Data security news & resources

In a landmark development that will reshape how public companies navigate cybersecurity risk, the US Securities and Exchange Commission (SEC) has given the green light to a set of rules that demand greater diligence in cybersecurity risk management, strategy, governance, and incident disclosure. As of December this year, public companies will be required to promptly […]

In today’s fast-paced legal landscape, Slack has emerged as the go-to collaboration app for law firms worldwide. However, legal personnel often make a few all too common mistakes with this app that expose their companies to compliance gaps and hinder their ability to effectively manage sensitive information. Below, we’ll explore these mistakes in detail, offering […]

PCI DSS is getting a long-awaited makeover and banking institutions need to take note. Sure, banks should be in a good stead to meet PCI compliance, given that they already have to contend with a range of strict data privacy regulations and auditing requirements, such as the GBLA, SOX and regular audits from the FDIC […]

On March 2, 2023, the Biden administration announced the release of a new National Cybersecurity Strategy, outlining the government’s approach to strengthen cybersecurity governance, improve online safety for citizens and build a fortified digital ecosystem resilient to attacks. Whether your organization resides in the public or private sector, the National Cybersecurity Strategy will have implications […]

The Federal Information Security Management Act (FISMA) is a United States federal law enacted in December 2002 under the E-Government Act.  The act mandates federal agencies to develop, document and implement an information security program, considering both processes and systems controls, to “protect information and information systems from unauthorized access, use, disclosure, disruption, modification, or […]

This time next year, PCI DSS 4.0 will come fully into effect, replacing the current standard, 3.2. 1, that has been in place since 2018.  PCI SSC’s newest version shouldn’t come as a surprise to most. It was first released in March 2022. But with a two year grace period to allow vendors and credit […]

Over the past 18 months, the Securities and Exchange Commission (SEC) has levied an onslaught of fines against public companies for inadequate disclosures of cybersecurity issues. In the latter half of 2021, British company Pearson agreed to pay $1 million, while First American Financial agreed to a settlement of $500,000.  Then, just last week, the […]

Data privacy advocates rejoice! 2023 is going to be one for the legislative history books, with the enforcement of four new state data privacy laws in the US. Colorado, Connecticut, Utah, and Virginia will all begin enforcing GDPR-style legislation this year, closely following in the footsteps of California – the first ever state to implement […]

Outsourcing has become the bedrock of business in the digital world. Need marketing support? An app developer? Product packaging? Whatever the task, there’s a third-party out there that can do the work for you.  But did you ever stop and think about your third-parties, third-parties? Just as your business acquires new skills and saves time […]

Hands up if your organization uses cloud applications like Microsoft 365, Google Workspace, Slack or AWS? If you do, you’re in the majority. It’s estimated that 90% of companies use the cloud. It’s a huge part of the future of work.  But the cloud is complex—especially when it comes to security. This is because it […]

It’s October: the start of fall, the impending holiday season and, of course, cybersecurity awareness month. While you might not initially think thanksgiving, Black Friday and cybersecurity have much in common, there’s actually a lot to know about, especially when it comes to phishing. You see, there’s been a general trend in recent years of […]