“You don’t drown from falling into the water, you drown from not getting out.” Think about that — and think about how that applies to cyber security and data breach issues facing companies in today’s cyber world. Here, in my first ever video blog post, I explain this issue with more detail.
“Visa, MasterCard, Discover, American Express and their banking partners have set a government-enforced deadline of Oct. 15 for a “liability shift” that, for the first time, would make merchants liable for fraudulent charges that result from using point-of-service readers that can’t read chip-and-pin EMV cards. The issuers have been implementing the technology, but it’s still up to companies including Home Depot, Target, Neiman Marcus and others to implement it or be held responsible for fraud resulting from continued use of magnetic strips.”
This quote comes from, Chip-and-PIN Procrastination Is Endangering Your Credit Card, an excellent article that goes into great detail to explain this technology, why you need it, and why the security benefits outweigh the inconvenience factor.
“What do I talk about?”
No, it’s not that I don’t have anything to say — for goodness sakes, you all know that I always have something to say!
The problem I am having is that I had planned to talk about cyber risk compliance and the key elements of what a good cyber risk compliance program needs to include and why. Interesting topic, right? :)
But tonight I saw where a local restaurant that just may be my favorite Tex-Mex place of all — Blue Goose Cantina — had a data breach last week. What was interesting is that they announced it via Facebook at what seems like a very preliminary stage. So, I am thinking I just may make this the focal point of my presentation and use it as an ad hoc case study.
Leave me a comment and let me know what you would rather hear?
Let me make sure I have this right … the same company officials who are currently being warned about cyber risk but are not finding it significant enough to act are going to be the ones who determine whether there is a reasonable chance that customers will be harmed — from their data breach — and if, in their judgment there is not, they will not have to go through a breach response? Really???
“The proposed law would require quick disclosure by companies if there is a risk of serious identity theft or fraud, the Wall Street Journal’s Risk & Compliance Journal (sub. req.). But there would be no need for disclosure when company officials believe there is no reasonable chance that customers will be harmed.”
“Thieves managed to steal information on more than 100,000 taxpayers from the IRS,” Commissioner John Koskinen said Tuesday
“’This is not a security breach. Our basic information is secure,’” Mr. Koskinen insisted.
Well, I am glad to know that stealing consumer data from the computer of an entity to which it was entrusted is not a security breach. Nothing to see here. Move along …
“Personal information of more than 1 million current and former CareFirst BlueCross BlueShield members was leaked in a cyberattack on the insurer’s database.” The information exposed included names, birth dates, email addresses, and subscriber identification numbers. The attack was similar to the Premera BlueCross breach, which was hit one month earlier than CareFirst.
I have always been a fan of AllClear ID for being the best of the best at handling breach response logistics but now, I have to give them a shoutout for another reason. AllClear has a Resources page with some of the very best and most well-respected law firm blogs in the world.
While I am certainly not saying it is deserved, it is very much appreciated that they have chosen to include this blog — the Business Cyber Risk Law Blog — among such great company. Go check it out and you will see for yourself why this is such an honor.
Thank you AllClear ID!