Tag Archives: Gramm Leach Bliley Act

New York Joins the Wave of States Requiring Businesses to Adopt Reasonable Cybersecurity Safeguards to Protect Private Information

New York is the latest state to adopt a law that requires businesses that collect private information on its residents to implement reasonable cybersecurity safeguards to protect that information. New York now joins California, Massachusetts and Colorado in setting these standards. New York’s law mandates the implementation of a data security program, including measures such as risk assessments, workforce training and incident response planning and testing. Businesses should immediately begin the process to comply with the Act’s requirements effective March 21, 2020. Notably, New York’s law covers all employers, individuals or organizations, regardless of size or location, which collect private information on New York State residents.

Read more

Read full article

Harden Your Organization’s Domain Name System (DNS) Security To Protect Against Damaging Data Loss and Insider Threat

The importance of the Domain Name System (DNS) to your organization’s cybersecurity cannot be understated. Communications between computers on the Internet depend on DNS to get to their intended destination. Network communications begin with a query to DNS to resolve the human readable domain name to a numeric Internet Protocol (IP) address required by computers to route the transmission. A malicious party who is able to exploit a weakness in DNS can re-route sensitive traffic, including Protected Health Information (PHI), Personally Identifiable Information (PII) and other valuable information from the intended recipient to the malicious actor. Indeed, as recent attacks on DNS indicate, even encrypting the communication may not be an effective countermeasure because the transmission can be decrypted after interception. Malicious employees and other insiders may also abuse DNS as a side channel to covertly exfiltrate the organization’s most sensitive proprietary information avoiding Data Loss Prevention (DLP) countermeasures that may operate at different layers of the communication process. The recent attacks reported by the Department of Homeland Security reinforce the need to protect DNS functionality as a fundamental component of your organization’s overall cybersecurity and compliance strategy.

Read more

Read full article