The New Virginia Consumer Data Protection Act - What Does It Mean for My Firm? WHAT HAPPENED? On March 2, 2021, Virginia governor Ralph Northam signed into law the Consumer Data Privacy Act (CDPA), which will take effect in 2023. The CDPA is similar to an existing data privacy [...]
How bad is the Microsoft Exchange attack, and should I be worried? WHAT HAPPENED? On Tuesday, March 2, 2021, Microsoft issued an uncommon “out-of-band,” or off schedule patch for Microsoft Exchange servers. By the following day, Microsoft announced findings that the China-based hacker group Hafnium was actively exploiting a [...]
Six New Data Privacy Bills That Could Become Law in 2021 WHAT HAPPENED? State mandated data privacy regulations are constantly evolving to meet the needs of the changing cybersecurity landscape. Staying up to date with these rules is critical to maintaining a compliant and functional cybersecurity program at your [...]
Lessons from the SolarWinds Breach to Enhance Your Cybersecurity and Vendor Management Programs WHAT HAPPENED? Remediation efforts have been underway for nearly two months following the burgeoning SolarWinds attack. Initial findings indicated that the breach affected an estimated 1,800 companies, including major cybersecurity vendors like Mimecast and Qualys. While [...]
SonicWall Issues and Retracts Alert of Hackers Exploiting Zero-Day Vulnerability Within SonicWall VPN SonicWall, a company providing firewalls and other cybersecurity solutions, issued an alert indicating that it had found a probable zero-day vulnerability with its SMA 100 series products on Jan. 22, 2021. A zero-day vulnerability is a software [...]
Hackers Use Mimecast Certificate to Access Microsoft Accounts On Jan. 12, 2021, the cloud-based email security and management provider Mimecast disclosed that one of its digital certificates, used by approximately 10 percent of its customers, was hacked and used to access some of its client’s Microsoft 365 accounts. A digital [...]
Scam Risks In 2021 and How to Avoid Them Cybercriminals are becoming increasingly sophisticated and continue to find new ways to compromise both individuals’ and firms’ data security. Phishing attacks often use current events or crises to entice users to click infected links, download malicious programs or documents, or provide [...]
Avoid the risk of using common passwords– make your accounts more secure today WHAT HAPPENS IF I USE COMMON PASSWORDS? Password spray attacks target user accounts by attempting to access hundreds of thousands of accounts with the same common password at once, instead of testing many password combinations on [...]
How to Identify and Avoid Vishing and Smishing Attacks WHAT HAPPENED? You likely have heard of phishing attacks, a type of social engineering scheme that tricks victims into clicking email links infected with malware, or into giving sensitive information to cybercriminals posing as a credible contact. Sophisticated attackers use [...]
5 Ways to Strengthen Your Firm’s Vendor Management Program WHAT HAPPENED? Vendor management is a critical piece of creating a comprehensive information security strategy for firms. Vendors processing or maintaining sensitive information on behalf of your firm and its clients are especially important to review and conduct due diligence [...]