The National Cybersecurity Alliance has designated Data Privacy Week 2023 to be January 22-28. Fortalice Solutions has partnered with the National Cybersecurity Alliance as a Data Privacy Champion. With the overall goal of increased awareness about online privacy among individuals and organizations, one goal of Data Privacy Week is to help organizations understand why it is important that they respect the data of their users, employees and suppliers.
Also known as information privacy, it is a branch of cybersecurity involving data security to properly handle the collection, storage, dissemination and destruction of information contained within an organization and shared with any partners or third parties.
Currently there are U.S. federal and state laws and regulations regarding data privacy and protection in many industries. The Health Insurance Portability and Accountability Act (HIPAA) is an example designed to protect patient information in health care and health insurance. Another example in finance, is the Gramm-Leach-Bliley Act (GLBA) to protect nonpublic personal information such as income, credit rating, and financial services.
The first step to ensuring your organization follows laws and regulations, and is up-to-date on all mandates, is to assess your data collection practices. Ensure you have documented procedures on what data is collected and how it is managed. This includes understanding the data flow and ensuring appropriate controls exist around where data is stored and how it can be accessed or distributed.
Generate and follow security measures to keep individual personal information safe from unauthorized access. Doing so includes processes used within your organization and oversight of actions taken by your partners and vendors.
Ensure the terms of service and privacy agreements for your organization are easily accessible and available for review. Then verify the actions taken by employees follow the agreement and have documented procedures to guide those actions.
Data Privacy Week is the perfect time to share privacy protection information with your employees. Share current best practices and use this week as an opportunity to educate your employees about data privacy.
Fortalice can work with your organization to understand the recommendations and control requirements that are best for your organization and industry. Adopting a privacy framework can help you manage risk and create a culture of privacy in your organization by building privacy into your business processes. Fortalice recommends using these Privacy Frameworks:
• Cybersecurity & Infrastructure Security Agency Privacy Framework
• ISO/IEC 27701 - International Standard for Privacy Information Management
For additional information on Fortalice Solutions's service offerings, contact Fortalice Solutions via email at firstname.lastname@example.org.
During the course of our investigative work, Fortalice has observed an increasing and alarming trend: personal email compromise is leading to business email compromise. Threat actors will leverage weaknesses regarding executives’ or board members’ personal cybersecurity hygiene to gain access to their business accounts. Extortion also remains a top cybersecurity threat, with organized criminals overseas routinely targeting corporations and the people who support them.
Silicon Valley Bank (SVB) was shuttered early this month and had its deposits seized in the largest U.S. bank failure since the 2008 financial crisis. Although it may seem like SVB’s collapse will only impact its direct customers and depositors, it is far more complicated. Like vultures to roadkill, cyber scammers often wait to exploit and target victims after tragedy strikes, or bad news arises. A perfect storm of stress, uncertainty, and urgency for customers and vendors alike during this time can impair someone’s judgement when they click links and open emails they otherwise would ignore or delete. Fortalice has outlined a few different ways cybercriminals social engineer their victims during times of extreme distress and insecurity.