A Post-Equifax World: The Times They Are A Changin’

We now live in a post-Equifax world.  When we look back at this time in history, I truly believe that is how we will measure cybersecurity regulations.  How we approached cybersecurity pre-Equifax and how we approach cybersecurity post-Equifax.  There is no point in denying that the cyber-world has fundamentally shifted.  People who were paying little-to-no attention to cybersecurity are now running to their “tech guy” to find out what type of security their company employs. So what can we expect from this post-Equifax world, you may be asking?  Simply (and yet there is nothing simple about it), more regulations. 

Protecting Your Data In a Post-Equifax Breach World

Almost half of the country — approximately 143 million Americans — are asking what she or he can do in the wake of the Equifax breach.  How can I protect my identity?  What does this mean?  What additional steps can I take to make sure that I am protected? 

What the World Needs Now….

What the world needs now is for every organization to commit to a culture of security. The Equifax cyberattack is being touted as the largest and most concerning in the history of the United States. The company is reporting that at least 143 million Americans are affected by this breach, which includes the names, addresses, social security numbers and possibly credit card numbers of those people. For those of you keeping count, that is almost half of the American population.  As an attorney who focuses solely on cybersecurity, this type of attack is hardly a surprise.  Anyone who “lives” in this world is keenly aware that cyberattacks are becoming more frequent with hackers getting better and better at their craft.  

Cyber-Back to School Basics

As we are all preparing for the “most wonderful time of the year”, i.e. back to school for the kids, it makes me reflect on how much things have changed from when we were kids in school.  For example, I am currently on the hunt for a ½ inch three-ring binder with interior pockets in chartreuse for my 7 year old. When we were kids we showed up with a back-pack, a lunch box and some pencils. Not so anymore where we are provided a detailed list as long as my arm of school supplies for my pre-schooler.  So many of you are probably asking what this has to do with cybersecurity.  Well, it actually has everything to do with cybersecurity. 

Professionalism is the Name of the Game

I was struck today by an article in the New Jersey Law Journal entitled “Lawyer’s ‘Inadvertent’ E-Discovery Failures Led to Wells Fargo Data Breach.” The article tells the tale of an attorney who inadvertently provided Wells Fargo customer information, including personally identifiable information (“PII”), to her adversary in discovery. Apparently, the parties did not have a confidentiality agreement and the documents were not redacted, which violates privacy protection laws (both state and Federal).  

Where is the Data Located?

The U.S. Federal Courts are currently struggling with what may seem like a simple question before the internet and cloud computing:  where is the data located? Back in the age of paper, this question was easy to answer.  Yes, there may have been copies.  But for the most part, the definitive answer was:  where the paper is physically located.  

Know Thy Vendors

One of the most important things to consider when dealing with the issue of cybersecurity does not even involve your own direct network security.  It involves your vendors.  Those companies and organizations that help you run your business in an efficient and cost effective manner.  Those little “helpers”, however, can also be a huge threat vector to your organization.  In the world of cybersecurity, you are only as strong as the weakest link in your data chain.

An Active Europe: Driving the Data Protection Conversation

Today, Europe is increasingly being seen as driving the conversation on privacy protections in the age of technology.  The CJEU is a particularly vocal participant in this conversation:  from 2000 to 2015, the CJEU has decided thirty-one (31) decisions related to data protection, often defining the individual’s right to privacy contra government and commercial entities.  

When Will We Learn????

So I am taking a short break from the “Luck Favors the Prepared” series on cybersecurity to talk about the recently publicized cyber attack against DLA Piper and the “Petya” ransomware global cyber attack against banks, power companies and Maersk.  

Nation-State Cyber Attacks Are a Good Reminder of Cybersecurity For All

Ok, so the first question is what is a nation-state cyber attack?  It is exactly what it sounds like:  a foreign government (or government-directed) organization targets another country’s government or commercial institutions or infrastructure.