Category Archives: Duty of Care Risk Assessment (DoCRA)
Reasonable Security: Getting on the same page
As regulations and privacy laws require ‘reasonable security’, we are seeing more organizations focusing on their duty of care to all interested parties. We are finding more references to ‘reasonableness’ in breach litigation and security programs. The goal is to have all relevant teams involved in analyzing the appropriate risk for your unique business environment. It is a positive sign that there are increased efforts to incorporate all perspectives to mitigate risk and manage cyber threats – and finding a common language to do so. And more importantly, developing a security program holistically.
2023 Cybersecurity Regulatory and Resources Calendar
Managing your security program is challenging, especially with compliance requirements evolving.
Here is a quick overview of the regulatory landscape for 2023. This reference provides links to the law or rules. It also includes references to help you make informed decisions on priorities, resources and technology to manage your risk.
Herff Jones: Graduation Purchases Lead to a Data Breach and a $4.35 Million Settlement
Herff Jones has been in business for over a century, selling graduation products such as caps and gowns, class rings and yearbooks to students and their parents to help mark their educational accomplishments. On May 12, 2021, the company posted a red banner on the top of its homepage that read “HERFF JONES CYBER SECURITY INCIDENT UPDATE.” The company was the victim of a data breach that occurred between August 1, 2020, and April 30, 2021. The attackers managed to place malware on the company’s servers that was then used to capture customer payment card information. This event resulted in a litigation suit affecting thousands of students and parents from across the country.
(more…)