Tag: Practical | SpinSafe

Trends in Privacy and Data Security | Practical Law The Journal

April 3, 2023/in Computer Security

As the National Security Agency (NSA) noted in its 2022 cybersecurity yearly review, “[c]yberspace is dangerous” (NSA: NSA Cybersecurity Year in Review: 2022). Reports of sophisticated cyberattacks and ransomware threats were prevalent in 2022. The government, manufacturers, and others further developed standards for securing digital infrastructure like 5G, cloud services, cryptography, internet protocols, and internet of things (IoT) devices. Organizations deployed zero trust cybersecurity strategies more frequently to close operational technology gaps. On the data privacy side, businesses now face an increasing array of state laws in the absence of comprehensive federal data protection regulation.

Organizations must keep up with the dynamic and increasing legal obligations governing privacy and data security, understand how they apply, monitor cyber risks and attack trends, and manage their compliance to minimize exposure. This article reviews important privacy and data security developments in 2022 and highlights key issues as the year ahead takes shape. It addresses:

Federal and state guidance, regulations, and enforcement actions.
Private litigation.
Federal and state legislation.
International developments likely to affect US companies, including cross-border data transfer issues.
Trends likely to gain more attention in 2023.

(For the complete version of this article, which includes more on new federal and state regulations and legislation as well as private litigation and industry self-regulation and guidance, see Trends in Privacy and Data Security: 2022 on Practical Law.)

Several federal agencies issued guidance and took notable privacy and data security enforcement actions in 2022, including:

The Federal Trade Commission (FTC).
The Department of Health and Human Services (HHS).
The Department of Commerce and its National Institute of Standards and Technology (NIST).
The Department of Homeland Security (DHS) and its Cybersecurity and Infrastructure Security Agency (CISA).
The Federal Communications Commission (FCC).

(For information on guidance and enforcement activity by the Securities and Exchange Commission (SEC), various other federal agencies, and the White House, see Trends…

Source…

11 practical internet safety tips for keeping kids and teens safe online

October 19, 2022/in Mobile Security

If you have children, chances are good you’ve seen them looking at their phones or laptops but you don’t know exactly what they’re doing. You have even less idea when they’re away form home. Should you check in, or would that invade the privacy?

According to Pew Research, 65% of kids age 9 to 11 and 95% of teens use a smartphone, which typically have access to email, messaging, and social media apps that can enable kids to interact with people anywhere—including total strangers. For kids, interactive technology is a window to the world, but it’s natural for parents and guardians to worry.

That’s why Amazon has partnered with ConnectSafely, a nonprofit working to educate parents and other users of connected technology about safety, privacy, and security. ConnectSafely has put together the following guide—with 11 easy-to-follow tips—to help approach these tricky topics with your kids, have productive conversations, and find tools to help along the way.

Source…

Practical Steps for Responding to the CISA Warning on Russian Cyber Attacks

March 24, 2022/in Computer Security

On February 25, 2022, two days after Russia began its military invasion of Ukraine, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued a rare ‘Shields Up’ warning for U.S.-based organizations, stating: “Every organization—large and small—must be prepared to respond to disruptive cyber activity.”

The Shields Up warning is in direct response to increased Russian cyber aggression against Ukrainian and other targets in the region, including recent distributed denial-of-service (DDoS) and malware attacks. In addition to the possibility of disruptive nation-state activities affecting U.S. targets, CISA also warned of an increase in cyber attack activity against U.S. organizations from Russia or hackers acting on Russia’s behalf.

The need for this warning was amplified by recent events, including the hacking of over twenty U.S.-based natural gas companies by Russian Intelligence two weeks before the Russian Army invaded Ukraine. With the CISA warning, this recent evidence, and what we know from past attacks against Ukraine it would be irresponsible for organizations to ignore CISA’s warning.

Download ExtraHop’s guide to responding to CISA’s Shields Up warning.

To help organizations prepare for a possible attack, it’s important to first, understand the types of attacks organizations should be watching for.

Russian Cyber Attacks and To Watch For:

Given the speed at which the war against Ukraine is progressing, in the immediate future, attacks are likely to be fast, hard-hitting, and focused on disruption and destruction. Here are some of the attacks to monitor closely.

Distributed Denial of Service (DDoS)

DDoS attacks aren’t new or particularly sophisticated, but they’re still effective at stopping work at government agencies and commercial enterprises in its tracks. Russia has used these attacks before. For example, in 2008, during the country’s conflict with Georgia, Russia or another party closely affiliated with the Russian government launched DDoS attacks against the Georgian government and Georgian news agencies.

It’s not surprising, then, that on February 15, 2022, DDoS attacks were launched against two of the largest Ukrainian banks…

Source…

Expect The Best, But Prepare For The Worst: 5 Practical Steps To Take Before A Ransomware Attack – Technology

April 24, 2021/in Internet Security

United States:

Expect The Best, But Prepare For The Worst: 5 Practical Steps To Take Before A Ransomware Attack

24 April 2021

Lewis Brisbois Bisgaard & Smith LLP

To print this article, all you need is to be registered or login on Mondaq.com.

Last month, we wrote about steps to take after experiencing a
ransomware event. This month, as ransomware events continue to
grow in number and severity, we now share the following five
practical tips to implement before a ransomware event.
These tips should help you bolster your defenses and reduce the
havoc a ransomware attack can have on your business.

1. Obtain Cyber Insurance

Obtain cyber insurance to protect yourself from potentially
devastating losses associated with a ransomware attack. In addition
to the financial peace of mind cyber insurance provides, your cyber
insurance carrier will be your first point of contact should your
business ever experience a ransomware attack. Your cyber insurance
carrier can connect you to the appropriate resources and experts to
assist you in responding to an attack. But please make sure that
you obtain adequate cyber insurance coverage, or else the
exceptionally high costs associated with a ransomware attack may
quickly make inadequate cyber insurance coverage feel like no cyber
insurance coverage at all.

2. Use Off-Site Backups

Off-site backups are an effective way to recover from a
ransomware attack and restore operations if a ransomware attack
encrypts your on-site data. Ensure that your off-site…

Source…

Tag Archive for: Practical

Russian Cyber Attacks and To Watch For:

Distributed Denial of Service (DDoS)

United States: Expect The Best, But Prepare For The Worst: 5 Practical Steps To Take Before A Ransomware Attack

1. Obtain Cyber Insurance

2. Use Off-Site Backups

United States:

Expect The Best, But Prepare For The Worst: 5 Practical Steps To Take Before A Ransomware Attack