Authentication, Financial Services, Insurance and Training

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. Since Carnival was licensed by the Department to sell insurance in NY State, it was treated as a covered entity under the Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

KnowBe4

MARCH 28, 2023

Security awareness training still has a place to play here." New-school security awareness training with simulated phishing tests enables your employees to recognize increasingly sophisticated phishing attacks and builds a strong security culture. Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.

Phishing

Phishing Security awareness Insurance Cybersecurity

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance

Insurance Cybersecurity Data breaches Financial Services

A massive phishing campaign using QR codes targets the energy sector

Security Affairs

AUGUST 16, 2023

Other top 4 targeted industries include Manufacturing, Insurance, Technology, and Financial Services seeing 15%, 9%, 7%, and 6% of the campaign traffic respectively.” Experts warn that the Energy sector was a major focus of this campaign, followed by manufacturing, and insurance. ” continues the report.

Phishing

Phishing Energy and Utilities Insurance Manufacturing

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Data Matters

MARCH 28, 2022

Department of Health and Human Service’s Office for Civil Rights (“OCR”) issued industry guidance for Health Insurance Portability and Accountability Act (“HIPAA”) regulated entities to take preventative steps to protect against some of the more common, and often successful, cyber-attack techniques. On March 17, 2022, the U.S.

Cybersecurity

Cybersecurity Privacy Insurance Risk

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Data Matters

APRIL 20, 2021

DOL guidance provides a series of questions that should serve as a starting point for this review and includes topics such as the service provider’s information security standards, track record, cybersecurity insurance coverage, and cybersecurity validation techniques.

Cybersecurity

Cybersecurity Insurance Risk Compliance

NYDFS settles cybersecurity regulation matter for $3 million

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. Training and monitoring materials. NSC), relating to violations of three different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2020.

Cybersecurity

Cybersecurity Financial Services Phishing Compliance

The most valuable AI use cases for business

IBM Big Data Hub

FEBRUARY 14, 2024

But right now, pure AI can be programmed for many tasks that require thought and intelligence , as long as that intelligence can be gathered digitally and used to train an AI system. Generative AI can produce high-quality text, images and other content based on the data used for training. We’re all amazed by what AI can do.

Artificial Intelligence

Artificial Intelligence Retail Unstructured data Insurance

What is Cybersecurity Risk Management?

eSecurity Planet

FEBRUARY 11, 2022

The simplest example may be insurance. Life, health, auto, and other insurance are all designed to help a person protect against losses. Read more : Becoming an MSSP: Tools, Services & Tops for Managed Security Services. Risk management is a concept that has been around as long as companies have had assets to protect.

Risk

Risk Cybersecurity Encryption Access

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

However, basic cybersecurity tools and practices, like patching , strong passwords , and multi-factor authentication (MFA), “can prevent 80 to 90% of cyberattacks,” said Anne Neuberger, deputy national security advisor for cyber and emerging technologies, during a White House press conference in Sept. Cybersecurity training and awareness.

Ransomware

Ransomware Cybersecurity Phishing Encryption

NYDFS Requires COVID-19 Plans by April 9

Data Protection Report

APRIL 2, 2020

On March 10, 2020, the New York Department of Financial Services (NYDFS) issued guidance to all of its regulated institutions engaged in virtual currency business activity, requiring them to have plans for preparedness to manage the possible operational and financial risks posed by the COVID-19 pandemic.

Risk

Risk Communications Authentication Financial Services

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

Of particular note, the Safeguards Rule NPRM proposes to align the FTC’s requirements with those of the New York Department of Financial Services (“NYDFS”), as found in its cybersecurity regulations, and the National Association of Insurance Commissioners (“NAIC”), as found in its insurance data security model law.

Privacy

Privacy IT Information Security Insurance

US: Coronavirus – Cybersecurity considerations for your newly remote workforce

DLA Piper Privacy Matters

APRIL 2, 2020

Awareness and Training. Various laws and best practices speak of the need to train network users on the latest security best practices. Multi-Factor Authentication. Multi-Factor Authentication (MFA) is a powerful tool in combating potential unauthorized access to systems where access credentials have been lost or stolen.

