Posts Tagged ‘cybersecurity’
Let’s All Freak Over Cloud Apps, Security
Another analyst report on corporate IT use, another reason for compliance officers to reach for the antacids. This time around, a fresh report finds that use of cloud-based IT services is soaring in Corporate America — but use of smart security protocols lags far behind. Bitglass, a broker of cloud-based services, studied how more than…
Read MoreFive Steps After a Cybersecurity Meltdown
Oh, joy — your organization has been hacked. After all those penetration tests and all that employee training, some yahoos on the Internet still snuck onto the corporate network and absconded with your sensitive data. Now what? That’s always the question at one of my favorite conferences of the year: an annual gathering of internal…
Read MoreLessons for All From Healthcare Compliance Study
Last week SAI Global released a report on compliance trends in the healthcare sector, with conclusions telling enough that even compliance professionals in other industries should give the report some attention. The lessons and frustrations they feel in that sector might feel familiar. The report polled 388 compliance officers across a range of hospital systems,…
Read MoreReport: Healthcare Breaches Less Awful
Good news, kinda sorta, for healthcare compliance professionals worried about data breaches: the total number of reported breaches fell last year, as did the number of patient records exposed; and the portion of breaches caused by accidental disclosure or lost devices fell, too. Taken altogether, one might even say that all those data privacy efforts…
Read MoreCongress Struggles on Breach Disclosure Law
Congress held a hearing on data breach disclosure rules today, where speakers and lawmakers alike struggled with questions over a national breach disclosure law, who should bear liability for breaches, and what information customers are entitled to know, and when. The hearing, held by the Subcommittee on Financial Institutions and Consumer Credit, reached no particular…
Read MoreMicrochip Meltdowns and Vendor Risk
Last week I cited the rising importance of vendor risk management as one of the big compliance events to watch in 2018. One week into the year, we have a great example of just how slippery this challenge can be. The example comes from Meltdown and Spectre, security flaws announced last week that exist in…
Read MoreFeds Eye Cybersecurity Risks of Tech Providers
Financial regulators just named cybersecurity as one of their top concerns going into 2018, with a heap of worry specifically about third-party contractors supporting the financial system. So for compliance officers looking for yet another reason to move third-party risk management up the priority scale, now you have one. The alarm was raised last week…
Read MoreVendors, Cybersecurity Risk: Ugh
Good news if your organization experienced a cybersecurity breach recently thanks to some vendor floating around in your extended enterprise: you have plenty of company. So says the latest report from the Ponemon Institute, which surveyed more than 625 executives about data risks posed by their vendors or other third parties. Fifty-six percent said their…
Read MoreClayton, Congress Talk Cybersecurity
SEC chairman Jay Clayton appeared before the Senate Banking Committee on Tuesday, a wonderfully poetic bit of timing to talk about cybersecurity. He and his Senate overlords jousted over the Equifax breach earlier this month, the SEC’s own breach disclosed just last week, and the duties companies may or may not have to investors and…
Read MoreIntelligence Leaks & Internal Control
On Monday the Justice Department charged a 25-year-old woman with leaking classified intelligence to the media. Say what you will about the woman’s patriotism, brains, or motivation. Compliance and audit executives have plenty of lessons to learn in this case-study of security controls in the modern era. The woman is Reality Leigh Winner. As you…
Read More