“Cybersecurity” has emerged as one of top risks facing organizations. Considering the steady stream of massive data breaches affecting millions (sometimes billions), the debilitating effects of ransomware on an organization’s information systems, the intrigue of international threat actors, and the mobilization and collaboration of national law enforcement to thwart these attacks, it’s no wonder. Notions

As organizations continue to take steps to prevent cyberattacks, a near-universal recommendation is that they should implement multi-factor authentication (MFA), and for good reason. Organizations subject to the updated FTC Safeguards Rule, for example, are required to implement MFA. The Cybersecurity & Infrastructure Security Agency (CISA) includes MFA as a best practice. And

The explosion of generative AI has spawned a wide range of personal and professional tools and applications. One noteworthy (no pun intended) example of those tools and applications is notetakers that can capture, transcribe, and organize the content discussed at meetings (virtual or otherwise), enabling participants to more meaningfully participate in the meeting/discussion. They can

Phishing has long been a favorite tactic for threat actors (hackers) to commence a cyberattack. The rapid expansion of more adaptable and available artificial intelligence (AI) technologies, such as natural language processing and large language models, now fuels more ferocious phishing campaigns. The effects are being felt in many industries, perhaps most notably the healthcare

As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our Top 10 most popular topics from 2023.

  1. States Passing Comprehensive Privacy Laws

There was a landslide of comprehensive state privacy laws passed in 2023, from coast to coast. The laws are

According to a New York Times story this weekend, the Security Exchange Commission’s lawsuit against SolarWinds is driving discussions in boardrooms and corporate security departments of large organizations about the handling and reporting of cybersecurity breaches. It turns out that such boards and departments may not be the only ones following the SEC’s increased focus

Small businesses may be discouraged from investing in preventive cybersecurity measures due to the expense involved and the mistaken belief that only larger companies are the target of cybercrimes. But that is not the case. The FBI’s Internet Crime Report indicated the cost of cybercrimes against small businesses reached $2.4 billion in 2021, indicating that

Many HIPAA covered entities and business associates struggle with developing and implementing a sanctions policy. What should it say, is zero-tolerance required, do we have to impose discipline in every case, etc. These are examples of frequent and thorny questions that arise in connection with the development and implementation of these policies. But they are

Cyber incidents are on the rise with no signs of slowing down, particularly in the healthcare industry. To combat this trend, on September 27, 2023, the U.S. Food and Drug Administration (FDA) released guidance on cybersecurity in medical devices for quality system considerations and on premarket submissions. The guidance is intended to replace the FDA’s 2014

There are numerous cybersecurity regulations and requirements for businesses to worry about but they may not be considering their cybersecurity regulations under privacy statutes. California was at the forefront of privacy regulations with the passage of the California Consumer Privacy Act (CCPA). Lawsuits under the CCPA began almost immediately after it was enacted in 2020.