Showing posts with label cybersecurity. Show all posts
Showing posts with label cybersecurity. Show all posts

Thursday, June 3, 2021

Now is as good a time as ever for a cybersecurity refresher


In light of the recent crippling Russian cyber-attacks on Colonial Pipeline and JBS, now is a perfect time for a refresher course on cybersecurity.

Here are some A+ resources I've previously provided:

Wednesday, January 6, 2021

I’m not in Kansas anymore … or ever (an unemployment fraud story)


What's wrong with this photo?


Wednesday, November 20, 2019

Is your business prepared for a cyber attack? (probably not, but I can help.)


I’d like to share three scary cybersecurity statistics with you.
  1. 60 percent of small businesses fail within 6 months of a cyber attack.
  2. 72 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as other than highly effective.
  3. 90 percent of data breaches are caused by human error.

These numbers mean that most of you reading this post work for a company that is not doing nearly enough to mitigate your cyber-risk. Coupled with the truth that data breaches are a when issue, and not an if issue, these numbers also mean that everyone’s data is way too exposed, and no matter what you are currently doing in this space, everyone can do more.

Meyers Roman is here to help.

Thursday, June 27, 2019

Does an employer have a duty to protect the personal information of its employees? (Part 3)


Employees trust their employers with a whole bunch of personal information. Social security numbers, medical documents, insurance records, birth dates, criminal records, credit reports, family information, etc. And it’s not like employees have a choice over whether to disclose and entrust this information to their employer. These documents are all necessary if employees want to get hired, get paid, and obtain health insurance and other benefits. Thus, an employer’s personnel records are a treasure trove of PII (personally identifiable information — any data that could potentially identify a specific individual, which can be used to distinguish one person from another and de-anonymizing otherwise anonymous data).

For this reason, cyber-criminals target myriad businesses in an attempt to steal (and then sell on the dark web) this data.

If a company is hacked, and employees’ PII or other data is stolen, is their employer liable to its employees for any damages caused by the data breach?

Tuesday, April 30, 2019

Should you pay if your business is attacked by ransomware?


Cleveland Hopkins Airport flight information boards have been out of service since last Monday (story here). Yesterday, after paying contractors more than $750,000 to restore them, the City finally acknowledged the cause—a ransomware attack.

Ransomware is malicious software that locks and encrypts a victim’s computer data. The criminal then demands a ransom to restore access, usually within a set amount of time. If the ransom is not paid, the data is destroyed.

Tuesday, February 26, 2019

What a morning at the BMV teaches about cybersecurity


I spent way too much of my Saturday morning at the local Bureau of Motor Vehicles (aka the Walmart of government agencies). "Why," you ask? Because my plates were on the verge of expiring, and I had forgotten to take advantage of the much preferable online registration process.

So there I found myself at 10 a.m. Saturday morning, waiting in line. To be fair, it was the "express" line, designated for license renewals only. My experience, however, was less than express, thanks to the patron two spots ahead of me in line.

Thursday, February 7, 2019

FINRA's new "Best Practices" for Cybersecurity is MUST reading for any employer


The Financial Industry Regulatory Authority (FINRA) recently issued its Report on Selected Cybersecurity Practices – 2018 [pdf].

The Report identifies five common cybersecurity risks and outlines recommended practices for each:

  • Branch controls
  • Phishing attacks
  • Insider threats
  • Penetration testing
  • Mobile devices 

While FINRA only regulates securities firms, the five topics its Report covers should be required reading for any employer that wants to understand how to implement cybersecurity best practices.

Thursday, October 11, 2018

Make your business cyber-aware for National Cybersecurity Awareness Month


October is National Cybersecurity Awareness Month.

Let's see how good your cyber-awareness is.

Do you know the top method of cyber-attack?

Tuesday, August 14, 2018

Ohio's new cybersecurity safe harbor for businesses means the time for cybersecurity compliance is NOW


Do you know that the average total cost of a data breach to a business is $3.86 million?

This is a 6.4% increase over the past year.

For companies doing business in Ohio, some relief is on the way.

Thursday, July 12, 2018

Does an employer have a duty to protect the personal information of its employees?


Consider the following scenario.

An employer discovers that an employee who worked in its information technology department had been stealing older laptop computers. Some of those computers had been used in the employer's human resources department and contained former employees' personal information (including social security numbers and drivers' license numbers), which the company collected on each employee at the time of hire.

