California has a history of creating legislation that creates a ripple effect that affects consumers in other states. While the laws only affect California, they often push companies into adopting the rules broadly – for example, California’s strict auto emissions standards have been adopted in 16 other states since 2004. “What California does definitely impacts the national conversation,” says state Senator Scott Wiener. As the home of some of the biggest names in technology, it’s no surprise that California’s legislators are especially concerned about cybersecurity. In 2018 alone, California has passed several laws that they hope will inspire other states – and ultimately, Congress – to passing cybersecurity laws that better address the issues of our time. However, these laws have also attracted criticism from tech companies, cybersecurity experts, and the Federal Government. These laws may come to affect you, which is why we’ve created this guide.
Tag: cybersecurity laws
Breaking news last week, the NIST (National Institute of Standards and Technology) Small Business Cybersecurity Act was signed into law. The bill will provide an avenue of resources and guidelines for small businesses to reduce their cybersecurity risks. Up next, Black Hat, one of the world’s largest information security conferences, took place in early August 2018 in Sin City. The conference held many briefings on politics, legislation, and Machine Learning (ML) and Artificial Intelligence (AI) in cybersecurity, as well as the challenge of endpoint security for many IoT devices. A topic of importance came from Kryptowire, a mobile security research firm that found firmware vulnerabilities in as many as 10 million Android devices in the United States that have remote escalation privileges.
Cybersecurity issues can occur anywhere, even in cardiac devices and pacemakers. The U.S. Food and Drug Administration (FDA) announced an upgrade to the firmware installed on certain vulnerable cardiac devices. The update protects these devices from unauthorized access that could be harmful to patients. Also making headlines last week, Georgia’s governor vetoed a bill that would have criminalized unauthorized computer access. The bill received blowback from the state’s booming cybersecurity industry for claiming vulnerabilities in important computer systems would not be uncovered and disclosed responsibly. As a result, cybercriminals would be able to exploit them with ease.
Decoding Security is celebrating National Small Business week by sharing simple recommendations that small businesses can use to protect themselves from today’s ever evolving cyberthreats. But first, we take a look at what’s trending in the news. Two additional security updates were released by the Drupal security team last month as part of continuing maintenance efforts after the discovery of the initial Drupalgeddon2 vulnerability in March. Drupal is urging its users to implement these updates immediately to avoid possible compromise. Meanwhile, the RSA Security Conference took place in San Francisco last month, drawing thousands of attendees from across the globe. However, the third-party mobile app built for the mega IT security conference was found to have a vulnerability, which could have potentially leaked the first and last names of attendees.
Gearing up for another annual spring cleaning? Add a digital deep clean to your to-do list! Our hosts, Jessica Ortega and Ramuel Gall, share easy and valuable tips for conducting a digital spring clean of your website and everyday devices. With their help, you’ll be able to spring into the rest of the year with updated and more secure devices!
If your New Year’s resolution is to protect yourself from cyberattacks, you’re in luck! This week on Decoding Security, security analysts Jessica Ortega and Ramuel Gall share their predictions for the top cybercrime trends in 2018. Our hosts also identify ways you can arm yourself against these ever-evolving threats. We don’t want to give away their predictions, but we’ll give you a hint: if your holiday gifts included a digital assistant like Amazon Alexa or Google Home, be sure to tune in!
We’ll also catch you up on the latest cybersecurity news, including the 25 Worst Passwords of 2017 and a leaky server that exposed 300,000 email addresses and login credentials from Ancestry.com.
Happy New Year from SiteLock and Decoding Security! Our New Year’s resolution is to continue to bring you a fun and informative podcast, so make sure you keep up by subscribing on YouTube, iTunes, or Google Play!
Office of Personnel Management Director Katherine Archuleta resigned last Friday, a day after revealing that the recent data breach of employee information was much larger than originally thought and had probably affected 22.1 million current, former and prospective US government employees and their family members. Archuleta’s departure has been confirmed in an email she sent to OPM staff. Beth Cobert, previously the U.S. chief performance officer and a deputy director at OPM, has taken over as the acting director of OPM since last Saturday.
A new report from the U.S. Government Accountability Office (GAO) suggests that U.S. banking regulators must hire and train more examiners with technology expertise to give more useful cyber security recommendations to small and mid-sized banks. According to GAO, many U.S. credit unions are vulnerable to cyber threats from outside vendors that help run their businesses, because their overseer, the National Credit Union Administration (NCUA) lacks authority to review technology practices of those companies.
A recently released Insider Threat Report collected data from over 500 cybersecurity professionals to examine industrial efforts against insider threats. According to the report, although there has been a rise of insider threats over the last 12 months, organizations are not fully prepared for it yet. The report also examined which user categories showed the largest threat, the most vulnerable applications and data, common launch points for attacks, budget trends and more.
When the Federal government starts rolling out legislation that requires all federal websites to make sure they’re a secure place to visit, it’s worth speculating whether regulating business websites for the same purpose might not be very far behind.
The Safe and Secure Federal Websites Act was first introduced as a bill in 2013 and was finally passed into law in July of this year. The law requires that any federal agency that launches a new website, or that has launched any website since 2012, has to certify that those websites are safe.