The Washington Post and Secure World, a very reputable cybersecurity news group, is reporting that organizations related to helping with this Pandemic have had their credentials exposed, organizations such as:
World Health Organization (WHO)
Center for Disease Control and Prevention (CDC)
The World Bank
U.S. National Institute of Health (NIH)
The Gates Foundation
Wuhan Institude of Virology
The estimate is around 25,000 email addresses and passwords were breached and exposed. The Post is reporting that NIH had issued a statement stating, “We are always working to ensure optimal cyber safety and security for NIH and take appropriate action to address threats or concerns. We do not comment on specific cybersecurity matters, as such information could be used to undertake malicious activities.”
The Post went on to state that the report by SITE, “said the largest group of alleged emails and passwords was from the NIH, with 9,938 found on lists posted online. The Centers for Disease Control and Prevention had the second-highest number, with 6,857. The World Bank had 5,120. The list of WHO addresses and passwords totaled 2,732, according to SITE’s report.”
We live in a dangerous world! We, at Ascension, have found that security and privacy are front and center in every means of this digital world. Feel Free to let us know you opinion on privacy and security.
Ascension Technical Group is hosting an interactive TEAM’S session on April 8th at 10AM-11AM PDT. You can register now and we’ll send you a TEAM request.
The Webinar will provide analysis on the draft Washington
Data privacy Act (WPA), its impact on business and detail the associated
penalties for data privacy breeches.
This webinar will help businesses determine potential security
vulnerabilities and identify a mitigation strategy.
The cyber breech discussion, will review the
benefits of an in-depth security assessment
that includes reviewing current policies,
procedures, technical environments and other security related functions.
Details will be provided on applicable standards including, ISO/IEC 27001, NIST 800-53, ISA 62443, COBIT 5, CIS CSC,
CCPA, GDPR and PCI DSS.
Topics that will be covered include:
Data Security & Privacy
Awareness and Training with related policies, procedures, and agreements.
Governance, Analysis & Mitigation
Information Protection Processes
Identity Management, Authentication and Access Control
Protective Technology, Anomalies and Events, Detection Processes
Response & Recovery Planning
We look forward to your participation in this interactive TEAM’s Session on April 8th at 10 AM -11 AM PDT.
There is current legislation and standing law that will affect your firm’s ability to manage Consumer Data. Legislation is now in process that will affect Human Resource Data of your employee’s next year. Washington State has legislation almost completed today. If you wish to book a free one-on-one briefing, please select the button below and we can call you to advise you of the current issues relating to privacy and security.
Ascension partnering with Insperity, was scheduling, an Executive Briefing regarding Privacy legislation that affects your business. We wanted to invite you or members of your team. Due to the warranted restrictions in preventing the spread of the COVID-19 virus, we are moving the briefing to later this Spring or Summer. However, if you wish to book a free one-on-one briefing, please select the button below and we can call you to advise you of the current issues relating to privacy and security.
After the House of Representatives passed an amended Privacy Bill on the evening of March 6th, the Senate received the Bill and responded ” Senate refuses to concur in House amendments.” The Senate “Asks House to recede from amendments.”
Today, the “House insists on its position and asks Senate for a conference. Conference committee appointed. Representatives Hudgins, Hansen, Dufault.” And the “conference committee request was granted.”
Now, hopefully the committee jointly can work out the details and come to some compromise that helps both the consumer and business.
Tonight, I was watching the debate for Senate Bill SB 6281, Personal Data Privacy Law, in the Washington State House of Representative. There were many amendments to the Bill and many were not adopted to provide clarification for this upcoming law.
However, with the debate heated up and some legislators believing that the bill would fail, the bill did pass. The vote was 56 Yea and 41 Nay, 1 excused.
The next steps are for the Senate to review and vote on the changes made by the House of Representatives. Then off to the Governor if passed.
A West Palm Beach news station WPTC.com, has reported that Police in Stuart Florida, had to let six suspected drug dealers go free, based on lack of evidence. Evidence that was stored on computers at the Stuart Police Department. It has been reported that hackers, using Ransomware, have locked files which would have been positive proof to enable prosecutors to put the suspected drug dealers behind bars.
