Yearly Archives: 2019


Data Privacy Law Makes Landfall in California

An unstoppable force has crossed the Atlantic and landed on our shores. Now, the eye of the storm is in California, and the rest of the country will feel its impact. Data Privacy, a significant idea that has long demanded attention, was codified and implemented by the European Union in 2018 as the General Data Protection Regulation ("GDPR"). In response, advocacy for Data Privacy has grown in the United States. Any consumer thinking about privacy can surely understand that our [...]

2019-12-20T21:26:27-05:00By |

Leadership Musings by JPL #2

The human condition is to make mistakes and learn from them. The ability to improve is what sets apart the winners from the mediocre. It's not all about talent. It's about dependability, consistency, and being able to improve. If you work hard and you're coachable, and you understand what you need to do, you can improve. - Bill Belichick None of us are perfect. We all make mistakes. Lord knows, I've made my fair share. But what do we do [...]

2019-11-25T13:11:19-05:00By |

Cybersecurity and GI Joe

I recently read an article by Forbes' Serenity Gibbons that I found was spot on. I particularly love her analogy about race car brakes and speed. "A good way to think about cybersecurty is to compare it to the brakes on a race car. It's the brakes that truly make the speed possible. Without them, the speed would be pure recklessness." She outlines three major themes explaining why cybersecurity should be seen as an asset: Education. Let's face it - knowing [...]

2019-11-19T16:39:05-05:00By |

There are three kinds of pipe…

“There are three kinds of pipe. There’s aluminum, which is garbage. There’s bronze, which is pretty good, unless something goes wrong. And something always goes wrong. Then, there’s copper, which is the only pipe I use. It costs money. It costs money because it saves money.” While this sounds like a stereotypical sales pitch - for which it was portrayed in one of my favorite movies of all time, Moonstruck, by the great Cosmo Castorini - we have found that [...]

2019-11-14T14:39:45-05:00By |

The Ransomware Blues

Introduction Ransomware attacks have proven to be devastating in 2019, and the stakes are growing for public and private organizations. Attacks have disrupted government and municipal services, halted medical surgeries, and forced businesses to close for good. The average ransomware insurance claim from a large company is roughly $2 million, and claims from smaller companies are approximately $150k – 250k. Ransomware is being used more strategically and has proven to be increasingly effective, amounting to greater ransoms. A modern-day ransomware [...]

2019-11-08T16:33:37-05:00By |

Surely, you don’t mean me…

Yes, I do - and stop calling me Shirley. For the past few weeks, I've been on the phone (at least twice a day) with a business owner and the recovery team working frantically to restore services after a particularly virulent ransomware attack. We're only now moving into forensic mode - determining what happened - after a difficult and arduous restoration process. Not only were the recent backups encrypted, the old backups were corrupted. Ugh. I've had similar engagement with [...]

2019-10-15T18:42:35-04:00By |

Validating a Data Subject Request: Why is it so important for GDPR?

Implementing a General Data Protection Regulation (“GDPR”) compliance program can be a daunting task. Part of every company’s GDPR compliance program is the ability to receive and respond to Data Subject Requests (“DSRs”). A DSR is a means by which a data subject can inquire about their personal data that a public or private institution possesses, as granted by his or her ‘right to access.’ GDPR defines ‘personal data’ as such: “…any information relating to an identified or identifiable natural [...]

2019-08-22T12:45:47-04:00By |

Microsoft Security Update August 2019 – Wormable Windows Flaw

Yesterday, Microsoft released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following Windows operating systems: Windows 7 SP1 Windows Server 2008 R2 SP1 Windows Server 2012 Windows 8.1 Windows Server 2012 R2 Windows 10 An attacker could exploit these vulnerabilities to take control of an affected system by sending a specially crafted request to target the system's Remote Desktop Service via RDP. Similar to CVE-2019-0708 - dubbed "BlueKeep" - these vulnerabilities are considered 'wormable' [...]

2019-08-15T13:58:41-04:00By |

Work-Life Balance Also Means Cyber Resiliency at Home

Work-life balance is important. The ability to work from home offers people the ability to have the best of both worlds. However, before employers offer this benefit, consideration should be given to securing the home environment. First and foremost, cyber awareness training is a key component in having teammates work safely from home. In a recent article, James Leggate of Fox Business quotes Nationwide Insurance's VP of Cyber Insurance, Catherine Rudow: "Many employees may not realize the magnitude of risk [...]

2019-08-14T12:15:13-04:00By |

Layer 8 Security recognized as a 2019 Best Place to Work

We are proud to announce Layer 8 Security has been recognized as one of the 2019 Best Places to Work by the Philadelphia Business Journal! “I’m thrilled by the culture we’ve developed here at L8S. I have the best teammates anyone could want. Positioning our teammates to be successful inside and outside is a key principle of ours. Many thanks to the unique, dedicated, and talented team that makes Layer 8 Security such a fun company to be a part [...]

2019-08-08T16:19:22-04:00By |