California is a pioneer in the frontier of data privacy.  In 2003, California was the first state to pass a law requiring commercial websites to post a privacy policy.  Last year, California did it again by passing the first comprehensive data privacy law in the U.S.  Like the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act of 2018 (CCPA) imposes restrictions on the collection, use, and sale of personal information of consumers that previously did not exist under law of any state.  The law is set to take effect on January 1, 2020. Should ..read more

This is the fifth and final post in a blog series in honor of National Cybersecurity Awareness Month.  Cybersecurity might seem like technical stuff, but don’t overlook the role of physical vulnerabilities in security incidents.  The 2018 Verizon Data Breach Investigations Report found that 11% of breaches involved physical actions.  The 2016 Verizon Data Breach Investigations Report identified physical theft or loss as the third most common type of security incident.  Even more disturbing is a 2016 study that found that most people have no qualms about connecting unknown devices – whi ..read more

This is the fourth in a series of posts in honor of National Cybersecurity Awareness Month.  Each day this week, we’re sharing a practical cybersecurity tip for small businesses. Cybersecurity attacks might conjure up images of hackers in hoodies clacking away in the shadows, but did you know that your own employees pose as great of a security threat if not more?  According to CA Technologies’ 2018 Insider Threat Report, 66% of the organizations surveyed consider malicious insider attacks or accidental breaches more likely than external attacks.  A 2018 Ponemon Institute report found that o ..read more

This is the third in a series of posts in honor of National Cybersecurity Awareness Month.  Each day this week, we’re sharing a practical cybersecurity tip for small businesses. Modern data privacy laws recognize that individuals have certain rights in data that organizations collect from them.  Compliance with such laws often requires the ability to respond quickly to requests to exercise privacy rights like the right to access and correct personal information, the right to have personal information deleted, and the right to limit usage of personal information.  Yesterday, we saw how data ..read more

In honor of National Cybersecurity Awareness Month, we’re sharing our top practical tips for small businesses to keep their data secure.  Tip #1 is encryption.  The National Institute of Standards and Technology (NIST) defines encryption as “the process of transforming plaintext into ciphertext using a cryptographic algorithm and key.”  In plain terms, encryption is the process of securing data by using a digital lock and key.  The premise behind encryption is pretty simple.  If you want to keep private papers from prying eyes, how would you do it?  You could put the papers in a safe.  Onl ..read more

Beefing up cybersecurity controls could seem intimidating and costly, but it doesn’t have to be.  Although the appropriate cybersecurity controls vary depending on a number of factors including the amount and type of data being handled and how the data is stored, there are best practices every organization should implement.  In honor of National Cybersecurity Awareness Month (NCSAM), we’re going to share our top practical tips for securing your data.  Whether you’re a mom-and-pop store or a retail chain, these “common sense” practices are fundamental to cybersecurity program of all sizes.  The ..read more

High-profile data breaches have become common in the headlines, but it’s not just big businesses that are the targets of hackers.  According to the 2018 Hiscox Small Business Cyber Risk Report, 47% of small businesses had at least one cyber attack in the past year.  Yet, barely 52% of small businesses have a clearly defined strategy for cybersecurity.   Even more alarming is the fact that 65% of small businesses failed to act after experiencing a cybersecurity incident. Cyberattacks are costly.  The Ponemon Institute reported that average costs in 2017 related to a malware attack on small a ..read more

A ..read more