As 2018 draws to a close, we’re taking a look back at some of the most valuable insights our authors have shared.  In case you missed it, this is one of the articles our readers couldn’t get enough of this year. The Potential Changes Coming There’s still a significant amount of uncertainty around blockchain, but the technology is already proving transformational, and...

The Potential Changes Coming There’s still a significant amount of uncertainty around blockchain, but the technology is already proving transformational, and its use in the GRC field may just revolutionize the compliance and audit professions. Christian Auty offers several predictions about the impact blockchain will have on compliance. The bloom is off the rose. The uncertainty – regulatory and otherwise – that...

Unpacking the Critical Article 28 On May 25, 2018 the EU will have the right to fine and regulate foreign “processors” of EU subject data, including hundreds of U.S. companies. This article will address ways to protect your organization financially and remain compliant.   Get ready: The EU’s General Data Protection Regulation (GDPR) is set to take effect in under four months...

Responding to a Cyberattack Hardly a day passes without a data breach revelation in the news, and perhaps no industry is more vulnerable for future attacks than health care. In 2015, the health care industry experienced more breaches stemming from cyberattacks than any other industry, a recent report by the U.S. Department of Health and Human Services found. with co-author Bob Morgan...

ICOs Are Challenging Basic Assumptions If the SEC attempts a more robust approach with initial coin offerings, the broader market’s reaction with be fascinating. In this article, Christian Auty article examines why ICOs present a challenge for the SEC and how this impacts regulatory oversight. According to the SEC, about $50 billion in new securities were issued in the 1920s alone, and...

The Global Data Protection Regulation (GDPR) influences the data privacy obligations imposed on companies to protect the unauthorized dissemination data and promote privacy. The GDPR is a step toward one single digital market and has significant momentum notwithstanding geopolitical developments.

When it comes to M&A due diligence, having strong cybersecurity is increasingly important, even beyond breach detection. For the acquiring organization, the primary fear is an unrecognized data breach, but detecting breaches is often difficult. Enterprises in the midst of – and immediately following – a merger are vulnerable, but there are strategies to minimize security risks.

A “breach” is defined as “the acquisition, access, use or disclosure of PHI in a manner not permitted under the HIPAA Privacy Rule.” In opposition to a traditional breach, ransomware causes the data to be too secure, even from its authors and users. The OCR’s guidance provides intel on the probability of compromise in these attacks.

Having a data breach response plan is critical, but even the best plans will fail to account for every possibility. Don’t try to anticipate everything; rather, begin by establishing the core elements and roles that will provide a foundation for a strong and coordinated response.

There’s more to information security than having strong passwords, but without complex passwords (that aren’t used on other websites), any attempts at preventing data breaches will be insufficient. Simple passwords are easy pickings for hackers. When it seems another significant data breach occupies the front page every other week, why make hackers’ jobs easier for them?