Social Media and Regulatory Compliance: Is Your Company Protected?

April 22nd, 2014

By Camille Stewart

Proofpoint hosted an excellent webinar a few weeks ago on “Tweets, Feeds, & Chatter: Social Media and Regulatory Compliance in 2014“, which I’ve summarized here. Presenter Nick Hayes, an analyst at Forrester Research, discussed a number of regulatory pitfalls companies should be aware of as they navigate this challenging landscape.

As Hayes stated, “Social media is pervasive, but complex.” Embracing social media is a given for most companies and employees these days, but organizations must engage with it in a way that does not put the company at risk. According to Hayes, “the most productive people at your company use social media, even in the most heavily regulated industries.” Social media is clearly a phenomenal and useful tool, but how do you govern it effectively?

Read the rest of this entry »

Social Media Monitoring and Compliance: Five Best Ways to Navigate Complexity in the Workplace, Part IV

April 15th, 2014

by Tobias Losch, GLEG

In this blog series on social media and online monitoring, we’ll discuss five best ways for companies to address compliance regulations – and protect their organizations – while respecting employee and third-party privacy concerns.

In our previous post, we discussed why it’s important to be transparent when establishing social media monitoring and why you should have a formal social media policy. In our fourth and final post, we’ll take a look at how a third-party monitoring service can be helpful.

Read the rest of this entry »

The Heartbleed Bug: Cutting Through the Noise

April 10th, 2014

As a trusted security partner, our phones have been blowing up the past 24 hours with clients calling to ask us about the Heartbleed bug found in the OpenSSL library. It’s been all over the news, and some of the brightest security minds out there are throwing around really scary words like “catastrophic” and “doomsday”. We’ve been delving into the details the last few days, and working in cooperation with our friends at Codenomicon, the security vendor that discovered the bug.

Short version? There’s no doubt this is a serious vulnerability, and it’s incredibly widespread, both of which do make this a scary one. Still, there are facts and then there’s hyperbole, so let’s see if we can boil down some facts.

We’ve studied the problem, we’ve consulted with other security experts, we’ve gone through the remediation process ourselves, and we’ve worked with several clients to help them fix their own sites, so hopefully we can clear up some of the noise, and tell you what you really need to know in a simple, concise form. Without further ado, here is our take on “The Heartbleed Bug – what you really need to know.”
Read the rest of this entry »

Social Media Monitoring and Compliance: Five Best Ways to Navigate Complexity in the Workplace, Part III

April 9th, 2014

by Tobias Losch, GLEG

In this blog series on social media and online monitoring, we’ll discuss five best ways for companies to address compliance regulations – and protect their organizations – while respecting employee and third-party privacy concerns.

In our previous posts, we discussed why companies need to find a balance between a legitimate interest in finding misbehavior and meeting compliance requirements with expectations of privacy, along with why you need to set objectives and clear boundaries. In today’s post, we’ll examine the need for transparency and a social media policy.
Read the rest of this entry »

Social Media Monitoring and Compliance: Five Best Ways to Navigate Complexity in the Workplace, Part II

April 7th, 2014

by Tobias Losch, GLEG

In this blog series on social media and online monitoring, we’ll discuss five best ways for companies to address compliance regulations – and protect their organizations – while respecting employee and third-party privacy concerns.

In our previous post, we discussed why it’s important to have a clear understanding of what you are looking for and what your objectives. In today’s post, we’ll examine why you need to set boundaries.
Read the rest of this entry »

Social Media Monitoring and Compliance: Five Best Ways to Navigate Complexity in the Workplace

March 27th, 2014

7330418692_6b986c0a72
Photo courtesy TRF_Mr_Hyde

In this blog series on social media and online monitoring, we’ll discuss five best ways for companies to address compliance regulations – and protect their organizations – while respecting employee and third-party privacy concerns.

by Tobias Losch, GLEG

Businesses have a lot to juggle these days. Detecting physical threats against facilities, employees, customers, executives, and suppliers is one obvious example. The list continues to grow with managing network security alerts and devices, preparing for sophisticated DDoS attacks, guarding sensitive IP and data against leaks and breaches, and protecting employees from social engineering attacks. Brand integrity, distribution control, phishing, and fraud detection add further to the complexity of managing online and offline environments.
Read the rest of this entry »

Using Contract Provisions to Mitigate Potential Damage from Cyber Attacks

March 20th, 2014

By Camille Stewart

Law Seminars International hosted a thought-provoking teleconference event last week on “Contractual Protections for Cyber Attacks.” While most information security presentations emphasize technology solutions, this one focused on the legal aspects of cyber attacks for attorneys, risk management professionals, contract professionals, and lawyers, and specifically, on the importance of updating contracts to protect your business.
Read the rest of this entry »

New Facebook Scam Preys on Curiosity about Missing Malaysian Airlines Flight

March 19th, 2014

ev
Facebook page with fake video

Cyber criminals continuously take advantage of current events in order to trick people into clicking malicious links or sharing personal information. For example, last month we wrote about how mobile malware was being spread through Valentine’s Day apps.
Read the rest of this entry »

Mobile Malware Banking Trojans That Steal Your Money

March 11th, 2014

Kaspersky Report Shows 20X Increase in Last Year

kaspersky-infographic-evolution-of-mobile-malware-m10-229873
Infographic: Kaspersky Labs

It’s well-known in the information security community that mobile malware has grown exponentially the past few years. Now, there’s increasing evidence that criminals are looking for new ways to use such malware to target mobile banking. According to Kaspersky Labs’ latest report, mobile malware designed to steal bankcard information and funnel money from bank accounts increased by a factor of nearly 20 times in the past year.
Read the rest of this entry »

How the Canadian Anti-Spam Act will affect American Businesses

February 20th, 2014

By Camille Stewart, Esq.

American companies with Canadian consumers should pay close attention to the new Canadian Anti-Spam Law (CASL) that takes effect July 1, 2014. The law will be rolled out in stages. It is much like the American CAN-SPAM Act, which regulates many routine business activities, such as sending marketing emails, text messages, or other social media messages. However, this law takes the opposite approach of its American counterpart. CASL converts electronic marketing in Canada from an “opt-out” to an “out-in” standard.  The important thing to note is that this law will apply to businesses located in the U.S. if the recipient of the message or download is located in Canada.   
Read the rest of this entry »