Cybersecurity

National Cybersecurity Career Awareness Week – We Need YOU!

  “You are more qualified than you may think.” When looking for a career path, many people examine areas of interest that have 2 key factors: available jobs and good pay. The United States Department of Labor’s occupational employment statistics are updated every spring to highlight trends in these factors. There has been a lot… Read more »

Own It, Secure IT and Protect IT: National Cybersecurity Awareness Month Kicks Off with a Theme of Personal Accountability

National Cybersecurity Awareness Month 2019 focuses on being accountable and proactive — hence the “Own IT. Secure IT. Protect IT.” slogan. Here are some tips and references on how you can incorporate this into your daily activities at work, home, and on the go: Social Media Multi-factor authentication, or MFA, is widely available now and… Read more »

The Guardians of Society – MSPs

You read that right.  And I’m especially referring to Managed Service Providers (MSPs) that support the Information Technology needs of small and medium-sized businesses. Here’s why: Small businesses represent half of the country’s GDP. They represent just over 99% of all employer firms, and 64% of all net-new private sector jobs. They handle sensitive data… Read more »

Data Security under the California Consumer Privacy Act: Instructions Not Included

“Reasonable security.” If you’re a California business, this is what’s generally expected of you (e.g., Cal. Civ. Code § 1798.81.5).  If you collect personal data, you are expected to secure it.  But what’s the right level of cybersecurity under the California Consumer Privacy Act of 2018 (CCPA)?  Are specific frameworks recommended? Let’s wade into the… Read more »

Final Compliance Date for NY DFS Cybersecurity Regulation is March 1, 2019

A significant deadline is now approaching under the New York State Department of Financial Services (“DFS”) cybersecurity regulation, 23 NYCRR 500.   On March 1, 2019, the two-year transitional period under the NY DFS regulation expires and all remaining requirements become effective. The final requirement concerns supply chain cybersecurity. Background The NY DFS cybersecurity framework requires… Read more »

Our 5 Favorite Blogs of 2018 on Cybersecurity and Privacy for Businesses

FedRAMP strategy, red teaming, NIST privacy standards, evolving Federal acquisition rules, Ohio’s new cybersecurity safe harbor law – these are some of the Sera-Brynn staff blog topics from 2018.  We wrote about GDPR (but are still digesting PIPEDA, the Canadian privacy law).  We continued to talk about the FAR Reform.  We published a guest blogger’s… Read more »

GSA’s proposed new rule to govern data breaches, government access, proprietary information, and contractor responsibilities

In November 2018, U.S. General Services Administration (GSA) published its intent to enact a new rule on the reporting of data breaches. GSA is the U.S. government’s lead contracting agency. GSA also manages many government-wide IT security programs, like FedRAMP and cloud.gov. The proposed rule will ensure that GSA, plus the agency customer, will have… Read more »

Using Red Team Assessments to Test Security Maturity

Red teaming is an under-appreciated term in modern businesses.  Red teaming is an opportunity for leadership to understand how an entire system works together to protect information critical to a company’s existence, their “crown jewels.” Red teaming in the age of the Internet has had companies focusing exclusively on CYBER Red Teams.  However, such an… Read more »

Cyber Tips For Students Heading Off To College

College is in full swing and thousands of students have their laptops, smartphones, tablets, gaming consoles and a myriad of other electronic devices. But are they taking the proper precautions against the risks posed by the use of those devices? Whether it’s having someone walk off with an unattended device, being the victim of a… Read more »