Search

Updated April 10, 2020 The implementation of the EU’s General Data Protection Regulation (GDPR) unleashed a wave of new privacy legislation across the world, spreading across the Atlantic to Brazil. On August 14, 2018, the Brazilian Federal Senate signed the Brazilian Personal Data Protection Regulation, referred to as the “LGPD” (derived from its Portuguese title), into law. On July 8, 2019, the final version of the LGPD was approved by current Brazilian President Jair Bolsonaro. The LGPD bears resemblance to the GDPR, though it is lighter and broader in scope. The LGPD was set to take effect in February 2020, but this deadline was extended another six months to August 16, 2020, giving both Brazilian policy makers and companies operating in Brazil a little more time to prepare for implementation. However, to deal with the Covid-19 pandemic in Brazil, lawmakers have extended the LGPD effective date to January 2021 and postponed its enforcement date to August 2021. This post aims to provide organizations with insights into the key elements of the law, including the scope, legal bases for processing, key implementation factors, and penalties for non-compliance.

Focal Point announced a new solution integrator partnership with SecZetta, a leading provider of third-party identity management solutions, to provide clients with a 360° view of third-party identity and lifecycle management

Using online cookies has become ubiquitous among organizations across all industries due to their ability to enhance and simplify user experience and to inform the business on its client base. However, since cookies allow businesses to track, store, and share user behavior, cookies are now the source of privacy concerns for consumers and security and compliance risks for businesses. A recent study by Cisco found that over 84% of global consumers want more control over how their data is being used. This call for increased privacy rights and digital transparency has motivated privacy regulations like the GDPR and the CCPA to target cookie use to address the risks associated with cookies and data protection. Unfortunately, many organizations are now struggling with how to effectively use cookies while managing cookie consent requirements and remaining compliant as privacy regulations evolve. In this post, we’ll take a closer look at the different types of cookies, how cookie requirements differ under the CCPA, the GDPR, and the ePrivacy Directive, and how you can ensure your organization is cookie compliant.

In 2020, there are a host of privileged access management (PAM) tools available, each with their own set of cool features. But the success of your PAM solution implementation isn’t solely reliant on the PAM provider you choose, but also on how your organization defines and views PAM. Regardless of which PAM platform(s) your organization chooses to deploy, there are many factors to consider when establishing deployment deadlines. Those factors include: What does the term “privileged account” mean in my organization? Is that definition consistent across all business units with privileged accounts? How many privileged accounts exist in the enterprise environment? Do you know? How confident are you in that number? How will this tool impact day-to-day activities? Do I have leadership buy-in for the implementation of this tool? What if I lose access to this tool? Are there tested/effective break-glass procedures? In this post, we will look at how to define PAM within your business, how to identify and categorize privileged accounts, how to prioritize privileged accounts, and how to build your roadmap to PAM success.

Check out our Covid-19 cyber awareness email template here.  The 2019 Verizon Data Breach Report identified phishing as the number one cause of data breaches and the most disruptive type of cyberattack. These schemes are common because:   They're easy. Even novice criminals can execute a phishing scheme. They're flexible. Email schemes can be used to deliver malicious payloads (like ransomware), steal user credentials, steal crown jewels data, and instigate phony wire transfers. They're valuable. Phishing schemes cost companies well over half a billion dollars each year in fraudulent transactions, lost data, revenue, and productivity. We're really bad at stopping them.  They prey on our "click first" mentality and the onslaught of emails we skim through a daily basis.   The First Step of Cyber Awareness... ...is communication. Regular, consistent, and informative communication. Everyone (yes, every. single. person.) in your organization needs to know what hackers are trying to do, and what role they can play in stopping them. We often get asked for tips on communicating with employees about these topics - from ransomware (a top concern after WannaCry) to basic phishing to password best practices. So, in that spirit, we've decided to bust our cyber awareness email templates out of the vault, and post them here for you to use in your organization.

Last year, there were over 2,000 confirmed data breaches. While most breaches highlighted in the media occur at large, well-known companies, those that happen at smaller companies can still have a devastating impact on consumers and result in severe consequences. Two unrelated web-based companies, i-Dressup and ClixSense,  each failed to provide reasonable data security at their respective organizations, enabling hackers to steal personal information, including social security numbers and IP addresses, of over 12 million consumers combined. These companies recently reached separate settlements with the Federal Trade Commission (FTC), both of which included fines and new standards of care requirements around cybersecurity.      In Part 2 of our series tracking popular settlement actions and court cases, we’ll take a closer look at the data breaches at i-Dressup and ClixSense, the settlement orders issued by the FTC, and what lessons others can learn and apply from these incidents.

Gary McIntyre is a Director with Focal Point’s Cyber Defense practice and brings over 19 years of experience focused on information security with a specialization in the end-to-end design, deployment, and operation of Security Operations Centers.

Benchmark your cybersecurity policies, processes, and technology against leading standards and gain actionable insights for maturing your program.

Focal Point actively seeks to hire veterans, reservists, National Guard members, and military spouses and to provide them with opportunities to advance their careers in cutting-edge technical fields like cybersecurity, identity and access management, IT strategy, data privacy, and audit and compliance.