Receive articles and resources from the information risk management experts at FoxPointe.
New York State Department of Financial Services (NYSDFS) has proposed several changes to the existing 23 NYCRR Part 500 – Cybersecurity Requirements for Financial Services Companies (the Cybersecurity Regulation or Part 500). They include items such as: Classification of “Class A” companies, which are those with over 2,000 employees or...
New Cyber Incident Reporting The NCUA has proposed a new Cyber Incident Reporting Rule. This proposal comes on the heels of the Federal Banking Agencies Incident Reporting Rule that went into effect earlier this year. The proposed NCUA regulation would require federally charted credit unions (also applies to state-chartered, federally...
Benefits of a vCISO Cyberattacks and data security breaches continue to grow at a record pace year after year. According to recent surveys, over 60% of cybersecurity professionals saw an increase in cyberattacks and security breaches related to the pandemic. In order to defend against these attacks, businesses need to...
Cybersecurity Jurisdiction Data privacy and protection regulations are becoming increasingly common worldwide. This month marks four years since the European Union’s General Data Protection Regulation (GDPR) took effect. During the GDPR’s first four years, more than $1.5 Billion in fines have been assessed. In addition, several states have passed data...
Computer Incident Notification Rule In the final quarter of 2021, the Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System, and the Office of the Comptroller of the Currency (the agencies), issued a rule requiring any FDIC insured financial institution to notify its primary Federal...
PCI Standard v4.0 In March 2022, the Payment Card Industry Security Standard Council (PCI SSC) released its initial draft v4.0 of the standard. Based on the initial draft release, the following critical changes are assumed to be incorporated into the new version of the PCI standard: For merchants, sensitive authentication...
Cyberattacks February 24, 2022, Russia began its large-scale military invasion of Ukraine, one of its neighboring countries. Many international organizations, like Apple and Volkswagen, have taken a stance by applying sanctions against Russia in hopes of encouraging Russia’s President, Vladimir Putin, to stop its invasion without starting a world war....
The Bonadio Group and their cybersecurity division FoxPointe Solutions highly recommends and encourages that our customers invest in an ongoing compliance solution that can help support its company’s internal controls and compliance requirements before an internal audit is performed by an independent third-party. Not only does an effective and valuable...
Apache Log4j Apache Log4j is an open-source library that is utilized by applications to facilitate logging requests. On December 9th, 2021 a vulnerability was reported (CVE-2021-44228 from the National Vulnerability Database) that impacts applications leveraging Apache Log4j versions 2.14.1 and below. The identified vulnerability can allow malicious actors to perform...
What is Phishing? Phishing is defined as a form of social engineering that use email or malicious websites to solicit personal information by posing as a trustworthy organization. When users respond with the requested information, attackers can use it to gain access to the accounts. Phishing is often in the...
Stopping Ransomware In today’s world of everchanging technology, the fastest growing method of cyber-attacks is Ransomware. “Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable, and malicious actors then demand ransom in exchange for decryption.”...
SOC 2 + HITRUST CSF Report Based on the Verizon Data Breach Investigations Report of 2021, healthcare and outsourced service providers continue to be two of the most popular targets for cyber criminals. The most common attacks occur through human error, basic web application attacks, and system intrusion. In order...
