Electronic Data Security

Data privacy and security
Many company leaders appear to understand and recognize cyber threats, but far too few have implemented vital defenses.

In the fourth quarter of 2017, we spearheaded a sweeping, cross-industry survey of chief executives to gauge corporate cybersecurity preparedness. The results revealed important organizational issues.

The survey showed C-suite corporate leaders know their companies’ data is at risk but are not taking adequate measures to protect that data.

  • Awareness: More than half of C-level officers recognized their companies were at high or very high risk of a data breach. Three quarters said they had been hit recently by phishing attacks.
  • Inaction: Despite that, 53 percent of executives admitted their cybersecurity and data privacy budgets are insufficient to respond to a breach. Nearly a third don’t train all their employees on data breach prevention, a basic component of cybersecurity.

“Cyberattacks are growing in frequency and severity,” said Mark McCreary, Fox’s Chief Privacy Officer and co-chair of its Privacy and Data Security Practice. “Companies should take steps to manage that risk and prevent breaches, but it requires a clear-eyed, systematic approach.”

Survey findings offer big-picture takeaways to bolster a company’s approach to cyber threats and their prevention. The report examines five key areas of cybersecurity readiness:

  • Breach response plans
  • Budget priorities
  • Cyber liability policies
  • Determining risk severity
  • Training effectiveness

How does your organization compare? Read the full report.

 

Recent news that Facebook has suspended research firm Cambridge Analytica for improperly collecting users’ personal data without their knowledge may not constitute a classic “data breach,” but it poses real risks for the popular social media platform.

Fox Rothschild Partner Scott Vernick, founder of the firm’s Privacy & Data Security Practice, discussed the implications for Facebook, and the next steps the company should take, in an interview with the TD Ameritrade Network.

“Consumers do select companies and want to do business with companies that have control over their data and that can secure their data,” Scott said. “In turn, If you lose consumer confidence, you lose advertiser confidence, so that is the challenge for Facebook.”

View the full interview here.

Restaurant businesses deal with a large amount of personal data.

The National Restaurant Association released a must-read guide for restaurant operators on how to increase their cybersecurity efforts.

Franchising, Licensing & Distribution partner Eleanor Vaida Gerhards explains on the Franchise Law Update blog how the guide takes the cybersecurity framework prepared by the National Institute of Standards and Technology and adapts it for use in the restaurant hospitality industry.

Because restaurants have to handle the personal information of their customers, they’re constantly at risk for data compromises that carry heavy fines.

Even the most cyber savvy restaurant systems should find the guide full of useful information. Access the guide and read Eleanor’s full post here.

The cost of cybercrime continues to rise, driven by increasingly sophisticated cybercriminals and a growing pool of new and often unsophisticated internet users, according to a new report from internet security firm McAfee and the Center for Strategic and International Studies.

“Cybercrime is relentless, undiminished, and unlikely to stop. It is just too easy and too
rewarding, and the chances of being caught and punished are perceived as being too low,” the report states.

The report, “Economic Impact of Cybercrime—No Slowing Down,” estimates cybercrime costs the global economy $600 billion a year, or 0.8 percent of global GDP, up from $500 billion in 2014.

It lists five trends that are most responsible for the increase:

  • Cybercriminals adopting new technologies.
  • Growth in new internet users, often from countries with weak cybersecurity.
  • The rise and growth of Cybercrime-as-a-Service.
  • Growth in cybercrime “centers” such as Brazil, India, North Korea, and Vietnam.
  • Improved black markets and digital currencies facilitating monetization of stolen data.

Security magazine also published a summary of the report.

Europe map with padlock symbolizing the General Data Protection Regulation (GDPR)With the European’s Union’s new General Data Protection Regulation (or GDPR) taking effect in less than 100 days, the interest of many U.S. Companies has been piqued as to how the GDPR may affect their overseas and internet-based businesses.  This article on CFO.com, “Why GDPR Matters,” which I co-authored with Bill Shipp from Vaxient, LLC and Jonathan Marks, CPA from Marcum, LLP, tackles this hot issue and answers why GDPR should matter to U.S. companies in a wide variety of industries.

