The California Attorney General’s Office has issued a report, Cybersecurity in the Golden State: How California Businesses Can Protect Against and Respond to Malware, Data Breaches and Other Cyberincidents. Here’s the Executive Summary: Executive Summary Relatively small investments in cybersecurity preparedness can yield significant risk reductions. Every business in California should follow the steps summarized below,…
Category: Commentaries and Analyses
Breach Blind Spot Puts Retailers on Defensive
Brian Krebs writes: In response to rumors in the financial industry that Sears may be the latest retailer hit by hackers, the company said today it has no indications that it has been breached. Although the Sears investigation is ongoing, experts say there is a good chance the identification of Sears as a victim is a false alarm…
Personal information managed by EPA is at risk, IG finds
Kelly Cohen reports: Better safeguards are needed to protect personal information managed by the U.S. Environmental Protection Agency, according to an inspector general’s report. Even though the agency is required by federal law to have privacy protection procedures in place, EPA doesn’t, according to the report. Read more on Washington Examiner.
Minnesota data breach law demonstrates risks of knee-jerk reactions
I just shook my head yesterday when I heard about a proposed law in Minnesota that would require breach notification within 48 hours of discovery, the offer of free credit monitoring for one year, and golly gee, a $100 gift card that would be valid for one year if the breached entity was a retailer. Apparently I…
Comparison of Five Data-Breach Bills Currently Pending in the Senate
Meena Harris writes: Data security continues to be a hot issue on Capitol Hill, and just yesterday Attorney General Eric Holder urged Congress to create a “strong, national standard” for quickly reporting data breaches to consumers. Democratic and Republican senators have been busy drafting legislation that would establish national requirements for data security and breach notice. The following bills…
Payment Card Breaches: Time to Spread the Risk with Mandatory Cyber Insurance
David Navetta writes: The BIG 2014 security stories concerning the Target, Neiman Marcus and Michaels payment card breaches of have highlighted the significant criminal hacking and fraudulent payment card activity that goes on in the retail space. Of course, it was not so long ago that the Heartland Payment Systems breach (2008; 100 million cards exposed) and the TJX breach in (2007; 45 million card exposed)…