On September 1, 2020, Department of Defense (DoD) contractors will be required to comply with the recently released Cybersecurity Maturity Model Certification (CMMC) requirements. The CMMC requirements are designed to ensure that suppliers, contractors and subcontractors working with the DoD’s Office of Acquisition and Sustainment have cybersecurity frameworks in place “to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB).” Through the creation of the CMMC, DoD appears to be enhancing the requirements of NIST 800-171, ISO 27001 and other cybersecurity-related frameworks.
The CMMC model delineates five “maturity” levels, with level 1 being the least secure and level 5 being the most secure. Once the CMMC takes effect, DoD will assign all solicitations an appropriate maturity level that bidders must be able to meet if they wish to bid on the solicitation.
Continue reading “DoD’s Cybersecurity Maturity Model Certification Is Here: What Your Business Needs to Do to Prepare”
On April 13, 2020, the New York Department of Financial Services (NYDFS) issued new guidance to all New York State Regulated Entities to highlight “a significant increase in cybercrime” related to the COVID-19 epidemic. NYDFS’s guidance identified “several areas of heightened cybersecurity risk as a result of the crisis.” These risks include:
- Remote Working – The mass shift to remote working forced by COVID-19 has created new security threats which are being exploited by hackers. Regulated entities should take proactive steps to address these new security threats. Among other things, regulated entities should take steps to make their remote access as secure as possible by using multi-factor authentication and VPNs. Companies also should ensure that devices used to access networks are properly secured and/or controlled. Regulated entities also must take steps to ensure the security of remote working communications, like video conferencing applications. Finally, companies should ensure that employees are not accessing or sending sensitive or non-public information through personal email accounts or devices.
Continue reading “New York Department of Financial Services Issues New Guidance Regarding COVID-19 Cybersecurity Risks”
As COVID-19 has prompted a massive shift by organizations to the implementation and use of remote working solutions for their employees, there has been an unfortunate, but not surprising, corresponding rise in malicious actors seeking to exploit remote working solutions.
Over the past few weeks, the most notable and prevalent “digital hijacking” has occurred on the Zoom teleconferencing application. Since the start of the COVID-19 pandemic, there has been an explosion in the number of individuals using the Zoom application. Prior to the pandemic, Zoom averaged approximately 10 million users per day. However, Zoom now estimates that approximately 200 million users per day utilize its videoconferencing application. These users not only include remote workers, but also many school children and teachers who utilize the Zoom application for remote learning.
Continue reading “COVID-19 and Cybersecurity: Combating “Zoombombing” and Securing Your Remote Working Videoconferences”
The spread of COVID-19 has prompted an enormous shift by organizations to the use and implementation of remote working solutions for a wide range and number of employees. Unfortunately – but perhaps not surprisingly – this shift has provided malicious cyber actors with additional ways to infiltrate remote use networks. The spread of COVID-19 has brought with it a huge surge in data security incidents, as hackers look to exploit new organizational vulnerabilities and distracted and overburdened IT security personnel.
Continue reading “COVID-19 & Cybersecurity: What Companies and Employees Should Know About Remote Working”
In a release aptly labeled “A Starting Point for IoT Device Manufacturers” the National Institute of Standards and Technology (NIST), an arm of the Department of Commerce, recently added to the discussion with the publication. NIST sought to provide IoT device manufacturers a better understanding of appropriate cybersecurity features for the vast and constantly proliferating range of IoT devices. NIST’s fundamental purpose is to improve the securitibility of IoT devices and to identify, in general terms, the features that can be designed so that customers can better use them to manage cybersecurity risk profiles.
Continue reading “NIST Unveils IoT Baseline of Core Cybersecurity Features for Comment”
On May 29, 2019, Nevada Governor Steve Sisolak signed into law SB 220, which amends Nevada’s security and privacy law to require an operator of a website or online service for commercial purposes to permit consumers to opt-out of the sale of any covered personally identifiable information that the operator has collected or will collect about the consumer. The law becomes effective October 1, 2019, several months before the California Consumer Privacy Act’s (CCPA) effective date of January 1, 2020, and is therefore set to become the first of its kind to be implemented in the U.S.
Continue reading “Nevada’s Privacy Law Granting Opt-Out Rights Is First Out of the Gate”