This is a guest article contributed by Chelsea Lamb of businesspop.net on a subject that is extremely timely in 2021. Photo Credit: Pexels.com If you’re an aspiring entrepreneur or have recently started a small business, it’s important to educate yourself about cybersecurity best practices. Cyber attacks on businesses are increasing, according to Insurance Journal; while there is almost daily news of high profile attacks, that is really just the tip of the iceberg. While you might assume that only major corporations are targeted, small businesses are often pinpointed by hackers because they tend to have less effective cyber defenses — and are Read More
Mitigating the Impact of the CCPA
5 Things to Know About the California Consumer Privacy Act By KATHERINE CATLOS and JACK HAKIM October 25, 2019 Reprinted with permission from Corporate Compliance Insights (March 11, 2019 Issue) The California Consumer Privacy Act (CCPA), which goes into effect January 1, 2020, is the most comprehensive privacy law passed in the United States. It’s not just that there are new consumer rights associated with personal information (PI) and more severe penalties, but the definition of PI is very broad. The CCPA defines PI as any “information that identifies, relates to, describes, is capable of being associated with or could reasonably Read More
California Consumer Privacy Act (CCPA) Mitigation Services
An ounce of prevention can meaningfully reduce risk for companies under CCPA. The cost of non-compliance of CCPA can be very large. CCPA introduces significant legal and technical challenges; it requires new policies, procedures, disclosures, 3rd party agreements, data mapping, security, new operational capabilities to satisfy customers requests based on their new rights and other preparation for compliance. In California Consumer Privacy Act (CCPA), Why You Need To Start Now! We described the new rights, fines, statutory damages, other requirements. We mentioned that CCPA authorizes a limited private right of action (and class action through proxies) for consumers whose personal information Read More
California Consumer Privacy Act (CCPA) Compliance Services
CCPA imposes plenty of legal and technical challenges – requiring the adoption of new policies, procedures, disclosures, third party agreements, data mapping, security practices, and operational capabilities that satisfy consumer requests based on their new rights. Businesses can meaningfully reduce their risks under CCPA by taking a principled approach to compliance that is tailored to their organizations’ needs. Depending on what stage of compliance a business is in, our team can do it all or augment what’s already in place (existing teams, tools and practices, etc.) to assist businesses become and remain compliant. Given the changes that CCPA requires, and the Read More
California Consumer Privacy Act (CCPA), Why You Need to Start Now!
CCPA creates new consumer rights and businesses will need to create new processes and procedures to support these rights at scale. Will your organization be ready on January 1, 2020, to answer 100 consumer requests in 45 days? Will you be able to complete 10s of thousands of requests, covering everything collected in the previous 12 months (in this example 1/1/2019): To show all the Personal Information (PI) of theirs you have The categories of that shared PI The usage by categories for the previous 12 months The uses of that data by category And to delete the PI? And to Read More
CCPA – Uncapped fines and New Data Privacy Rights, Preparing is Essential
The California Consumer Privacy Act (CCPA) that goes into effect January 1 2020 is a big deal for companies that retain data on California individuals. CCPA creates new consumer rights and business compliance responsibilities. The privacy rights are intended to provide individuals with transparency, access, choice and ensure they are not be discriminated against for exercising their rights. However, the headline is CCPA is a big deal, because unlike the General Data Privacy Regulations (GDPR) for the EU, whose penalties are capped at the larger of 4% of revenues and EUR 20 million, CCPA is uncapped. Without proper preparation, Read More
Already the Next Big Thing?
Until we started a collaboration with Mike Vaughan to develop one for an eco-tourism operator just north of the SF Bay Area, I was not familiar with the term “Progressive Web Application”. It turns out that it describes mobile applications that are delivered via Web browsers and that are built using common web technologies including HTML, CSS and JavaScript. While not distributed from one of the popular App Stores, PWAs can do much of what native mobile applications can do, and perform almost as well as native mobile applications, due to the ongoing evolution in the architecture of the web. Read More
State of the Art in Identifying Sensitive Data
Protecting personal information in your databases is a bigger deal than ever, what with the European General Data Protection Regulation (GDPR) going into effect in May and California passing a new Consumer Privacy Protection Act. Knowing what personal information you have in your systems and where it resides is a precondition to managing it effectively. My friend and colleague Luke Probasco, product manager at Townsend Security has posted a nice listing of security standards with lists of the sensitive data elements that each of them identifies; see What Data Needs to Be Encrypted in MongoDB? If you are interested in Read More
Privilege Escalation and Data Protection
A cyberattack is actually like a disease. The infection starts with an attacker taking advantage of some weakness in the system to penetrate and gain a foothold in an organ; in the case of an attack, the organ is often some computer that’s not being diligently managed. The infection takes control of the machinery of the organ, using it to build up its strength and using it as a base to launch incursions into other parts of the network. The incursions probe for valuable information and other weaknesses they can leverage. One of the main things they look for is Read More
Are Secure Applications Possible?
For the past few years, a number of us in the security space have been talking about (1) the criticality of building secure applications; and (2) the importance of auditing open source components for security flaws. If you have not been following along, applications deployed over the Internet are a leading target, if not the leading target for sophisticated attackers. This Secodis blog entry cites the Verizon 2017 Data Breach Report indicating that 29.5% of breaches where caused by web application attacks, and the Sonatype 2017 State of Software Supply Chain Report, indicating that 80 – 90% of an applications Read More
