Companies are becoming increasingly aware of the reach of biometric privacy laws, which are designed to protect an individual‘s biometric identifiers or biometric information (“biometric data”), such as fingerprints, voiceprints, hand scans, and face geometry. Since the Illinois Biometric Information Privacy Act (“BIPA”) became effective in 2008, a number of states have passed or are considering [1] similar laws protecting such biometric data.
Continue Reading Biometric Data Protection Laws – Coming to a Jurisdiction Near You

Earlier this month, we learned that the SolarWinds Orion Platform software builds for versions 2019.4 HF 5 through 2020.2.1*, released between March 2020 and June 2020, were compromised by an advanced persistent threat actor (or APT).  The perpetrators of this sophisticated attack implanted a Trojan into a legitimate update to the Orion Platform

For those businesses located in the State of New Jersey, the state does not (yet) have proactive legislation in place requiring businesses to take “reasonable” measures to protect personal information of residents.  However, if you have customers and/or personnel from outside the State, you may already be subject to the proactive legislation requirements of other

On October 29, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the U.S. Department of Health and Human Services (HHS) warned of an increased, imminent threat to U.S. hospitals and healthcare providers. The agencies have credible information that malicious cyber actors are targeting the healthcare and public health

CSG/LIFARS webinar_Cybersecurity and Data Protection Best Practices Amid COVID-19

CSG’s Michelle A. Schaap will join Ondrej Krehel, CEO and Founder of LIFARS, LLC, and Roota Almeida, CISO with Delta Dental of New Jersey and Connecticut, on Wednesday, July 29, from 3:00 – 3:45 PM EDT for a virtual discussion around strategy and best practices in the face of the current escalated legal and cyber

The FBI issued an alert warning of an attack targeting e-commerce websites.  The bad actors are embedding code directly into the e-commerce site to then skim account information.

The notice, found here, provides the details of this attack.

As always, the best defense against this and other cyberattacks is to have layers of defenses

You are in a fantasy football league registered under your email and your password.  Unbeknownst to you, however, the leagues site has been breached, and access credentials have been stolen.  The site discovers the breach, investigates the breach, and gives notice to impacted individuals.

If you are lucky, the time frame from when the original breach occurred and when you receive notice is 60 days;  more likely it will be a longer time frame – potentially 18 months or longer.  In the meantime, because you reuse your password for multiple accounts, the bad actor that compromised the fantasy league site has already used your password to access your Gmail or AOL account, reset your password, and has logged into your bank account and drained your funds.

Sound like a bad made-for-TV movie or detective show episode?

Sadly, the scenario outlined above is true and happened to a gentleman in Texas, and was shared during a recent InfraGard¹ webinar.
Continue Reading The Life of a Data Breach: The “Gift” That Keeps on Giving

The “kill chain” is a phrase that refers to the FBI’s ability to interrupt or kill the miswiring and loss of funds.

This is an extremely powerful resource given that cyber criminals have been targeting entities that use Microsoft Office 365 and Google G Suite to perpetuate business email compromise (BEC) scams.  The “phish kits”

Even if your business is based on the East Coast, you are likely to feel the effects of the California Consumer Privacy Act (“CCPA”), which will be effective January 1, 2020.

CCPA applies to for-profit businesses that:

  • Do business in the state of California; collect, or contract with a vendor for the collection of, personal information of “consumers[1]”; and determine the means or purpose of processing the data and
    • Have annual gross revenues in excess of $25,000,000 OR
    • Buy, receive, sell or share information about 50,000 or more consumers, households or devices for commercial purposes OR
    • Derive more than half of their revenue from selling consumers’ personal information.

So… if you are not doing business in California, or you do not fall into one of the sub-categories enumerated above, why do you need to worry about CCPA?
Continue Reading Not in California? Here’s Why the CCPA Should Still Be on Your Radar