Signed into law by the governor of New York in July 2019, the SHIELD Act goes into effect on March 21, 2020.  The law covers all employers, individuals or organizations, regardless of size or location, which collect private information on New York State residents.  Failure to implement a compliant information security program is subject to enforcement […]

On December 17th, 2018 I held a teleconference to discuss the topic of  the NIST Cybersecurity Framework with my partner Eric Burke Cybersecurity expert and consultant, Jeff Miller.  The complete video is published on YouTube.  Below, we are also providing a transcript of the entire call.  This content is also available in the form of […]

On October 22nd, 2018 I held a teleconference to discuss the topic of Information Technology (IT) Policies with data privacy expert, Michael Feldman, Esq. and Cybersecurity expert and consultant, Jeff Miller.  The complete video is published on YouTube.  Below, we are also providing a transcript of the entire call. Daniel: All right, guys, welcome back […]

On September 24th, 2018, I held a teleconference to discuss the topic of Chief Information Security Officer (CISO), and Chief Information Security Officer as-a-Service with data privacy expert, Michael Feldman, Esq. and Cybersecurity expert and consultant, Jeff Miller.  The complete video is published on YouTube.  Below, we are also providing a transcript of the entire […]

In a word, yes.  HIPAA section 164.308 requires covered entities to “implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.” Is it reasonable to have employees’ potentially leaving unencrypted laptops in the back seats of taxi cabs with private data on them?  Of course not!  The scenario of stolen, […]

  The non-stop drumbeat of devastating headlines has woken up many business owners and executives to the perils of data breaches and theft. As a result, many have carved out large portions of their IT budgets to protect their valuable, mission-critical business data. And then they get out their checkbooks and pay for these services with […]

Years ago you would only read about a data breach once in a blue moon – it was the rare exception. Fortunately, it continues to be the rare exception, but as the world has moved to become fully digital, the frequency of significant data breaches is no longer like finding a four-leaf clover. Every business […]

If you do any kind of military contract work, you are required to implement a minimum set of cybersecurity controls in your organization.  The DoD requires all military contractors and subcontractors to adhere to DFARS 252.204-7008 which is essentially just a pointer to NIST SP800-171. NIST SP800-171 is entitled “Protecting Controlled Unclassified Information in Nonfederal […]

With the proliferation of both small and high-profile breaches occurring globally, it is vital to identify and diagnose security vulnerabilities in your company’s IT infrastructure and assets before a breach or intrusion takes place. Penetration testing, also sometimes called 3rd. party pen testing when done by an outside firm, offers real-world, real-time analysis to determine […]

Running a business of any kind means accepting payments, often via credit card. Because thieves target these transactions, you and your customers are at risk. How much? Credit card theft cost U.S. consumers $16 billion in 2016. Making payments safe for consumers is crucial for your business reputation. As a business owner, you need to […]