Blog

With all the gift giving going on right now, you might need to take a few steps to make sure your privacy and cyber assets are secure. Make sure that you take a couple of extra minutes while setting up any new smart toys or connected devices to turn on the security features. This will vary depending on the item, but generally, you should set up new devices with passwords (preferably one you don’t use elsewhere); turn on two-factor authentication; and check to make sure you’re okay with the marketing/data collection preference boxes that may be clicked in the settings. It never hurts to look through the settings portion of a new toy to make sure there isn’t something set to a default allow that you would rather not have happen. For a little information about the risks with children’s toys, check out this article from Forbes.

Whether you know it or not, you probably don’t go more than a day or two without getting some phishing email. An article by ZDNet describes a new phishing scam going on that is targeting governmental departments and their related business services. While this seems to be specifically targeted at governments around the globe, it is a good reminder to be extra vigilant when clicking on links in emails that purport to deal with a government agency. Because everyone has to deal with the government, this makes people more susceptible to clicking the links. Be wary and be sure to help educate those around you about the importance of being vigilant as part of your own personal cybersecurity.

It’s currently raining in Las Vegas. A welcome sight in the desert, but one that always causes problems when it happens. Many drivers seem to have forgotten how to drive when it rains and the roads are made slick when the rain mixes with the dirt, oil, and other substances that have sat on the roadways since the last rain. Another unfortunate side effect is when the rain results in a power outage. We had one last night that got me thinking about how this relates to cybersecurity. A lot of incident response planning deals with breaches or attacks, but some incidents that don’t get as much attention are those that arise out of weather. When you are making your incident response plan, be sure and think about a situation where you do not have electricity or access to everything you might normally have. A power outage could shut you down completely. Do you have a plan to carry on if that happens or are you at the mercy of power company? Either way, it’s something you keep in mind as you think about cybersecurity.

If the cybersecurity industry had a catchphrase, it would have to something to the effect that, “It’s not a question of if you will be breached, it’s just a question of when.” Basically a truism, it is a reminder that you and your company need to get prepared. Why you ask? We already have antivirus, firewalls, and backups. Because there is so much more to it than antivirus, firewalls, and backups. There are hundreds of other aspects of cybersecurity you need to be concerned with–check out this article from Forbes that explains why your custodial staff is an important part of your breach strategy.

This article at HelpNetSecurity talks about the approaches to cybersecurity differ according to age. While there will always be generational differences, this is a good reminder that there are going to be different ways of getting to the same goal. Some will inhibit productivity in exchange for higher security, others will do the opposite. It is important to keep that in mind as you implement security at your organization.

While it seems the privacy world is all abuzz over GDPR and CCPA, there are still others efforts under way around the country to change the way privacy is handled in the USA. Some of those efforts are making small changes piece by piece while others are looking to make a bigger change. One of the latter is the Mind Your Own Business Act that was introduced in the Senate yesterday. Check out this article at the Verge for more details. While this is by no means the only privacy bill pending in Congress, it is certainly the latest and has a catchy name. Will a bill that would give you more control over your data and threaten companies with fines and their executives with jail time make it into law? Stay tuned….

The CCPA is a fluid situation at the moment. As we get closer to it taking effect, we are seeing adjustments made by legislative amendments and regulations issued by the AG. Here’s an article I wrote with Jeff Dennis on AB 1146 which modifies the CCPA to make it clear that businesses can still keep information to honor warranties.

The IRS issued new guidance this week on the taxation of cryptocurrencies. You can view the IRS’ FAQ page here. The main takeaway is that the IRS has not changed its position on treating cryptocurrency as property for tax purposes. This means you need to keep track when you buy, receive, sell, or gift cryptocurrency so you can report short-term or long-term capital gains.

Working with my colleague Jeff Dennis, we recently wrote an article about what California businesses need to know about Nevada’s new privacy law. Whether you are a business owner or a consumer you will start seeing more laws across the globe that will affect you do business or even how you go about life. These new laws will let you protect your privacy and hopefully cut down on targeted advertising in the form of spam and unwanted phone calls, but it will definitely change the way things have been done. Keep your eyes and ears pealed for updates that affect you.

As reported in this BBC article, three hospitals in Alabama were forced to close their doors to all but the most-critical new patients due to a ransomware event. After a cyber attack in Australia, a hospital had to find a scrap of paper before they could perform a medical procedure on a boy with cerebral palsy. The boy’s mom couldn’t even phone the hospital to confirm the appointment. Think about that for a moment–a facility that could be responsible for whether you live or die is shut down or essentially rendered ineffective by a breach. And this only scratches the surface of the stories. We don’t know how the breaches happened, what controls the hospitals had in place, and/or whether there were reliable backups in place. I think ransomware attacks on hospitals are one of the nightmare cases for cybersecurity. Unfortunately, it looks like this is a growing problem that should serve as a reminder about how important cybersecurity is to society.