Search results for: multi-factor authentication
More Tips on Good Data Protection
Another week, another enforcement action from the Federal Trade Commission giving us a glimpse into what modern data protection programs should look like. This time the company in question is a telecommunications company that flubbed basic data protection protocols and then suffered a breach; and as usual, the FTC gives compliance, privacy, and IT security…
Read MoreNuttiest Cybersecurity Risk Ever
Well here’s a nutty new risk for cybersecurity compliance professionals at publicly traded companies: ransomware attackers reporting their own attacks against you to the Securities and Exchange Commission when you don’t meet their demands. Yes, this actually happened last week. A ransomware group known as Alphv breached MeridianLink, a California company that provides digital lending…
Read MoreAn Update on SOX Compliance Issues
Earlier this week I attended a webinar hosted by KPMG about the current state of Sarbanes-Oxley compliance, since 2023 is coming toward a close and audit professionals need to start thinking about the SOX compliance season that will start up early next year. We have lots to go through here. For starters, SOX compliance does…
Read MoreThoughts on Data Security
This week I’m attending the ISACA-Institute of Internal Auditors GRC Conference in Las Vegas. As one might imagine, data security is all over the agenda, so I’ve been taking notes for those audit and compliance executives back home looking for suggestions on how to make your GRC efforts better. For starters I attended a fascinating…
Read MoreNY DFS Strikes Again on Cyber Fails
New York state regulators are at it again, serving up yet another enforcement action over poor cybersecurity practices that can serve as a quick case-study for the rest of us trying to figure out a sustainable way forward on cyber compliance issues. The company in question this time is OneMain Financial Group, a publicly traded…
Read MoreMore Help on Key Cyber Controls
Some interesting news for internal audit and cybersecurity professionals: new research has identified five key controls deemed to have the greatest effect in reducing the chance of (and damage from) a cybersecurity attack. The research comes from insurance giant Marsh McLennan, which operates a Cyber Risk Analytics Center that helps Marsh understand how to price…
Read MoreFINRA Talks Cyber Risks
FINRA, the regulator for broker-dealer firms that every other compliance professional should follow anyway, has given us yet another piece of nifty guidance: its annual report on regulatory examinations, brimming with advice about risks related to cybersecurity, anti-money laundering, and other issues. Like most other financial regulators, FINRA examines the compliance programs of businesses under…
Read MoreNY-DFS Proposes Updated Cyber Rule
Big news for audit and GRC professionals in the financial services world: the New York Department of Financial Services has proposed numerous updates to its Cybersecurity Rule, which would place more responsibilities on the CISO and impose more exacting standards for cybersecurity policies, procedures, and other control activities. The Department of Financial Services (DFS) unveiled…
Read MoreAnother FTC Cyber Enforcement Case
Another week, another enforcement action from the Federal Trade Commission to remind the rest of us what steps we should take to protect consumers’ personal data. This time the company going to the woodshed is Chegg, an education tech company that lumbered along for years with poor data protection practices. Chegg provides textbooks, study aides,…
Read MoreBold FTC Action Against Drizly
Fascinating enforcement action from the Federal Trade Commission this week, which brought charges of poor cybersecurity practices against an online liquor store and its CEO personally — who will need to abide by the terms of the consent order even if he leaves the company and takes another job elsewhere! The company is Drizly.com, which…
Read More