Monday, October 30, 2017

Ohio lawmakers consider safe harbor for cybersecurity compliance


If the Equifax data breach hasn’t scared your company into cybersecurity compliance, Ohio lawmakers are considering dangling you a compliance carrot.

Senate Bill 220 [pdf], introduced earlier this month, would provide business a cybersecurity ‘safe harbor’ in exchange for compliance with the NIST Cybersecurity Framework (or other similar standard).

Tuesday, October 10, 2017

It’s coming from INSIDE THE HOUSE: 12 steps for your employees to become cyber-aware


Do you remember the movie When a Stranger Calls?

The movie opens with a babysitter receiving a telephone call from a man who asks, “Have you checked the children?” She dismisses the call as a practical joke, but as they continue, and become more frequent and threatening, she becomes frightened and calls the police. Ultimately, she receives a return call from the police, telling her that the calls are coming from inside the house.

(Cue ominous music)


October is National Cyber Security Awareness Month. And, according to one recent study, employee negligence or other error is the cause of 41 percent of all data breaches. Your data breaches are coming from inside your house. The question is what are you going to do about it.

Monday, May 15, 2017

WannaCry? Then ignore cybersecurity


Friday, the largest cyber-attack in history hit 150 different countries. The ransomware, known as WannaCry, infects via a link in a malicious email, encrypts the local files, and spreads to other computers. It then demands a ransom of $300 in bitcoin for the unlock key. 

What can, should, and must you do, immediately, to protect your business? For starters, ensure that all computers are patched to the latest Windows update (Mac computers are unaffected). 

Wednesday, May 3, 2017

10 key elements of any data security policy to safeguard your company


Yesterday, I told you that small businesses (less than 250 employees) suffered 31 percent of last year’s cyberattacks. What can you do to best protect your business (of any size) to repel an attack? Let me introduce you to the Data Security Policy, an essential component of any employee handbook now, and likely forever.

What should an effective Data Security Policy contain? Consider 1) consulting with a knowledgeable cybersecurity attorney; and 2) including these 10 components (c/o me, Travelers, and the U.S. Small Business Association):

Tuesday, May 2, 2017

If you think your small business isn’t at risk for cybercrime, think again


If you’ve ever spoken or though the words, “We’re too small to worry about a cyberattack,” you’d better think again.

According to a recent study, 31 percent of all cyberattacks in 2016 were directed at companies with less than 250 employees.

Do I now have your attention? 

Wednesday, January 25, 2017

Make password security a priority for your employees in 2017


Do you know the top 10 passwords used to “secure” enterprise-connected devices in 2016? Sadly and unsurprisingly, here they are, along with how long it would take it would take a computer to crack each (and hack into said device and network):

Thursday, January 19, 2017

A not-so-subtle reminder about the need for cybersecurity training


I feel like I’ve written a lot lately about the need for cybersecurity training for employees (for example, here, here, and here). Yet, as long as employees keep opening unknown emails and clicking on strange links, we need reminders of why this training is necessary. And, just this past week, the Cleveland Metropolitan School District offered a great teachable moment.


Wednesday, November 16, 2016

The newest threat to your cybersecurity? Your lunchroom appliances


Dinner is always a bit of cluster in my house. We are a home of two working parents, and, with music lessons and band rehearsals three nights a week, it seems that we are always scrambling for our evening meal. More often than not, we end up eating out, which is neither good for our wallets nor our waistlines.

Thursday, July 21, 2016

Who knows what evil lurks in the hearts of public Wi-Fi?


According to Politico, an IT company set up various fake Wi-Fi networks around the RNC with names such as “Google Starbucks”, “I vote Trump! free Internet”, and “I vote Hillary! free Internet”. The goal was to see how many people would join the unsecured networks. The answer: 1,200, with 68 percent compromising the information on their devices.

“I use public Wi-Fi all the time,” you say. “After all, wireless data is expensive. What’s the harm in using a public network?”

Watch this video, and then let’s chat about how to discuss this important security issue with your employees.


Tuesday, May 31, 2016

Why aren’t you training your employees on cyber security?


A recent cyber-security survey conducted by the Ponemon Institute and Experian has some startling results for employers. According to the survey, Managing Insider Risk through Training & Culture [pdf]: