Cryptocurrency’s future: What compliance needs to know
Cryptocurrency is complicated, but it’s not going away anytime soon. David Povey of the ICA takes a look at what regulators are trying to do and offers tips on where compliance officers can go to study this complex topic further.
Ticketmaster UK fined $1.6M under GDPR for 2018 data breach
The U.K. Information Commissioner’s Office fined Ticketmaster £1.25 million (U.S. $1.6 million) for its failures relating to a 2018 data breach by a third party.
OCC report: Banks sound, but compliance risks elevated amid pandemic
The U.S. banking industry is stable nearly nine months into the coronavirus pandemic, but the OCC warns of increased risks for banks seeking to comply with the Bank Secrecy Act and consumer protection and fair lending requirements.
Audit committee best practices for understanding and acting on cyber-threats
Cyber-security risk oversight is the area with the greatest increase in audit committee disclosures in proxy statements, so you better make sure you’ve got a handle on understanding your responsibilities.
New bank resiliency guidance tackles cyber-risk, pandemic planning
Federal banking regulators have released new operational resiliency guidance aimed to strengthen risk management around technology-based failures, cyber-incidents, pandemic outbreaks, natural disasters, and more.
In second drastic reduction, ICO fines Marriott $23.8M
The Marriott GDPR fine handed down by the U.K. Information Commissioner’s Office is less than 20 percent of the original number the regulator proposed, the second time this month such a drastic reduction has taken place.
Choose your ending: What to do when your systems are hacked and ransom is demanded
What should you do if your firm is hit by ransomware? Choose your own ending to this tale about a clinic, a criminal, and coronavirus to learn the risks and rewards of each choice.
NIST guidance tackles how to integrate cyber-security with ERM
New guidance from NIST aims to demystify a process with which many companies across all industries have long struggled: how to seamlessly integrate cyber-security risk into an overall enterprise risk management program.
Best practices for M&A cyber-security due diligence in a virtual world
The slowdown in mergers and acquisitions in the early stages of the coronavirus pandemic in March is waning, and M&A activity is approaching pre-pandemic levels again, with cyber-security risk now the top concern.
White paper: The Data Trinity: Governance, Security & Privacy
Creating policies for data handling and accountability and driving culture change so people understand how to properly work with data are two important components of a data governance initiative, as is the technology for proactively managing data assets.
CPE Webcast: Tips to jumpstart your CMMC certification plan
With the release of the DOD’s Cybersecurity Maturity Model Certification program in 2020, contractors are required for the first time to comply with a specific set of cybersecurity capabilities—and have that compliance certified by a third party.
OCC fines Morgan Stanley $60M for data inventory risk failures
Morgan Stanley has agreed to pay $60 million as part of a settlement with the OCC for failing to adequately protect customer data when the bank decommissioned two U.S.-based wealth management data centers.
Breach costs Premera Blue Cross $6.85M; second-largest HIPAA fine
Premera Blue Cross has agreed to pay $6.85 million in a settlement with the U.S. Department of Health and Human Services regarding a 2014 data breach that affected the personal and health plan information of over 10.4 million people.
Credit to JPMorgan Chase in this week’s banking-themed naughty/nice list
JPMorgan Chase, Danske Bank, Deutsche Bank, and Bank of America all either “Nailed It” or “Failed It” this week.
European Commission: No Privacy Shield replacement in sight
The European Commission this week warned there will be “no quick fix” to replace the now-invalidated Privacy Shield, which governed data transfers between the European Union and United Sates.
Credit social media giants for prepping for election chaos
Silicon Valley’s social media heavyweights deserve a nod for “war-gaming” potential misinformation scenarios in advance of November’s elections, while McDonald’s again finds itself on our “Not Lovin’ It” list.
Q&A: New training takes compliance leaders on ‘non-technical’ cyber-journey
A new training offered by renown expert Paul C. Dwyer helps non-technical practitioners gain confidence in dealing with all aspects of cyber-security or cyber-risk.
Survey: Coronavirus revealed weaknesses in companies’ GRC, data processes
A recent survey from Compliance Week and Riskonnect of 261 compliance and audit professionals found that half of the respondents were not prepared for the coronavirus pandemic with an updated crisis management plan.
Uber’s former security chief charged in data breach cover-up
Uber’s former security chief has been charged in connection with an alleged cover-up of a 2016 data breach that compromised millions of people’s personally identifiable information.
How far is too far with employee monitoring? Barclays case could offer litmus
The U.K. Information Commissioner’s Office is investigating allegations that Barclays Bank had effectively been spying on employees by using an intrusive software system that monitored workers’ activity.
Trump’s TikTok crusade a hollow win for privacy
There’s no questioning the need to protect the data of U.S. citizens from China, but it’s naïve to think pressuring TikTok to take up a U.S. owner is anything more than a hollow victory given our lack of federal oversight in the area of privacy.
Carnival discloses ransomware attack
Carnival Corp., already hit with a complete halt of business since April due to the coronavirus pandemic, is the latest major company to reveal the discovery of a ransomware attack.
McDonald’s handling of ex-CEO scandal gets compliments, criticism
A fresh podcast from the Theranos whistleblower and a new compliance association for Black practitioners get a round of applause from us this week, while a complicated case involving McDonald’s lands the company on both the “Nailed It” and “Failed It” lists.
OCC fines Capital One $80M over 2019 data breach
Capital One and Capital One Bank (USA) were fined $80 million for failing to establish sound risk management processes and internal controls related to the company’s data breach last year.
