It’s 2019, and we are connected to everything, creating massive amounts of data which has been rather enticing to cyber criminals.

California’s IoT Law is a first for the nation, but likely not the last of its kind. The State of California has taken a leadership role toward cybersecurity and protecting its residents’ personal information in particular.

New York has enacted the SHEILD Act to better protect residents of their private information against data breaches. The Act takes effect March 21st, 2020. Luckily, our VP of Compliance covers all the necessary topics in regards to this law. This month, we cover everything you need to know about this law and how to stay in compliance with it! 

This edition we answer:

• What does SHIELD stand for?
• What do I need to do to comply?
• What is considered "Personal Information"?
• What are "reasonable" data security requirements?
• Would the SHIELD Act include any exceptions for small businesses?
• What are the proposed penalties for noncompliance?
• How can DE help me stay in compliance?

In the beginning of the year, we came out with an article discussing GDPR- one year since passing. It was clear that GDPR wasn't something to be taken lightly as the fines stacked up for many companies. Now we have the visual proof. 

A big misunderstanding we see every day when working with clients is that security can be ensured by buying a device, or implementing a software, or changing one small thing. However, security is an ongoing process- it's an attitude. With constant threats emerging, IT security governance is imperative. Our VP of Compliance dedicates this edition to fully understanding IT Security Governance! 

A common question topic posed to me, the VP of Compliance, from both non-IT and IT professionals alike revolve around the concept of RPO and RTO with regards to Business Continuity Management.  Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are two of the most important parameters of a sound disaster recovery plan.

This month, I explain everything you need to know about RPO and RTO! 

Happy Birthday GDPR! On May 25^th, internationally we will be “celebrating” the first anniversary of the EU’s General Data Protection Regulation (GDPR). Nearly one year later, have the stricter rules really made a difference? Consumers are definitely seeing more pop-up privacy notices online, thanks to GDPR, but for now the astronomical fines the new regulations threatened have not yet surfaced.

Vendor Management Requirements in CyberSecurity Standards

Are you in control of third-party risk? Do you have a sound vendor management department? Do you audit your suppliers?

In a short nine months, there has been hundreds of thousands of cases and millions in fines.

And this is just the start.

What Cyber Laws Apply to Me?

It is becoming ever so clear that compliance isn't an easy task handled by the IT department, but that it's a team effort from all the departments. This makes it more difficult in regards to what's applicable so our VP of Compliance has broken down all the laws into simpler terms to be able to distinguish which law you must abide! 

One method of ensuring greater cybersecurity protection in a world of hacks and breaches: to undertake regular and programed cybersecurity audits and assessments.

The thought of an audit may strike fear in many individuals at all levels in an organization. Mostly, audits are routine and serve to ensure there is at the minimum a check-and-balance to satisfy whichever regulatory body requires it. When there are non-conformities found, it shouldn't be looked upon as a negative thing. 

This month, our VP of Compliance speaks to the benefits of non-conformities.