Data Security Breach Response

This blog post is the sixth and final entry of a six-part series discussing the best practices relating to cyber security. The previous post discussed the individuals and organizations that should be notified once a cyberattack occurs. This post will focus on what a business should not do after a cyberattack. Key points include (1) not using the network, (2) not sharing information with unconfirmed parties, and (3) not attempting to retaliate against a different network.
Continue Reading The Anatomy of a Cyber Attack: Prevention, Response and Postmortem (Part 6 of 6)

This blog post is the third installment of a seven-part series discussing the best practices relating to cyber security. The first two blog posts discussed the best practices for preparing a business in case of a cyberattack. This post will discuss the initial steps that a business should take after a cyberattack occurs.
Continue Reading The Anatomy of a Cyber Attack: Prevention, Response and Postmortem (Part 3 of 6)

This is the second installment in a seven-part discussion on the best practices to prevent a cyberattack. The first part discussed four critical steps to prepare a business in the case of a cyberattack. These included: (1) identifying the crucial assets and functions a business, (2) creating an Response Plan, (3) installing the appropriate technology, and (4) obtaining authority for network monitoring. This article builds on those steps by suggesting further best practices in order to prevent a cyberattack.
Continue Reading The Anatomy of a Cyber Attack: Prevention, Response and Postmortem (Part 2 of 6)

Cyber-attacks can impact any business regardless of size, sector, or level of cyber security. The best way to minimize damages from a cyber-attack is to plan ahead and prepare for a possible attack. Forward thinking can minimize damages and shorten the process of recovery from a cyber-attack. The following suggestions are important steps that every business should take to prepare for a cyber-attack.
Continue Reading The Anatomy of a Cyber Attack: Prevention, Response and Postmortem (Part 1 of 6)

The Security and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) recently released an initial summary of its findings from its 2014 OCIE Cybersecurity Initiative.  The OCIE examined 57 registered broker-dealers and 49 registered investment advisers to better understand how broker-dealers and advisers address the legal, regulatory, and compliance issues associated with cybersecurity.

On October 24, the Federal Communications Commission (FCC) threw its hat into the data security regulation ring when it announced it intends to fine two telecommunications companies $10 million for allegedly failing to safeguard the personal information of their customers.

Both TerraCom, Inc. (TerraCom) and YourTel America, Inc. (YourTel) allegedly collected customers’ personal information, including

SAIC’s recent Motion to Dismiss the Consolidated Amended Complaint filed in federal court in Florida as a putative class action highlights the gaps between an incident (like a theft) involving PHI, a determination that a breach of PHI has occurred, and the realization of harm resulting from the breach.
Continue Reading The SAIC Breach and a Look Across the Chasm Between Significant Risk and Actual Harm Resulting from a HIPAA Breach

The FBI reports that cyberattacks could overtake terrorism as the major threat to the country. According to the Department of Homeland Security, between October 2011 and February 2012, there were 86 reported attacks on U.S. computer systems that control critical infrastructure, factories and databases, compared with 11 over the same period a year ago.

The San Francisco Chronicle reported yesterday that officials at the City College of San Francisco discovered a few days after Thanksgiving 2010 that certain computers of the college have been infested with active malware for more than a decade. Up to 100,000 students and 3,000 employees could be affected, and that number may rise based on further, ongoing investigation.
Continue Reading Data Breach Potentially Affects Up to 100,000 Students, 3,000 Employees