Twitter could face up to $250M FTC fine for misuse of data
Twitter disclosed in a regulatory filing that it could face fines of up to $250 million by the Federal Trade Commission for misusing people’s personal information for advertising purposes.
IBM report: Average data breach cost nearly $4M in past year
An IBM report that examined more than 500 cyber-security breaches occurring between August 2019 and April 2020 found the average breach costs companies $3.86 million and requires nearly 300 days to identify and contain.
CPE Webcast: Digital transformation & cyber risk: What you need to know
Join Larry Ponemon, founder of Ponemon Institute, and Dave Stapleton, CISO of CyberGRX, as they discuss the impact digital transformation is having on cyber-security and some best practices you can implement to better protect your organization.
Nailed It or Failed It? Disney sends anti-hate message to Facebook
In this week’s “Nailed It or Failed It?”, Disney gets kudos for throwing its weight behind the #StopHateForProfit protest, while PG&E earns criticism after being found responsible for yet another California wildfire.
First American first charged with NYDFS cyber-regulation abuses
First American Title Insurance Company has become the first firm to face charges alleging violations of the New York State Department of Financial Services’ Cybersecurity Regulation.
Twitter cyber-attack should be wake-up call for firms
The recent cyber-attack directed at Twitter was the online equivalent of an explosive device being detonated. The ICA breaks down lessons learned from the hack and what firms can do to enhance their cyber-security controls.
Using data to fight fraud fire with fire
When it comes to ferreting out and thwarting fraud, one must think like the fraudster, advises financial crime expert Martin Woods, who offers tips on using data to make your firm a hostile environment for bad actors.
How Twitter got hacked, and what you can learn from it
Twitter just suffered the biggest cyber-attack in its history. But is it being set up for something bigger? We explore that possibility and much more.
Giant Twitter hack impacts Joe Biden, Barack Obama, Bill Gates, others
Perhaps the biggest Twitter hack of all time was perpetrated Wednesday against such notable figures as Joe Biden, Bill Gates, Elon Musk, former President Barack Obama, and Jeff Bezos, among others.
OCIE issues ransomware alert to financial services
The SEC’s Office of Compliance Inspections and Examinations is advising financial firms to beware of a rise in more sophisticated ransomware attacks.
Study: U.S. largest target for ‘significant’ cyber-attacks
The United States has been on the receiving end of more significant cyber-attacks over the last 14 years than triple any other country, according to new research.
White paper: Digital Transformation & Cyber Risk: What You Need to Know to Stay Safe
CyberGRX and Ponemon Institute surveyed 581 IT security and 302 C-suite executives to determine what impact digital transformation is having on cybersecurity and how prepared organizations are to deal with that impact.
CPE Webcast: Data breach litigation post CCPA
The biggest impact on business post CCPA, and presumably subsequent state regulations, is the impact on data breaches.
Bill proposes national cyber-security czar
A bill with bipartisan Congressional support proposes to create a national cyber-security czar who would report directly to the president.
Report slams ‘woefully lax’ cyber-security controls at CIA
Cyber-security protections deployed for some of the nation’s most secret data was “woefully lax,” according to a 2017 intelligence brief that detailed shortcomings at the CIA following the agency’s 2016 data breach.
Five cyber-security lessons from the pandemic
Verizon Public Sector Counsel David Kessler, winner of CW’s “Excellence in Compliance: Cyber-Security” award, offers five lessons garnered from the pandemic to assist companies with their cyber-security compliance.
Report: Average data breach costs public companies $116M
An Audit Analytics report on cyber-security breaches at public companies found the sensitivity of customer information stolen—along with length of time it took companies to report breaches—greatly affected the financial damage the breaches caused.
Five ways to protect yourself from coronavirus cyber-attacks
Cyber-criminals are making attempts to test the cyber-security of those working from home during the coronavirus pandemic. Here are ways to help defend yourself and your business from these potential threats.
CPE Webcast: Calculating COVID-19 third-party privacy risks
COVID-19 has completely changed the way organizations do business, both internally and externally. The influx of sensitive data being collected makes proactively identifying and managing privacy risk a big challenge.
Coronavirus has made CW2020 a (virtual) gathering like no other
The coronavirus pandemic has made getting together for our annual National Conference impossible, but it’s also made this virtual gathering (Monday and Tuesday) perhaps the most important one we’ve ever had.
Rewriting the cyber-compliance playbook
Former U.S. deputy attorney general Rod Rosenstein provides some best practices companies can employ in their fight against a new era of cyber-crime.
Cyber-criminals have supply chains, too
All cyber-attacks leave a trail. These trails can be complex, of course, but the criminals cannot avoid them. Thus, they leave a supply chain of intelligence and data.
Current cyber-environment calls for proactive approach
The conventional wisdom on cyber-security is to play defense and respond quickly to breaches. But these are not normal times, and proper cyber-hygiene is more important than ever.
ICA, ICTTF partner on new cyber-risk offering
The International Compliance Association announced it has partnered with the International Cyber Threat Task Force to offer a new program in cyber-risk management.
First round of finalists named for Excellence in Compliance Awards
Compliance Week has pared down its list of more than 300 nominees for its first annual Excellence in Compliance Awards and is pleased to announce the finalists for nine of the 15 categories.
Lessons from Zoom: Coronavirus exposes videoconference risks
Stay-at-home orders during the coronavirus pandemic have led to explosions of use for popular videoconferencing platforms, some of which have struggled to adjust to new privacy concerns.