data breach

GSA’s proposed new rule to govern data breaches, government access, proprietary information, and contractor responsibilities

In November 2018, U.S. General Services Administration (GSA) published its intent to enact a new rule on the reporting of data breaches. GSA is the U.S. government’s lead contracting agency. GSA also manages many government-wide IT security programs, like FedRAMP and cloud.gov. The proposed rule will ensure that GSA, plus the agency customer, will have… Read more »

Ohio’s New Cybersecurity Law Grants Data Breach Litigation Safe Harbor

Ohio’s law – effective November 2018 – creates a safe harbor for organizations that adopt one of 10 cybersecurity compliance frameworks. With a new cybersecurity law, the home of the Rock and Roll Hall of Fame is now rocking the cybersecurity framework discussion. Effective November 2, 2018, Ohio’s law puts cybersecurity frameworks centerstage. The law… Read more »

Good Communications Planning Increases Resilience

By: Loren Dealy MahlerPresident, Dealy Mahler Strategies, LLC The last two years have given us a plethora of news headlines taking companies to task for incidents that exposed or directly compromised customer data. From very large events involving millions of financial records, to smaller events involving personal health information, the hits just keep coming. As… Read more »

A Cybersecurity Checklist for GDPR

Where Does Cybersecurity Fit into GDPR? By Heather Engel, Sera-Brynn Chief Strategy Officer By now most everyone has heard of GDPR, or at the very least been bombarded by pop-up messages asking you to accept cookies and confirm access to your data as you surf the web. But if you are responsible for the security… Read more »

Equifax Breach and Compliance

Would Better Risk Management Based on DFARS/NIST 800-171 or the NY Financial Institution Rules Have Thwarted the Equifax Breach? By Colin Glover, Senior Security Analyst, Sera-Brynn, LLC. Recently, the credit rating company Equifax announced a huge breach impacting up to 143 million U.S. consumers, including their names, social security numbers, birth dates, home addresses and… