentary discussing what the National Institute of Standards and Technologies “Cybersecurity Framework” means for privacy and risk management professionals – and by extension your infosec and data security efforts – is up. The Framework is likely to be very influential going forward as federal agencies, government contractors and ultimately […]
FTC and FBI Issue Warning About “CryptoLocker” Malware
Safeguarding data security and privacy is a constant battle. We always recommend the use of encryption for mobile devices, laptops and all crucial company data or consumer records containing personal, sensitive or medical information. In a devilish twist, however, cyber criminals have turned encryption against unsuspecting victims, to beg the question: “Are your computer files […]
NIST Issues Final “Critical Infrastructure Cybersecurity Framework” So?
The National Institute of Standards and Technology (“NIST”), part of the Dept of Commerce, has been at the forefront of federal cyber and information security efforts, issuing numerous “Special Publications” addressing cyber and data security issues, risk management, encryption, mobile security and related topics. It’s latest significant release on Feb. 12th of the final Critical […]
