Financial Services, Government, Insurance and Passwords

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. Since Carnival was licensed by the Department to sell insurance in NY State, it was treated as a covered entity under the Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. government, especially in light of ongoing tensions between the U.S. First , all of the reports specifically focus on the threat of Russian state-sponsored cyberattacks.

Cybersecurity

Cybersecurity Financial Services Authentication Government

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

JANUARY 30, 2019

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection.

Risk

Risk Financial Services Insurance Cybersecurity

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

KnowBe4

MARCH 28, 2023

Strategies include: Developing a comprehensive, defense-in-depth plan Technical controls all organizations should consider Gotchas to watch out for with cybersecurity insurance Benefits of implementing new-school security awareness training Best practices for creating and implementing security policies Get the E-Book now!

Phishing

Phishing Security awareness Insurance Cybersecurity

NYDFS Requires COVID-19 Plans by April 9

Data Protection Report

APRIL 2, 2020

On March 10, 2020, the New York Department of Financial Services (NYDFS) issued guidance to all of its regulated institutions engaged in virtual currency business activity, requiring them to have plans for preparedness to manage the possible operational and financial risks posed by the COVID-19 pandemic.

Risk

Risk Communications Authentication Financial Services

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

However, basic cybersecurity tools and practices, like patching , strong passwords , and multi-factor authentication (MFA), “can prevent 80 to 90% of cyberattacks,” said Anne Neuberger, deputy national security advisor for cyber and emerging technologies, during a White House press conference in Sept. Other methods.

Ransomware

Ransomware Cybersecurity Phishing Encryption

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

The FCA has provided new guidance for PIs and EMIs using the “insurance or comparable guarantee” method of safeguarding. This includes a requirement that the insurance policy or comparable guarantee must pay out for the full amount of any claim regardless of how the relevant insolvency event occurs (including if the firm is at fault).

Authentication

Authentication Paper Risk Insurance

Ransomware Protection in 2021

eSecurity Planet

FEBRUARY 16, 2021

Ransomware frequently contains extraction capabilities that can steal critical information like usernames and passwords, so stopping ransomware is serious business. Only 38% of state and local government employees are trained for ransomware prevention, and only 29% of small businesses have experience with ransomware ( IBM ).

Ransomware

Ransomware Encryption Insurance Cloud

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

Part 500), and the Gramm-Leach-Bliley Act (GLBA)) are not required to notify affected New York residents, such entities must still notify the state attorney general, department of state and division of state police of the breach.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

Data Protection Report

MARCH 7, 2024

The proposed definition of “listed identifier” is Full or truncated government identification or account number (such as a Social Security Number, driver’s license or state identification number, passport number, or Alien Registration Number) [Note that this definition apparently includes truncated Social Security Numbers.]

Access

Access Military Compliance Personal data

The Hacker Mind Podcast: Going Passwordless

ForAllSecure

JANUARY 19, 2022

Passwords are everywhere, but they probably weren't intended to be used as much as they are today. Maybe you are at an organization that requires you to change your passwords every 90 days or so, and so you have password fatigue -- there are only so many variations you can do every 90 days or so. I must have the password.

Passwords

Passwords Authentication Access Data breaches

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

FEBRUARY 25, 2019

based supplier of identity access management (IAM) systems, which recently announced a partnership with Omada, a Copenhagen-based provider of identity governance administration (IGA) solutions. Governance and attestation quickly became a very big deal. Compliance became a huge driver for governance and attestation,” Curcio said. “It

Access

Access Government Authentication Data breaches

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

According to a listing on a popular hacking forum, the database includes customers’ names, email addresses, hashed passwords, and more. Source (New) Finance USA Yes 3,494 Woodruff Sawyer Source (New) Insurance USA Yes 3,087 Blackburn College Source (New) Education USA Yes 3,039 CAIRE Inc. The claim is yet to be verified.

Data Privacy

Data Privacy Privacy Security Data breaches

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

IT Governance

JANUARY 23, 2024

The leaked information allegedly includes customers’ names, dates of birth, email addresses, passwords and phone numbers. Data breached: 10,870,524 lines. Publicly disclosed data breaches and cyber attacks: full list This week, we’ve found 130,036,285 records known to be compromised, and 116 organisations suffering a newly disclosed incident.

Data Privacy

Data Privacy Privacy Manufacturing Retail

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

IT Governance

JANUARY 16, 2024

GB database includes names, email addresses, phone numbers and passwords. GB Rebekah Children’s Services Source (New) Non-profit USA Yes 2,805 Butte School District Source 1 ; source 2 (Update) Education USA Yes 2,658 Dignity Health Nevada St. Data breached: >7,000,000 records. Vauxhall Motors database with 5.5

Data Privacy

Data Privacy Privacy Manufacturing Retail

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Increasingly, thought leaders, professional organizations, and government agencies are beginning to provide answers. Creating an enterprise-wide governance structure. Creating an Enterprise-Wide Governance Structure. Aligning cyber risk with corporate strategy. Principle 5.

Cybersecurity

Cybersecurity Risk Passwords Authentication

Best Digital Forensics Tools & Software for 2021

eSecurity Planet

AUGUST 13, 2021

Hailing from Portland, Oregon, Exterro launched in 2004 and specialized in workflow-driven software and governance, risk, and compliance (GRC) solutions. For the time being, increasing regulation and scrutiny of sensitive data make banking, financial services, and insurance (BFSI) the fastest-growing segment of the DFS market.

e-Discovery

e-Discovery Computer and Electronics Marketing Compliance

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

Open Raven analyzes data at rest, classifies inventory, and automates data governance as these become critical capabilities for the hybrid infrastructure’s security posture. With robust encryption policies, Evervault can help reduce insurance premiums and offers PCI-DSS and HIPAA compliance automation. Perimeter 81. GitGuardian.

Cybersecurity

Cybersecurity Cloud Compliance Analytics

Digital Enterprises: Built on Modern MDM

Reltio

MARCH 31, 2019

To ensure no wall between data, governance, and insight, she shares her mantras: invest intelligently, source strategically, and collaborate. If you missed this event, check out the video presentations here to get the latest buzz in the data management industry (Login: dd19@reltio.com | Password: berightfaster).

MDM

MDM Digital transformation Analytics Cloud

Information Management Today

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Webinars

Trending Sources

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Webinars

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

NYDFS Requires COVID-19 Plans by April 9

What is a Cyberattack? Types and Defenses

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Ransomware Protection in 2021

New York Enacts Stricter Data Cybersecurity Laws

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

The Hacker Mind Podcast: Going Passwordless

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Best Digital Forensics Tools & Software for 2021

Top Cybersecurity Startups to Watch in 2022

Digital Enterprises: Built on Modern MDM

Stay Connected