The Privacy Insider Podcast Ep. 7: David, Goliath, and Data Privacy Part II: Max Schrems
When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
Data Resilience Masterclass: Navigating the Risks of the Digital Age - Data Risk and Resilience is a critical topic for modern businesses, especially within industries that handle vast amounts of sensitive information....more
Cyber risk is now a normal part of our personal and professional lives. When companies suffer a cyber incident, they often look to their insurance policy for coverage to help mitigate the financial exposure. Additional...more
It’s obvious that strong cybersecurity governance should help to reduce a company’s risk of succumbing to a cybersecurity incident or being significantly impacted should one materialize. One major challenge: determining what...more
On June 24, the staff of the U.S. Securities and Exchange Commission's (SEC) Division of Corporation Finance (Division of Corporation Finance) released five new Compliance & Disclosure Interpretations (C&DIs) relating to the...more
Defining the role of inherent risk in cybersecurity - Inherent risk is a concept that while fundamental to cybersecurity, has largely been disregarded by popular cybersecurity risk guidelines and standards and remains arcane...more
Verizon’s 2024 Data Breach Report, a must-read publication, was published on May 1, 2024. The report indicates that “Over the past 10 years, the use of stolen credentials has appeared in almost one-third (31%) of all...more
In May 2024, the New York State Department of Health (“NYSDOH”) issued revisions to proposed regulations on hospital cybersecurity that it first released in November 2023. The proposed revised regulations are subject to...more
Gone are the days where technological solutions were “nice to have” options to provide us with better access to resources and improved process efficiencies. Nowadays, technological solutions – and specifically those that...more
Since I hang out with a lot of CISOs, and understand their pain points, I urge readers to send a “thank you” and “you are the best” message to their CISO. You can’t imagine the pressure and stress they are under to try to...more
Originally published in American Business Magazine - May 2024. Many small- and mid-sized business owners believe that they are not prime targets for a cyber breach and that threat actors only go after large companies. This...more
Join us on the latest episode of Financial Services Focus as Justin Herring, Jeff Taft and Ana Bruder discuss key cyber threats facing the financial services industry, including third-party risks, sophisticated ransomware,...more
Earlier this year, the National Institute of Standards and Technology (NIST) issued an update to its Cybersecurity Framework (CSF) with the release of version 2.0, the first update since April 2018 (version 1.1). While the...more
CYBERSECURITY HC3 Warns Health Sector About Social Engineering Attacks Against IT Help Desks - The Health Sector Cybersecurity Coordination Center (HC3) recently issued an Alert warning that “threat actors employing...more
As supply chains have become more digitized and interconnected, they have also become more vulnerable to a range of cyber threats. These threats not only pose risks to the direct operations of companies but also to the...more
A security researcher found an intentionally placed backdoor in a software library called XZ Utils on April 2. This backdoor allows hackers to hijack secure sessions, or create their own, on devices within an organization's...more
In response to “multiple” cyber threat vectors, the Biden administration has asked governors of all 50 states to generate cybersecurity plans within 90 days (approximately July 1, 2024) to protect local water and wastewater...more
Cyberattacks and data incidents are rapidly increasing, and third-party services companies are a frequent source of exposure for healthcare providers. Healthcare is a prime target for cybercriminals, with ransomware and...more
The National Institute of Standards and Technology ("NIST") released a significant update to its framework, expanding its scope and reach to cover a broader audience and evolving cybersecurity risks and management issues....more
The number of large data breaches, those involving 500 or more people, exposing protected health information has increased exponentially in the last few years, and ransomware and hacking are the primary cyber threats in...more
Threat actors are evolving. Our Privacy, Cyber & Data Strategy Team explains how ransomware gangs have changed their tactics and how companies can respond to the threat while navigating new scrutiny from investors and...more
Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more
The HHS Office for Civil Rights (OCR) and other government agencies aren’t just worried that providers understand—and mitigate—the privacy and security risks of telehealth. In fact, in 2022, the Government Accountability...more
The ever-increasing privacy and security risks via third-party vendors and service providers were apparent in 2023 with news of large organizations such as MOVEit, Okta and AT&T being affected. Research has shown that 98...more
If you feel like every day you wake up to a new data privacy law or piece of guidance, you’re not dreaming. Regulation and rulemaking are happening faster than ever before. The complexities relating to ethical data usage are...more
In recognition of International Privacy Day on January 28, we wanted to share some insights on the top privacy and cybersecurity issues for the new year. Data privacy and cybersecurity will continue to be one of the most...more