Cybersecurity

Cybersecurity Phishing Authentication Access

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

The proposed Rule will also require multi-factor authentication for any individual accessing customer information, but, unlike the NYDFS which imposed a similar requirement in the Cybersecurity Regulation, the FTC declined to endorse text messages as a permitted second factor. Employee training.

Privacy

Privacy Risk Cybersecurity Information Security

Best Fraud Management Systems & Detection Tools in 2022

eSecurity Planet

SEPTEMBER 16, 2022

In its 2021 Threat Force Intelligence Index , IBM reported that manufacturing and financial services were the two industries most at risk for attack, making up 23.2% Fraud.net offers specific solutions for a number of industries, including gaming, financial services, and eCommerce, as well as government organizations.

Analytics

Analytics Risk Authentication Financial Services

US: Surviving the service provider data breach

DLA Piper Privacy Matters

JULY 30, 2019

Some states – such as Alabama, Massachusetts and New York (for financial services companies) – prescribe particular requirements of a “reasonable” cybersecurity program. At least nine states expressly extend these requirements to service providers. Proof of adequate cyber insurance coverage.

Data breaches

Data breaches Cybersecurity Financial Services Risk

SHARED INTEL: Akamai reports web attack traffic spiked 62 percent in 2020 — all sectors hit hard

The Last Watchdog

MAY 24, 2021

billion hitting financial services organizations — an increase of more than 45 percent year-over-year in that sector. billion web app attacks last year, with more than 736 million targeting financial services. billion web attacks globally; 736 million in the financial services sector. A: Everything.

Financial Services

Financial Services Passwords Data breaches Authentication

The Hacker Mind Podcast: Going Passwordless

ForAllSecure

JANUARY 19, 2022

To use a service, we enter our user name and a password. But this method of authentication is flawed; either hashed or hashed and salted, usernames and passwords can still be stolen and reused. It seems to me that that's where we get into multi factor authentication, that the composite if different forms of ID tells someone who we are.

Passwords

Passwords Authentication Access Data breaches

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

KnowBe4

JUNE 20, 2023

This incident highlights how the North Korean regime trains cybercriminals to deceive people by impersonating tech workers or employers as part of their illegal activities. Train them not to fall for bogus job offers. A specific example of their actions involved using a fake job offer to trick a startup into losing over $600 million.

Data breaches

Data breaches Phishing Security awareness Ransomware

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Board-management discussions about cyber risk should include identification of which risks to avoid, which to accept, and which to mitigate or transfer through insurance, as well as specific plans associated with each approach. Source Authentication. Principle 5.

Cybersecurity

Cybersecurity Risk Passwords Authentication

Best Digital Forensics Tools & Software for 2021

eSecurity Planet

AUGUST 13, 2021

When disaster hits, the firm offers data retrieval and recovery services, and for ensuring your organization is prepared for disaster, GDF has its forensic readiness assessments. Added features include GPS and smartphone tracking, internet history analysis, image recovery and authentication, and chip-off analysis.

e-Discovery

e-Discovery Computer and Electronics Marketing Compliance

USAID Email Phishing Campaign Shows Supply Chain Threats Continue

eSecurity Planet

JUNE 1, 2021

“From there, the actor was able to distribute phishing emails that looked authentic but included a link that, when clicked, inserted a malicious file used to distribute a backdoor we call NativeZone,” Tom Burt, corporate vice president of customer security and trust at Microsoft, wrote in a blog post late last week.

Phishing

Phishing Cybersecurity Government Authentication

Information Management Today

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

Trending Sources

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

A massive phishing campaign using QR codes targets the energy sector

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

NYDFS settles cybersecurity regulation matter for $3 million

The most valuable AI use cases for business

What is Cybersecurity Risk Management?

What is a Cyberattack? Types and Defenses

NYDFS Requires COVID-19 Plans by April 9

Transition period under New York Cybersecurity Regulation ends March 1, 2019

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

US: Coronavirus – Cybersecurity considerations for your newly remote workforce

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

Best Fraud Management Systems & Detection Tools in 2022

US: Surviving the service provider data breach

SHARED INTEL: Akamai reports web attack traffic spiked 62 percent in 2020 — all sectors hit hard

The Hacker Mind Podcast: Going Passwordless

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Best Digital Forensics Tools & Software for 2021

USAID Email Phishing Campaign Shows Supply Chain Threats Continue

Stay Connected