To assist U.S.-based companies in determining how GDPR may affect their business, Fox Rothschild has also developed a GDPR mobile app called “GDPR Check” (details and download information here).  The app is designed to help companies determine which areas of their business (if any) may require GDPR compliance.

If you have any questions about how GDPR may affect your company, we encourage you to consult a knowledgeable attorney and experienced professionals.

Username and password login fields, online security
Usernames and passwords were exposed in a number of reported data breaches.

According to the monthly report from the Identity Theft Resource Center, the health care industry suffered more data breaches in January than government, educational and financial sectors combined.

Medical and health care-related data breaches accounted for 26.7 percent of the verified 116 data breaches in early 2018. The report defines a breach as a cybersecurity incident in which personal information such as emails, medical records, Social Security numbers or driver’s license information, is exposed and made vulnerable to risk.

While the report identifies “Business” as the sector most affected by data breaches, the category broadly encompasses many types of major service providers in retail, hospitality, trade, transportation and other industries.

For more detailed statistics of data breaches by industry, download the ITRC report.

The U.S. Treasury’s Office of the Comptroller of the Currency is out with its first Semiannual Risk Perspective report under Trump appointee Joseph Otting.

It’s not terribly rosy from a cybersecurity perspective, reports Bloomberg News.

The Comptroller’s office singled out cyberattacks as an increasing risk: “U.S. Banks are facing a growing threat from cyberattackers and making defense against them more complex by relying on third-party firms for support,” Bloomberg reports.

In addition, banks are facing attacks from hackers that exploit weaknesses in clients’ security, the report says. Click here to read the full text of the Semiannual Risk Perspective. The section on cybersecurity is on pages 14 and 15.

Last year saw multiple high-profile data breaches, enough to place cybersecurity atop any in-house attorney’s 2018 priority list.

But the threat posed by hackers isn’t the only cyber concern on the minds of in-house counsel this year, reports Corporate Counsel magazine.

In the regulatory realm, complying with the European Union’s General Data Protection Regulation, which takes effect in May,  is expected to be companies’ top data privacy task of 2018. But it’s not the only one. The Chinese government also plans to impose new, below-the-radar data privacy regs that will make companies jump through another set of legal hoops.

The legal implications of new technologies, such as fitness devices that blur the line between medical and personal data collection, are also expected to challenge corporate counsel. And groundbreaking legal cases could change the law regarding who has standing to sue following a data breach in the U.S. and whether companies can use standard contractual clauses to transfer personal data out of Europe.

British businesses are stockpiling Bitcoin to payoff ransomware hackers, according to a ZDNet report.

Ransomware is a form of malware that can freeze a company’s data. It allows hackers to demand a payoff in cash — or Bitcoin — in return for restoring a business’s functionality.

In the wake of the WannaCry hacking attacks, which crippled the UK’s National Health Service, British business leaders may prefer to pay a ransom rather than disclose data breaches and suffer through government audits, fines, customer dissatisfaction and reputational damage.

Even as Bitcoin prices have fluctuated around $18,000, some companies are loading their virtual wallets and bracing for the demand of a payoff.

Read the full article.

 

The soaring value of bitcoin and other cryptocurrencies has hackers mobilizing, according to Data Breach Today.

Distributed denial-of-service attacks against bitcoin exchanges are up, and hackers have compromised software tied to “bitcoin gold,” the publication reports. While it’s not surprising, given bitcoin’s meteoric rise in value, the increased activity is raising questions about the security of cryptocurrency infrastructure.

“Not to perpetrate fear, uncertainty and doubt, but I was told by people I really respect in threat intelligence that there are at least four very advanced threat actor groups who have been attacking banks in recent years, and about a month ago, they just dropped their activities and moved over to bitcoin hacking,” Avivah Litan, vice president and distinguished analyst at Gartner Research told Data Breach Today executive editor Matthew J. Schwartz.

Click here to read the full story.