Use this checklist to make sure you’re on the right side of California’s data privacy law

Businesswoman lounging on a couch with her laptop
Businesswoman lounging on a couch with her laptop
Photo courtesy of Matthew Henry on Burst

The California Consumer Privacy Act (CCPA) became law on January 1, 2020. While it’s not accurate to call the CCPA the “American GDPR,” it did grant California consumers significant new data privacy rights, including the right to know what information companies are collecting on them and why, the right to prohibit the sale of their information, and the right to sue companies that violate their data privacy rights — even absent a data breach.

Does your company have to comply with the CCPA?

Before looking at what goes into a CCPA-compliant privacy policy…


Companies are losing billions to business email compromise scams. Here’s how to recognize BEC before you fall victim.

Image for post
Image for post
Image courtesy of Pixabay on pexels.com

Last July, the FBI reported that global losses from business email compromise (BEC) scams, also known as email account compromise and CEO fraud, had shot past $12 billion. The year 2018 alone ended with over $1.2 billion in losses to BEC, nearly double the figure for 2017.

BEC scams are alive, well, and continuously evolving. A new report by the Financial Crime Enforcement Network (FinCEN), a unit of the U.S. Department of Treasury, estimates that U.S. companies are being drained of $301 million per month. …


Image for post
Image for post
Photo by Todd Diemer on Unsplash

In theory, U.S. government contractors should be very secure, especially those working for the Department of Defense (DoD). The majority of federal contractors are required to comply with NIST 800–171, and DoD contractors have the additional burden of complying with DFARS. Then, there’s the lengthy, extremely expensive FedRAMP certification process, which is a requirement for cloud services providers (pretty much all IT providers these days) that do business with federal agencies.

Despite this alphabet soup of IT security mandates, the cybersecurity posture of federal contractors, including defense contractors, leaves a lot to be desired. Last year, a Wall Street Journal…


Image for post
Image for post
Ecommerce sites are prime targets for credential stuffing, but gaming sites are increasingly under attack as well. Photo courtesy of Igor Miske on Unsplash

Online retailers, banks, hotels, and airlines have been struggling with a tidal wave of credential stuffing, with this form of cyberattack accounting for over 90% of traffic to ecommerce sites. Credential stuffing is fast becoming a significant problem for the gaming industry as well. A recent report by Akamai Technologies found that gaming sites accounted for 12 billion of the 55 billion credential stuffing attacks Akamai recorded over a 17-month period.

Hackers like credential abuse, Akamai points out in their report, because it’s a low-risk, high-profit-potential venture. Months, even years may pass from the time a set of credentials are…


Image for post
Image for post
Photo by NeONBRAND on Unsplash

We’ve all gotten a laugh out of photos on Instagram and other social media networks where the photographer obviously forgot to remove an embarrassing background element before posting a photo, like a sex toy or a half-dressed (or naked) significant other.

This sort of thing happens in workplaces, too (minus the sex toys and naked people), but instead of just being embarrassing, the background elements could get the photographer’s company hacked. …


Image for post
Image for post
Photo courtesy of Oleksandr Pidvalnyi from Pexels

Everyone is familiar with travel safety tips such as leaving valuables at home and keeping their hotel room locked, but few people give any thought to cybersecurity while traveling. Yet according to the 2019 IBM X-Force Threat Intelligence Index, the transportation industry is now ranked second for cyberattacks, up from tenth in 2017.

Hotels, airlines, car rental agencies, and other travel and transportation companies are treasure troves of information that can be put up for sale on the Dark Web, used to orchestrate other cyberattacks, or even leveraged for real-world blackmail or stalking. In addition to credit card numbers and…


Image for post
Image for post
Image courtesy of Negative Space on Pexels.com.

Formjacking is a relatively new, frighteningly simple, and dangerously effective cyber attack that grew rapidly in 2018 and is now infecting nearly 5,000 websites a month. Currently, the primary targets are ecommerce sites, but any website that employs some sort of a form is at risk.

What is formjacking?

Formjacking is often described as the cyber version of ATM card skimming; in fact, the growth of EMV chip technology at brick-and-mortar retailers, which prevents skimming, is one of the reasons why hackers are increasingly turning to formjacking.

A typical formjacking attack involves hackers injecting a few lines of malicious JavaScript…


Image for post
Image for post
Despite its ominous name, shadow IT usually isn’t deployed for malicious purposes. Image courtesy of Pixabay on pexels.com.

“Shadow IT” is a broad term referring to any software, device, or service being used on an enterprise network without the knowledge of the IT department. Prior to the advent of cloud services, this generally meant more technically inclined employees installing software they had purchased on their own onto their desktops. Just like everything else, shadow IT has migrated to the cloud, where it has been growing relatively unchecked. SaaS apps are plentiful, free or very low-cost, and easy for anyone to access and use. Over 80% of employees admit to using unauthorized SaaS applications on the job.

Despite the…


Image for post
Image for post
Photo by Vijay Putra from Pexels

Enterprise cyberattacks are growing more frequent, sophisticated, destructive, and costly, alarming global investors and c-suite executives alike. PwC’s 2018 Global Investor Survey found that investors see cyberattacks as the biggest threat businesses currently face, and business leaders place it in the top three, alongside over-regulation and terrorism.

Here are a few of the biggest cyber threats facing businesses right now.

Phishing

Hackers continue to rely on the old standby attack, phishing, because it works so well. Verizon’s 2018 Data Breach Investigations Report found that 90% of cyber-attacks originated with a phishing scheme. The FBI estimates that global losses due to…


Image for post
Image for post
A new study by Cisco indicates that GDPR compliance reduces the risk and impacts of data breaches, but that doesn’t mean it equates to cybersecurity. Photo courtesy of Christina Morillo on pexels.com.

Compliance with the European Union’s General Data Protection Regulation (GDPR) can be confusing and costly, with organizations reporting having spent an average of $3 million to get in line with the world’s most sweeping data privacy law to date.

It looks as though that was money well spent. Cisco’s latest Data Privacy Benchmark Study found that compliance reduced the risk of becoming victimized by a data breach and lessened the potential impact when one happened. Here’s the lowdown:

· 59% of companies that responded to Cisco’s survey reported being GDPR-ready.

· 74% of GDPR-ready companies reported having experienced a breach…

Teresa Rothaar

Professional freelance copywriter specializing in cybersecurity and cloud. MBA, marathon runner, breast cancer survivor, and X Phile. wildowldigital.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store