It isn’t the Size of the Breach: OCR Issues Largest Fine to Date against FMCNA

People like to talk about the big cyber breaches: Instagram, Ashley Madison, Target, and Equifax, just to name a few.  But it is not always the number of people affected by a breach that should cause concerns for businesses; it is the failure of a business to take appropriate steps to protect personal data. Let us deconstruct our point by using a recent example related to healthcare data under the Health Insurance Portability and Accountability Act (“HIPAA”) and its first settlement of 2018.

Breach Response- Decoding the Target in an M&A Transaction

If nothing else, one key element for any organization when addressing the issue of cybersecurity is breach/disaster response.  We have discussed in previous blog posts that being able to deliberately and elegantly respond to a breach is the main difference between extinction and survive.  A Darwinian proposition: only the strong (and prepared) survive.  Never is this fact more evident than when dealing with an M&A transaction.

Cybersecurity is Always a Good Investment IN M&A Transactions

Whether you are the target or the acquirer, cybersecurity is the number 1 issue in an M&A transaction. The reason? Money. If you are the target, failure to appropriately address cybersecurity can significantly devalue your company.  If you are an acquirer, failure to conduct appropriate cyber due diligence before the deal is signed can result in purchasing a liability instead of an asset.  No matter which side of the table you sit, cybersecurity should be top-of-mind.

Responding Elegantly and Deliberately

While at the recent Cybersecurity Awareness Summit at the Harrisburg University of Science and Technology, one of the speakers put a slide up that said basically; Firewalls, passwords, anti-virus software, and multifactor authentication → yesterday’s news. The point being that these are really the baseline.  The starting point.  The bare minimum of security.  

Breaching the Castle: Walls and a Moat are No Longer Enough

I cannot tell you how many times I hear people comment that their cybersecurity is “just fine” because they have firewalls and antivirus software. Cybersecurity effects all of us and simply having good firewalls and antivirus software is not enough. 

A Post-Equifax World: The Times They Are A Changin’

We now live in a post-Equifax world.  When we look back at this time in history, I truly believe that is how we will measure cybersecurity regulations.  How we approached cybersecurity pre-Equifax and how we approach cybersecurity post-Equifax.  There is no point in denying that the cyber-world has fundamentally shifted.  People who were paying little-to-no attention to cybersecurity are now running to their “tech guy” to find out what type of security their company employs. So what can we expect from this post-Equifax world, you may be asking?  Simply (and yet there is nothing simple about it), more regulations. 

Protecting Your Data In a Post-Equifax Breach World

Almost half of the country — approximately 143 million Americans — are asking what she or he can do in the wake of the Equifax breach.  How can I protect my identity?  What does this mean?  What additional steps can I take to make sure that I am protected? 

What the World Needs Now….

What the world needs now is for every organization to commit to a culture of security. The Equifax cyberattack is being touted as the largest and most concerning in the history of the United States. The company is reporting that at least 143 million Americans are affected by this breach, which includes the names, addresses, social security numbers and possibly credit card numbers of those people. For those of you keeping count, that is almost half of the American population.  As an attorney who focuses solely on cybersecurity, this type of attack is hardly a surprise.  Anyone who “lives” in this world is keenly aware that cyberattacks are becoming more frequent with hackers getting better and better at their craft.  

Cyber-Back to School Basics

As we are all preparing for the “most wonderful time of the year”, i.e. back to school for the kids, it makes me reflect on how much things have changed from when we were kids in school.  For example, I am currently on the hunt for a ½ inch three-ring binder with interior pockets in chartreuse for my 7 year old. When we were kids we showed up with a back-pack, a lunch box and some pencils. Not so anymore where we are provided a detailed list as long as my arm of school supplies for my pre-schooler.  So many of you are probably asking what this has to do with cybersecurity.  Well, it actually has everything to do with cybersecurity. 

Know Thy Vendors

One of the most important things to consider when dealing with the issue of cybersecurity does not even involve your own direct network security.  It involves your vendors.  Those companies and organizations that help you run your business in an efficient and cost effective manner.  Those little “helpers”, however, can also be a huge threat vector to your organization.  In the world of cybersecurity, you are only as strong as the weakest link in your data chain.