$16M Anthem Penalty Illustrates the Need for HIPAA Compliance
Back when they were new on the scene, HIPAA's privacy and security rules didn't get much respect. Beginning with the privacy rule's introduction in 2003, the Office of Civil Rights received thousands of complaints and investigated thousands of infractions each year, but took little or no corrective action. In fact, the OCR didn't issue a single fine for a HIPAA privacy or security rule violation between 2003 and 2008. It's easy to understand how HIPAA got a reputation as a toothless mandate, but things have changed over the last ten years. If anyone needed a reminder of the fact, the OCR delivered one this week with its $16 million fine for the Anthem data breach. The penalty is nearly triple the previous record for a HIPAA fine, and sends a clear message that organizations can expect to pay a heavy toll for neglecting their data protection...
Automating Your Data Defense
Faced with staffing shortages, skill gaps, and evolving cyber threats, security professionals around the world are beginning to recognize that automation is the future of information security. There’s simply no way that security managers—or end users—can be expected to evaluate every risk and apply appropriate protection to the constantly-multiplying volumes of data they handle.
Compliance Check: NYCRR 500 Phase 3
We're now three quarters of the way through New York's two-year-long implementation of its cybersecurity law for financial services companies. The first law of its kind in the US, NYCRR 500 sets best-practice cybersecurity requirements for all banks, mortgage companies, insurance companies, and other organizations that do business in New York. The requirements are being phased in between March 1, 2017 (when the law first took effect) and March 1, 2019.
Cyber Wars: Every Backdoor Is an Open Door
No one expects politicians to be experts on every subject. Elected officials and agency directors have to make decisions on dozens of complicated issues, many of which lie far outside their areas of expertise. That's why public discussion and expert opinions have always played key roles in shaping our laws and policies. Here at PKWARE, we're deeply involved in the ongoing debate about strong encryption, and whether governments can (or should) require backdoors for encrypted communications and devices. While some politicians have advocated against backdoors, many others in Congress and law enforcement continue to call for measures that would make our data less private and less secure.
Cyber Wars: Is a Digital Pearl Harbor in Our Future?
We've seen plenty of massive data breaches in recent years— thefts that involve the personal info of hundreds of millions of people and cost the affected companies hundreds of millions of dollars. So far, however, we seem not to have learned our lesson. Cybersecurity continues to take a back seat to dozens of other issues in corporate boardrooms, in legislative chambers, and in the media. It's time to ask the obvious question: how much worse do things need to get before our attitudes change?
Cyber Wars: What Is Government's Role?
Who owns cybersecurity? Cyber attacks negatively impact governments, corporations, and individuals on a daily basis. One of the many reasons for our ongoing vulnerability is that we lack a cohesive approach for defending US interests against cyber threats. It has become painfully clear that neither the government nor the private sector can solve the problem on its own. There must be a joint effort in protecting our country’s national interest in terms of cyber security.
GDPR is Officially the Law. Now What?
GDPR: Your 90-Day Compliance Checklist
After two years of controversy and confusion, the era of the GDPR is about to begin. As of May 25, Europe's groundbreaking General Data Protection Regulation will have the force of law in all 28 EU member nations, fundamentally changing the way businesses and government agencies deal with personal data.
Is the US Getting Closer to a National Cybersecurity Law?
From the moment Europe's leaders began discussing the law that would eventually become the GDPR, it seemed almost inevitable that the United States would some day pass a national cybersecurity law of its own. After all, as the center of the world economy, America presents the largest attack surface for anyone looking to steal consumer data, trade secrets, or other sensitive information. America's GDPR may still be years in the future, but the country appears to be taking another step in that direction. Recent comments from Senator Mark Warner and other high-profile politicians, in the wake of the recently-uncovered breaches at Marriott and the National Republican Congressional Committee, suggest that there may be growing support in D.C. for a national...
It's Official: Colorado's New Cybersecurity Law Takes Effect
A few years from now, stories like this may not even qualify as news. That's how quickly cybersecurity laws—nearly unheard of until recently—are becoming the norm. For now, though, each new law is worth noting, and the Colorado Protections for Consumer Data Privacy law, which took effect on September 1, is the latest law to hit the books in the US.
PKWARE Recognized in 2018 CRN Partner Program Guide
PKWARE is excited to be in this year’s CRN®, a brand of The Channel Company, Partner Program Guide! The annual guide features partner programs from technology vendors that provide products and services through the IT channel. CRN® evaluated vendors based on investments in program offerings, partner profitability, partner training, education and support, marketing programs and resources, sales support and communication.
PKWARE’s Jen Ferguson Named 2018 CRN Women of the Channel Honoree
PKWARE is proud to announce that CRN, a brand of The Channel Company, has named Jen Ferguson, Director of Partner Marketing, to its prestigious 2018 Women of the Channel list. The executives on this annual list span the IT channel, representing vendors, distributors, solution providers and other organizations that figure prominently in the channel ecosystem.
Smartcrypt in Action
If you want to see what data-centric protection really looks like, PKWARE's new demo videos are here to show you.
The Age of Encryption Has Arrived
In the life of every important technology, there’s a tipping point—a moment when the technology ceases to be a niche product or an emerging concept and becomes a part of everyday life. For mobile phones, to choose an obvious example, that moment came almost twenty years ago. For cloud computing, it was perhaps five years ago. For encryption, it’s happening now.
The GDPR Right to Be Forgotten: How Will It Work?
With less than two months to go before the GDPR effective date, companies around the world are beginning to flip the switches on the new products, business processes, and communication campaigns they’ve implemented in hopes of complying with the law. Despite the EU’s efforts over the last two years to explain what the regulation requires and how it will be enforced, a great deal of uncertainty remains. Until GDPR supervisory authorities begin to issue fines for noncompliance—and organizations begin to challenge those fines in court—no one can say for sure which of the law’s provisions deserve the most attention. The GDPR’s much-publicized "right to be forgotten," however, seems certain to generate interest on the part of consumers, corporations, and supervisory authorities from day one.
To Simplify GDPR Compliance, Reduce Your Attack Surface
One month from today, Europe’s General Data Protection Regulation will take effect, and the security strategies prepared by organizations around the world will be put to the test. The GDPR presents a complex challenge, creating new rules for corporations and new rights for the individuals whose data those corporations collect and process. The more data an organization has, the more difficult it will be to meet that challenge.
What If They Were Paper Files? A Data Protection Journey to the Past
Cybersecurity isn’t the easiest thing in the world to visualize. Since we don’t actually see information as it travels across networks or is written to disks, it can be difficult to picture exactly what needs to happen in order to keep data safe. So just for fun, we’re going to do a bit of time travel to see what today’s data protection concepts would look like if they were applied to paper files instead of digital ones. We don’t need to go back too far—40 years will do the trick—to arrive at a time when the vast majority of information was still being created and stored on paper. Imagine, if you will, that it’s 1978. Most large companies are already using computers to perform certain tasks, and early adopters are beginning to buy personal computers like the TRS-80 and Apple II. The majority of workers, however, still do their work on paper, and that’s what you’ll be doing today after your $1.75 taxi ride to the company headquarters.
What We Heard at RSA
It was great to see everyone at this year’s RSA conference! The year’s biggest industry event is an ideal opportunity to gain insight into the trends and developments that are shaping the future of cybersecurity. Here’s a quick rundown of the recurring themes we heard in our conversations with information security professionals from around the world.