Blog

Privacy Compliance & Data Security Blog

Privacy compliance and electronic data security affect almost every business. Data breach prevention is essential. Fox Rothschild's Privacy Compliance & Data Security Blog will help readers navigate through the policies and best practices of data breach response. The Blog covers topics including compliance with data protection laws and regulatory enforcement and litigation as well.

Recent Blog Posts

  • Report: Employees Cited as Prime Cause of Data Breaches at Small, Mid-sized Companies For small and medium-sized businesses, the most dangerous cyberthreat may come from within. IT industry publication TechRepublic reports that a newly released study by Keeper Security and the Ponemon Institute suggests careless employees are at fault for the majority of data breaches at small and mid-sized businesses. The study surveyed 1,000 information technology professionals in the United Kingdom and North America. Some 54 percent listed employee negligence as the root cause of cybersecurity incidents, followed by insufficient password policies. A stunning 50 percent said... More
  • Massive Equifax Data Breach Raises Notification Questions It wasn’t a good week for credit reporting agency Equifax, which admitted to a major data breach affecting more than 143 million people. Consumers’ data was exposed over three months via a vulnerability in a web application, the company said in a press release announcing the breach. The breach was covered by every major news outlet, but Data Breach Today‘s Jeremy Kirk raises some interesting questions about Equifax’s notification strategy in this piece. For the latest in breach response protocol in all 50 states, download Data... More
  • Upcoming Webinar: Can’t Touch That: Best Practices for Health Care Workforce Training on Data Security and Information Privacy Elizabeth Litten (Fox Rothschild Partner and HIPAA Privacy & Security Officer) and Mark McCreary (Fox Rothschild Partner and Chief Privacy Officer) will be presenting at the New Jersey Chapter of the Healthcare Financial Management Association on August 30, 2017, from 12:00-1:00 pm eastern time.  The presentation is titled: “Can’t Touch That: Best Practices for Health Care Workforce Training on Data Security and Information Privacy.” This webinar is a comprehensive review of information privacy and data security training, with an emphasis on... More
  • Hackers Surveyed on Their Favorite Ways to Access Your Data Cybercrooks’ preferred path to critical data is through privileged accounts, those held by users who have broad access and powers within the target’s network. That’s according to a recent survey conducted by the cybersecurity firm Thycotic at the recent Black Hat conference in Las Vegas, reported Infosecurity Magazine.  About a third of respondents named privileged accounts the fastest and easiest path to critical data, while user email accounts were a close second at 27 percent. Some 85 percent said human error, not inadequate... More
  • NIST Issues New Password Security Recommendations: Keep It Simple, Long and Memorable Shata Stucky writes: The United States National Institute for Standards and Technology (NIST) has issued new guidelines for creating secure passwords.  NIST guidelines, which are directed to “federal government systems,” often become best practice recommendations across the security industry. The new guidelines are a significant break from previous rules.  Security experts previously recommended frequent password changes and using a mixture of upper case letters, symbols, and numbers.  The NIST guidelines acknowledge that users often work around these types of restrictions in a... More
  • Law360 Article: Why Today’s Law Firm Needs a Chief Privacy Officer Fox Rothschild partner and firm Chief Privacy Officer Mark G. McCreary sees a trend: Law firms are increasingly recognizing that naming a lawyer to lead data security and privacy efforts is “an essential ingredient in good risk management.” In an article for Law360 entitled “Notes From A Law Firm Chief Privacy Officer: CPO vs. CISO,” McCreary writes: “To understand the role of the CPO — and why that person ought to be a lawyer — it’s important to distinguish the role they fill from... More
  • Manufacturing Concern: Industry Becoming a Top Target for Cybercriminals A German cybersecurity firm reports that manufacturers have become a top target of cybercriminals. The NTT Security Global Threat Intelligence Center (GTIC) Quarterly Threat Intelligence Report for the second quarter of 2017 notes that manufacturers were targeted in 34 percent of incidents, the highest of any industry segment. About a third of those incidents involved “reconnaissance” which suggests the industry is still in hackers’ sights. “If trends from the past few years continue, this probably indicates that attacks and malware are likely to increase in manufacturing... More
  • Senate Bill Tackles Threat From Poorly Secured IoT Devices A bipartisan group of Senators wants to make it more difficult for hackers to enlist smart thermostats, wireless security cameras and other connected devices in future cyberattacks. ZDNet reports that Sens. Mark Warner (D-VA) and Cory Gardner (R-CO) have introduced legislation that would require suppliers of devices to the federal government to ensure connected items such as wearables and smart sensors can be patched with security fixes. The bill would also prohibit the use of hard-coded usernames and passwords, which are considered one of... More
  • SEC Filings: Reports of Cybersecurity as a Corporate Risk Factor on the Rise One way to measure the increasing importance of cybersecurity to American businesses is to track how often the issue arises as a risk factor in corporate filings with the Securities and Exchange Commission. A recent analysis by Bloomberg BNA charted a dramatic rise over the past six years, with only a tiny fraction of businesses citing cybersecurity risks in 2011 SEC filings compared to a substantial percentage in the first six months of 2017. The report notes that a likely reason for... More
  • It’s Not About the Money: Prepare for “Destruction of Service” Attacks Computer networking giant Cisco says the recent WannaCry and Petya/NotPetya incidents signal the advent of a new generation of cyberattacks that is aimed more at mass disruption than financial gain. The new breed of “Destruction of Service” attacks will only grow more sophisticated and potent, the company says in its Cisco 2017 Midyear Cybersecurity Report. The report warns that cybercriminals “now have the ability—and often now, it seems, the inclination—to lock systems and destroy data as part of their attack process.” The report, released July... More