Nearly all mobile applications connect to the cloud, storing private business information, user names, passwords and other sensitive content. Employees tie into the Web with mobile device apps such as Google Maps, LinkedIn and Wink, which allows users to see from afar who is ringing the home doorbell or lets … Read More
A phishing attack is the leading type of data breach. Phishing is an e-mail fraud method in which the perpetrator sends out a legitimate-looking email in an attempt to gather personal and financial information from a recipient.
The logic behind this type of attack is a simple reliance on human error. Statistically, if enough e-mails are sent, a sufficiently large number of recipients, who are rushed or distracted, will fail to scrutinize the IP address. They will click on the … Read More
Northern Kentucky University’s Annual CyberSecurity Symposium
Oct. 9, 2015
NKY Mets Center
Matthew D. Lawless, presenter: “Considering Privacy and Data Security Harms.”
Technology First, 9th Annual Taste of IT Conference
Nov. 18, 2015
Sinclair Ponitz Center, Dayton, Oh
Diane D. Reynolds, panelist and Matthew D. Lawless, panel moderator.
“Cybersecurity Compliance: If it ain’t working for Anthem, Lifelock and Neiman Marcus, What am I Supposed to do for My Company?”
Far-reaching legislation that would establish new privacy and security protections for U.S. consumers has been introduced in Congress by a group of Democratic senators, including Patrick Leahy of Vermont and Elizabeth Warren of Massachusetts.
The Consumer Privacy Protection Act goes further than other federal data protection proposals by establishing stricter standards for notifying customers when their personal information is lost or stolen. It would cover private information beyond financial data that is typically already covered by state laws, such as … Read More
The Internet of Things goes by a deceptively simple title but includes a vast – and mushrooming – network of physical objects or “things” that connect to the Internet through embedded sensors, electronics and software, allowing them to exchange data with the operator of the object, its manufacturer or other connected devices.
Some are calling it the next stage in the information revolution, a way to make everything in our lives “smart,” from cars, roads and traffic control systems to … Read More
Despite a company’s best efforts, data security breaches happen. Now the federal government is making it a little easier for businesses to manage the aftermath of identity theft and mitigate damages. If your customers and/or employees are at risk or have fallen victim to identity theft, you can now send them to www.IdentifyTheft.gov.
The website is designed to help victims of identity theft manage the process of recovery. For example, the website addresses what first steps to take, as … Read More
One way to protect your business from financial loss, reputational damage, and the expense of regulatory scrutiny in the event of a data breach is to require your vendors, with access to your customer and employee personally identifiable information, to carry cyber insurance.
Many businesses routinely require their vendors to promise to indemnify them from any loss or expense arising out of the vendor’s goods or services. They also routinely require their vendors to maintain certain types and amounts of … Read More
Threat Intelligence is, very simply, network defense techniques that leverage knowledge (i.e. intelligence and counter intelligence) about adversaries so that organizations can build a superior information base which decreases the chances of an attacker compromising their networks. Gartner more specifically defines it as “Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to the menace or hazard.”
Vulnerability … Read More
The marquee breaches that have occurred recently (i.e. Anthem, Home Depot, Morgan Stanley, Target, Linked In, and Sony) have helped U.S. Fortune 1000 companies understand that data security must be taken seriously. Not only must companies invest in their data security, but they must proactively manage and protect it. Previously, large corporations generally considered hacking attacks and general security breaches as “Force Majeure” events in that they were both unpredictable and unpreventable. Therefore, many of the Fortune 1000 purchased cyber … Read More
*This is the fourth post in a five-part series on cyber insurance, culminating in a webinar entitled “Insurance Coverage for Privacy and Data Breaches, Hot Topics and Critical Issues” on Wednesday, April 22, 2015, at 12:00-1:00 p.m. Eastern.
Common questions we often hear from CEOs, CFOs, and Directors of businesses and public and private institutions are “How do we determine our cyber insurance coverage needs? In other words, how do we know that we have enough insurance to protect our … Read More
What career could possibly be more exciting than serving as a privacy lawyer for tech start-up companies? This is a question I asked myself a few years back, right after I finished clerking for a couple of terrific federal judges and right as I was considering starting the privacy practice I had envisioned as a law student sitting in Prof. Fred Cate’s classes at the Indiana University Maurer School of Law several years earlier. At that time, my answer was … Read More
“How To Advise Tech Start-Ups in Practice, Not Theory,” an article by Taft Cincinnati attorney Matthew D. Lawless, was published in IAPP’s The Privacy Advisor on March 24.
About the IAPP
The IAPP is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, support and improve the privacy profession globally.… Read More
As tax season is well underway, many individuals who had their personally identifiable information accessed as a result of a data breach are now filing their annual tax returns and discovering that fraudulent tax returns have been filed using their Social Security numbers. For example, the information that was accessed during the Anthem data breach — names, Social Security numbers and birthdates — is all the information needed to file a fraudulent tax return.
In order to prevent a fraudulent … Read More
You may have heard. Yesterday, Anthem Inc., the nation’s second-largest health insurance company, announced that hackers had accessed tens of millions of its records concerning approximately 80 million of its customers and employees. The information included names and SSNs, among other things, and is just the sort of material that a criminal needs to steal a person’s identity. If you are an Anthem customer, you should consider taking the following steps now.
- Monitor Your Credit. Get a copy of your