After last night’s State of the Union, it seems like a good time for taking stock and planning for the coming year. Although it’s unlikely that you’ll be interrupted dozens of times with applause (or boos), taking the time to carefully lay out your data strategy and data security plans for the year is good practice and, in some ways, it might even be mandatory. Read More
The FTC Annual Report: Consumer Expectations and Company Followthrough
2017 was an eventful year for the FTC’s efforts to hold its place as the most important regulator of privacy and data security in the United States. Although no regulator has broader reach or more influence, other agencies and states have begun to stake out their own claim to regulatory authority, and many of them did so last year. The FCC, the CFPB, the SEC, even the New York State Department of Financial Services have all issued new regulations, and each will likely attempt to increase their influence and authority in 2018. Read More
Ransomware and Data Security
Last year, I gave a presentation where we discussed ransomware, and how it was a growing industry for cybercriminals. Ransomware is, well, a lot what it sounds like: malware that locks your data and holds it for a ransom. You pay (often in bitcoin), or the data is wiped forever. Ransomware is simple to deploy, easily spread (think: WannaCry), and profitable. It’s also far more common than you may think: the FBI says that many attacks go unreported, often because companies don’t want to disclose that they’ve been breached. Read More
Who’s the Boss?
One question I hear from clients all the time is “who has to be the decision maker about data security?” Companies that have a C-Suite will rely on a Chief Information Officer (CIO), a Chief Technology Officer (CTO), or even a Chief Information Security Officer (CISO). These are great options, and worth discussing on their own. Other companies place the responsibility in the head of IT or with whoever oversees compliance issues. There is no one-size solution to overseeing data security, but it’s important to ask the question. Read More
The Year of DataSec
Every year, we’re told, is going to be the “Year of Data Security,” the year when everyone starts to recognize the importance of protecting data and securing information. That prediction is about as helpful as saying that this will be the year when everyone obsesses over a different meme each month – it’s both obviously correct and so overly broad as to mean very little. We hear it, maybe agree with it, and then go back to whatever we were doing. Same old, same old. Read More