Vendor risk must be a core part of every company’s cybersecurity program, but it is hard. Especially when the company is a tech company, developing software that you use. The term Minimum Viable Product or MVP is a term marketing folks have used for years to describe creating a version 1 product that has the […]
Continue reading → [DISPLAY_ACURAX_ICONS]While goals are CURRENTLY voluntary, CISA issued guidelines for what it expects from pipelines and other critical infrastructure in light of the Colonial Pipeline attack. While it appears that the hackers were not able to take over the control systems in that attack, they did take over the control systems in the Florida and Kansas […]
Continue reading → [DISPLAY_ACURAX_ICONS]While the details of this are interesting, what is more important is thinking about all of the contracts that you sign. This is a legal battle that goes back several years. In one corner is Fiserv, the Fortune 200 +/- financial services software behemouth. In the other corner is Bessemer System Federal Credit Union, a […]
Continue reading → [DISPLAY_ACURAX_ICONS]On Friday Title industry software and consulting provider was hit by a ransomware attack. Cloudstar operates 6 data centers and supports over 40,000 customer users. Now those customers are wondering what are they going to do. Cloudstar users who close real estate sales are dependent on Cloudstar’s systems being up. Cloudstar has been down since […]
Continue reading → [DISPLAY_ACURAX_ICONS]First it was California (version 1 and version 2); then it was Virginia. Now it is Colorado. IT IS NOT GOING TO STOP THERE. California’s CCPA covered human resources data somewhat. CPRA covers it completely and will require HR departments to create programs to protect HR data. This includes notices at the time data is […]
Continue reading → [DISPLAY_ACURAX_ICONS]Talk about a political football, oh my. Florida has passed a law outlawing them. Not sure that Florida is a bastion of privacy – just wants to stick it to certain folks. But, if some other state or other company requires it, the law is meaningless. Lets say, just making something up, that New York […]
Continue reading → [DISPLAY_ACURAX_ICONS]