The increased focus on online communications has brought a substantial uptick in breaches, with the most ubiquitous being the “business email interruption” scam. The most popular variant is where Office 365 or Gmail accounts are hacked through a phishing email, and the hacker then sends a fraudulent invoice purporting to be from a legitimate vendor, […]
Anyone who is interested in cybersecurity law and policy can now take an online course that was partly shaped by National Security Agency, which...
For incidents affecting less than 500 individuals, HIPAA-covered entities have until two months past the end of the year to report them, rather than the 60-day deadline for larger breaches, and this data for 2017 is becoming available. Hacking and IT incidents without major data breaches rose by 25 percent, with 142 in 2017 compared […]
A new report from the Department of Justice Office of Inspector General faults the Federal Bureau of Investigation for its process for notifying the victims of cyberattacks. OIG identified issues with both the quality and completeness of the information stored in the agency’s Cyber Guardian system, the tool the FBI uses to disseminate breach notifications. […]
Representative Will Hurd (R-TX) says that his next goal will be strengthening the federal cybersecurity workforce, likely through the creation of a Cyber National Guard. Hurd currently is shepherding the Modernizing Government Technology Act through Congress, but once that bill is passed, he hopes to tackle the cyber workforce. Hurd’s plan for a Cyber National […]
A House of Representatives "resolution of inquiry" introduced by Representative Bennie Thompson (D-MS) would direct DHS to give lawmakers any documentation the agency has...
The president’s National Infrastructure Advisory Council reports that federal agencies aren’t sufficiently exercising the authorities they have to inform critical private-sector entities of vulnerable supply chain elements and other threats. To address the problem, the council argues for the creation of a Critical Infrastructure Command Center, where public- and private-sector partners would share a 24/7 […]
Leading legal technology marketers shared their recommendations on how firms can convince their clients that their data is safe. Sue Lyon-Boggs, a writer in the legal industry, urges firms to create a culture of security that requires every employee to understand how measures work and commit to using them. “Lawyers should be able to discuss with […]
Nikola Todev of OnRamp writes about the pervasiveness and importance of security audits, and the difficulty of aligning an organization’s business practices to the applicable security frameworks. He comments that “meeting security specifications requires monetary investment, often causes confusion and in some cases, even results in a loss of direction.” In a two-part article, he […]