Brendan Sasso reports:
Sen. Patrick Leahy (D-Vt.) is pushing for an amendment to a cybersecurity bill that would make it a crime for a company to hide a data breach from its customers.
Under the legislation, anyone who purposefully conceals a data breach that causes financial damage could face up to five years in prison.
Other amendments offered by Leahy would set a national standard for companies to notify their customers in the event of a data breach and would require businesses that store consumers’ sensitive personal information to establish data security programs.
Read more on The Hill.
These politicians need to figure out why these breaches are happening. Its the software compnaies lack of effort to make the material secure, and the use extremely easy password complexity rules to use the software. I am sure everyone has a password scheme they use, and if software password complexity was put into the system that would correct about 20% of the “breaches”.
Another part of the sad affairs is the software itself. Its convenient for people to load software and not patch it. Its JUST as easy for a manufacturer of this software to sell it, and not offer an email of phone call that an upgrade is available – whether free of at the cost of a maintenance contract.
The other part is human based. Whether these breaches occur as a vendetta, mistake, greed or otherwise is another issue. This admendment by what is written here, in my opinion, seems to say “We know there is a cyber security problem”. We understand the establishments are unsecure, but if you do something wrong you’re going to pay for it”.
One thing that DOES NOT help is lack of jobs. There is a lack of urgency that people feel when they lose their jobs, and are presented with a job opportunity – or – if AT a job are given a way to grab a wad of cash quickly that they probably could never accumulate in a short period of time. Cash is King if the opportunity is presented in a manner which the event to take place is harmless. “All you have to do is…..”
I see two things that need to happen. JOBs is one. The other is QUITE SIMPLE. Put up a Government website that people have to go to when employed OR if they move positions within a company. This website will show SHORT 6-10 minute clips of video that cannot be skipped or advanced. Once each one is done, the person then has to copy and paste a unique verification code that shows the user has completed part of the training. Current and future employers can only view the data, and are legally bound NOT to hire or advance any employee without the user completing the required training.
The Jobs stimulate the economy and keep people from doing things they otherwise would not do. The training shows that they understand what hacking, skimmers, insider threat, and other basic illegal things are. I am sure the government can properly word the opening pages to where it is legal and binding that if an individual is considered to be a threat in respects to Information technology systems and assets, they are subject to monitoring, search and seizure without warning.
Lolli-gagging around the issue will get you no where. Uproars will be squelched ; you wanna work? watch the videos and hit the consent button and cut and paste the unique code. People will get away with alot if they are given an opportunity to do so. Whats the difference of a person willingly ripping off a business – even a bank whether it involves a gun, a shovel or a computer? an Act of crime is a crime and it should be treated as such across the board. Minimum mandatory sentences for each “level” of crime. This is not hard. Law is Law. follow it, ot fallow your fellow inmate to the assinged cell.