Ransomware presents a clear and present danger to most companies, governments and non-profits. Here are some of the basic suggestions to help reduce the threat of ransomware:
Patch Management of systems should always be frequent and tracked thoroughly.
Misuse or misconfiguration of remote access techniques that allow outsiders to penetrate systems and networks undetected.
Access Management issues. Users should be classified and given the least amount of privileges to allow them to effectively do their work. Most administrators are not providing a clear and effective means for granting and managing user rights.
Misconfiguration and/or lack of monitoring Anti-Virus/Malware systems.
Backup verification and validation. Making sure the backup are working correctly.
Of course, Security Awareness is the cornerstone of prevention.
Just letting you know, Ascension will be holding Privacy & Security presentations starting in April, if you wish to attend or wish to contact us regarding this new development, please email us at firstname.lastname@example.org or call at 425-750-0760.
Overwhelmingly the Washington State Senate passes a sweeping Consumer Privacy Law, posed to be one of the strongest consumer data privacy protection statute in the country.
Senators voted 46-1, in favor of Senate Bill 6281, sponsored by Sen. Reuven Carlyle of Seattle. In the Bill, the following summary was provided to outline the scope of the new law:
Provides Washington residents with the consumer personal data rights of access, correction, deletion, data portability, and opt out of the processing of personal data for specified purposes.
Specifies the thresholds a business must satisfy for the requirements set forth in this act to apply.
Identifies certain controller responsibilities such as transparency, purpose specification, and data minimization.
Requires controllers to conduct data protection assessments under certain conditions.
Authorizes enforcement exclusively by the attorney general.
Provides a regulatory framework for the commercial use of facial recognition services such as testing, training, and disclosure requirements.
As of today, the bill has been advanced to the House of Representatives and currently is in the Innovation, Technology & Economic Development Committee. Scheduled for public hearing in the House Committee on Innovation, Technology & Economic Development on Feb 21 at 10:00 AM.
Ascension will be holding Privacy & Security presentations starting in April, if you wish to attend or wish to contact us regarding this new development, please email us at email@example.com or call at 425-750-0760.
Currently the Washington State Legislative will likely pass a very strong Consumer Data Privacy law. As many of you know, California has already made the first step in clear language dictating that businesses must change the manner in which Consumer data is managed and protected. That legislation is called California Consumer Privacy Act (CCPA). Many other states are in the process of legislation this year like CCPA and/or GDPR.
With the California current law and Washington’s new law, Consumers have rights to the following:
Personal Information Rights
Requiring business not to sell their personal data
Requiring opt IN rather than Opt OUT practices
Right to be Forgotten
A Consumer can require a business to permanently remove any and all Personal Information
Right to Know
Personal Information disclosure by company to a person of what personal information exists and how it is used
Right to equal service and price
Consumer will have the right to object to any profiling, direct marketing and statistical research on current or historical Consumer data. Including clear restrictions on any discriminatory actions by a company against Consumers who wish to exercise their right to privacy.
In our discussions with Policy makers, Washington state as well as other states will have adopted very strong data privacy laws that protects consumer’s. We encourage business to begin considering how to accommodate these near-term changes.
For more Privacy related information please request below:
(This information will not be resold or used in any other way, other than to contact you regarding Privacy Legislation)
Without question, we are seeing security become top of mind for leadership. Many organizations are becoming fearful of the almost certain prospect, that they will become victims of a data breach and/or ransom-ware in the near future. More than ever, firms need to take an offensive position and actively secure their organizations–the first step is knowledge.
Here is a primer for developing and managing a Cyber Security process to help you and your firm become more secure. This is a straight-forward process, we use at Ascension, to help companies achieve high levels of security compliance.
Unfortunately, after a breach, leaders call us to help them recover. I hear many of them say:
“What really happened? Are we responsible? Why did I get targeted?
Please feel free to call and ask any and all questions you may have regarding Cyber Security.