News &
Information

Chrome Malware Extension Campaign Discovered: What Steps Do You Need To Take?

Malware is lurking on many browser extensions. Read how to find it and prevent it.

Check File Extensions To Help Prevent Malware Infections

Microsoft users should change their defaults, and all users should check extensions before downloading a file. We examine.

Working Remotely Increases Cybersecurity Risks On All Fronts

Extensive cybersecurity training for all employees, with additional training for remote workers, can help reduce cyber risks. We examine how remote work environments increase risk.

Network Segmentation And Training: Leadership Is Important For Preventing Breaches

A mistake by senior leadership leads to ransomware and payment of half a million dollars. We examine what steps organizations can take to prevent the same mistake. ?

Data Breach Notification Plans Are Necessary For Reacting To A Breach

Words with Friends and Draw Something creator Zynga faces a class action lawsuit over a 2019 data breach that compromised the account passwords of between 170 million and 218 million users of the popular apps.

 

The lawsuit alleges that Zynga negligently "failed to reasonably safeguard" user data.

 

Zynga is not responsible under the law for the nefarious acts of others. However, the plaintiffs allege Zynga did not meet industry data protection standards or the obligations set forth in its own privacy policies.

 

In addition, the plaintiffs allege, if Zynga knew about the breach and waited too long in violation of statutory requirements to notify affected individuals, the organization could be liable for damages.

 

Because the data of minors was compromised in the breach, the court may apply a heightened standard.

 

Cybercriminals often target organizations such as Zynga that grow very quickly. The 2019 cyberattack against Zynga is reported to be the tenth largest cyberattack of all time. Sam Desatoff "Zynga is being sued for a 2019 data breach" gamedaily.biz (Mar. 04, 2020). 

Commentary

Every organization must have protections in place to safeguard the data of every single employee, customer, and client.

 

Protecting personal information in secure databases and controlling password access should be a top priority. Stay on top of the latest cyber protections and implement the best software and hardware protections you can.

 

Train all employees on how to safely store and access data. Only give employees who need it access to your databases. Require them to use a unique, strong password that they keep secret.

 

Organizations must also have a plan for how to manage a data breach. Know your state’s data breach notification requirements. Most states require organizations to notify affected individuals within a certain timeframe—generally, as quickly as possible—following a data breach.

 

In order to avoid running afoul of your state’s data breach notification laws, work with your cybersecurity team and your legal counsel to create a plan that takes into account the form notification must take, the timeline, and who must be notified.

Finally, your opinion is important to us. Please complete the opinion survey: