Data Security Breach Response

This blog post is the sixth and final entry of a six-part series discussing the best practices relating to cyber security. The previous post discussed the individuals and organizations that should be notified once a cyberattack occurs. This post will focus on what a business should not do after a cyberattack. Key points include (1) not using the network, (2) not sharing information with unconfirmed parties, and (3) not attempting to retaliate against a different network.
Continue Reading The Anatomy of a Cyber Attack: Prevention, Response and Postmortem (Part 6 of 6)

This blog post is the third installment of a seven-part series discussing the best practices relating to cyber security. The first two blog posts discussed the best practices for preparing a business in case of a cyberattack. This post will discuss the initial steps that a business should take after a cyberattack occurs.
Continue Reading The Anatomy of a Cyber Attack: Prevention, Response and Postmortem (Part 3 of 6)

This is the second installment in a seven-part discussion on the best practices to prevent a cyberattack. The first part discussed four critical steps to prepare a business in the case of a cyberattack. These included: (1) identifying the crucial assets and functions a business, (2) creating an Response Plan, (3) installing the appropriate technology, and (4) obtaining authority for network monitoring. This article builds on those steps by suggesting further best practices in order to prevent a cyberattack.
Continue Reading The Anatomy of a Cyber Attack: Prevention, Response and Postmortem (Part 2 of 6)

Cyber-attacks can impact any business regardless of size, sector, or level of cyber security. The best way to minimize damages from a cyber-attack is to plan ahead and prepare for a possible attack. Forward thinking can minimize damages and shorten the process of recovery from a cyber-attack. The following suggestions are important steps that every business should take to prepare for a cyber-attack.
Continue Reading The Anatomy of a Cyber Attack: Prevention, Response and Postmortem (Part 1 of 6)

On October 24, the Federal Communications Commission (FCC) threw its hat into the data security regulation ring when it announced it intends to fine two telecommunications companies $10 million for
Continue Reading The FCC – A New Data Security Regulator?

SAIC’s recent Motion to Dismiss the Consolidated Amended Complaint filed in federal court in Florida as a putative class action highlights the gaps between an incident (like a theft) involving PHI, a determination that a breach of PHI has occurred, and the realization of harm resulting from the breach.
Continue Reading The SAIC Breach and a Look Across the Chasm Between Significant Risk and Actual Harm Resulting from a HIPAA Breach

The San Francisco Chronicle reported yesterday that officials at the City College of San Francisco discovered a few days after Thanksgiving 2010 that certain computers of the college have been infested with active malware for more than a decade. Up to 100,000 students and 3,000 employees could be affected, and that number may rise based on further, ongoing investigation.
Continue Reading Data Breach Potentially Affects Up to 100,000 Students, 3,000 Employees