What is the Ohio Data Protection Act?

by Sarah Harvey / November 29th, 2018

During an age when information and data fuels businesses, understanding the value of cybersecurity in protecting data is crucial. Lawmakers and business owners are continuously recognizing the new, complex risks that come from doing business in cyberspace every day. That’s why on August 3, 2018, Ohio Governor John Kasich signed Senate Bill No. 220, the Ohio Data Protection Act. This legislation makes Ohio the first state to enact a law…

What NY CRR 500 Means for Vendor Compliance Management

by Sarah Harvey / August 7th, 2018

NY CRR 500 and Vendor Compliance In March 2017, the New York State Department of Financial Services Cybersecurity Requirements Regulation for Financial Services Companies Part 500 (NY CRR 500) of Title 23 went into effect, establishing new cybersecurity requirements for financial services companies. NY CRR 500 requires that financial services companies (covered entities) develop a cybersecurity program that protects the confidentiality, integrity, and availability of sensitive customer information and information…

7 Deadly Breaches of 2018 (So Far)

by Sarah Harvey / July 24th, 2018

With the complexity of the current threat landscape, organizations must be more alert than ever to potential data breaches. Who will be next? What happened? What will the fine be? While we’re only midway through 2018, we’ve seen headline after headline from organizations who have come forward to notify their customers of breaches. Let’s a take look at some of the top data breaches of 2018 to learn what went…

Rebuilding Trust After a Data Breach

by Sarah Harvey / June 21st, 2018

American Perspective on Data Breaches According to Pew Research Center, half of Americans feel that their personal information is less secure than it was five years ago. Even more so, 64% of American adults have experienced data theft via credit card, account number, email account, social media accounts, Social Security number, loan, or tax return compromises. Yahoo, eBay, Equifax, Target, Anthem, Home Depot – it has become habitual to worry…

PCI DSS Update: Version 3.2.1 Released

by Sarah Harvey / May 31st, 2018

On February 1, 2018, nine new PCI DSS requirements went into effect. Four months later, the PCI Security Standards Council (SSC) published a minor revision to the PCI DSS. PCI DSS v3.2.1 replaces v3.2 and addresses effective dates and Secure Socket Layer (SSL)/early Transport Layer Security (TLS) migration deadlines that have passed. Though PCI DSS v3.2.1 does not introduce any new requirements, let’s discuss the minor revisions made, when they…