Monthly Archives: January 2017

Home/2017/January

What can we learn from celebrity cyber attacks?

Celebrity hacks seem to dominate the news. http://www.cnn.com/2017/01/25/entertainment/celebrity-photo-hacking-scandal-man-sentenced/index.html These high-profile cases are illustrative of the kinds of scams we all need to be aware of.  For most of us, naked pictures are not likely what potential bad actors are after, but the methodology used by Mr. Majerczyk in this case was quite common; e.g. he used a phishing email to trick these celebrities into giving him their passwords. Phishing continues to be the top scam for hacking.  Please be cautious [...]

2017-06-22T20:19:37-04:00By |Tags: |

Former Gov. Tom Ridge Says Corporate Boards Need to Make Cybersecurity a Priority

I had the honor to share a potent potable with Governor Ridge while stationed at Fort Meade. [The Governor was happy to meet a fellow Pennsylvanian.] Throughout our conversation, one theme resonated strongly with both of us: cybercrime by nation state sponsored actors was more than just a National Security issue. In the way that US businesses mobilized to support the country during World War II; even small companies need to understand they have a role to play in safeguarding [...]

2017-06-22T20:19:37-04:00By |Tags: |

The SEC announces its 2017 examination priorities

Attention to those in the financial industry, particularly, Broker/Dealers, Investment Advisers and Firms involved with Pension Funds and Seniors; OCIE is focused on you. The SEC's National Examination Program (NEP) of the Office of Compliance Inspections and Examinations (OCIE) announced that its examination priorities in 2017 will focus on three general areas including retail investors, risks specific to elderly investors and retirement investing, and assessing market-wide risks. Taken directly from the SEC website, "Cybersecurity - OCIE will continue its ongoing [...]

Breach Notification Laws Are Being Enforced

First HIPAA enforcement action for lack of timely breach notification settles for $475,000 In a landmark case, federal regulators have issued a $475,000 financial settlement and corrective action plan for Presence Health regarding its tardy notification for a paper records breach that affected approximately 800 individuals. The Director of the Department of Health and Humans Service's Office for Civil Rights (OCR), which enforces HIPAA, noted that companies "need to have a clear policy and procedures in place to respond to [...]

The Importance of Application Penetration Testing

Industry is slowly adapting to the need to test applications for security - especially those companies in regulated environments. But not all have adapted to this new paradigm. I'm sure Quest wishes they had a done a more thorough job of testing their mobile app (http://fortune.com/2016/12/13/quest-diagnostics-data-breach-health/) when 34,000 of their users had their personal information stolen... Ugh. The lack of proper testing is not just in the domain of industry however. Although most of us are never going to have [...]