Blog

Whether you know it or not, you probably don’t go more than a day or two without getting some phishing email. An article by ZDNet describes a new phishing scam going on that is targeting governmental departments and their related business services. While this seems to be specifically targeted at governments around the globe, it is a good reminder to be extra vigilant when clicking on links in emails that purport to deal with a government agency. Because everyone has to deal with the government, this makes people more susceptible to clicking the links. Be wary and be sure to help educate those around you about the importance of being vigilant as part of your own personal cybersecurity.

It’s currently raining in Las Vegas. A welcome sight in the desert, but one that always causes problems when it happens. Many drivers seem to have forgotten how to drive when it rains and the roads are made slick when the rain mixes with the dirt, oil, and other substances that have sat on the roadways since the last rain. Another unfortunate side effect is when the rain results in a power outage. We had one last night that got me thinking about how this relates to cybersecurity. A lot of incident response planning deals with breaches or attacks, but some incidents that don’t get as much attention are those that arise out of weather. When you are making your incident response plan, be sure and think about a situation where you do not have electricity or access to everything you might normally have. A power outage could shut you down completely. Do you have a plan to carry on if that happens or are you at the mercy of power company? Either way, it’s something you keep in mind as you think about cybersecurity.

If the cybersecurity industry had a catchphrase, it would have to something to the effect that, “It’s not a question of if you will be breached, it’s just a question of when.” Basically a truism, it is a reminder that you and your company need to get prepared. Why you ask? We already have antivirus, firewalls, and backups. Because there is so much more to it than antivirus, firewalls, and backups. There are hundreds of other aspects of cybersecurity you need to be concerned with–check out this article from Forbes that explains why your custodial staff is an important part of your breach strategy.

This article at HelpNetSecurity talks about the approaches to cybersecurity differ according to age. While there will always be generational differences, this is a good reminder that there are going to be different ways of getting to the same goal. Some will inhibit productivity in exchange for higher security, others will do the opposite. It is important to keep that in mind as you implement security at your organization.

While it seems the privacy world is all abuzz over GDPR and CCPA, there are still others efforts under way around the country to change the way privacy is handled in the USA. Some of those efforts are making small changes piece by piece while others are looking to make a bigger change. One of the latter is the Mind Your Own Business Act that was introduced in the Senate yesterday. Check out this article at the Verge for more details. While this is by no means the only privacy bill pending in Congress, it is certainly the latest and has a catchy name. Will a bill that would give you more control over your data and threaten companies with fines and their executives with jail time make it into law? Stay tuned….

The CCPA is a fluid situation at the moment. As we get closer to it taking effect, we are seeing adjustments made by legislative amendments and regulations issued by the AG. Here’s an article I wrote with Jeff Dennis on AB 1146 which modifies the CCPA to make it clear that businesses can still keep information to honor warranties.

The IRS issued new guidance this week on the taxation of cryptocurrencies. You can view the IRS’ FAQ page here. The main takeaway is that the IRS has not changed its position on treating cryptocurrency as property for tax purposes. This means you need to keep track when you buy, receive, sell, or gift cryptocurrency so you can report short-term or long-term capital gains.

Working with my colleague Jeff Dennis, we recently wrote an article about what California businesses need to know about Nevada’s new privacy law. Whether you are a business owner or a consumer you will start seeing more laws across the globe that will affect you do business or even how you go about life. These new laws will let you protect your privacy and hopefully cut down on targeted advertising in the form of spam and unwanted phone calls, but it will definitely change the way things have been done. Keep your eyes and ears pealed for updates that affect you.

As reported in this BBC article, three hospitals in Alabama were forced to close their doors to all but the most-critical new patients due to a ransomware event. After a cyber attack in Australia, a hospital had to find a scrap of paper before they could perform a medical procedure on a boy with cerebral palsy. The boy’s mom couldn’t even phone the hospital to confirm the appointment. Think about that for a moment–a facility that could be responsible for whether you live or die is shut down or essentially rendered ineffective by a breach. And this only scratches the surface of the stories. We don’t know how the breaches happened, what controls the hospitals had in place, and/or whether there were reliable backups in place. I think ransomware attacks on hospitals are one of the nightmare cases for cybersecurity. Unfortunately, it looks like this is a growing problem that should serve as a reminder about how important cybersecurity is to society.

Yesterday I had the opportunity to attend a PrivacyConnect CCPA & GDPR workshop put on by OneTrust. You can see the schedule of upcoming workshops here. The workshops are free and a great resource for getting up to speed on the CCPA & GDPR. They cover a lot of material, but take time to answer questions and provide a good opportunity for attendees to network as well. If you are in one of the workshop locations, you should make time to attend!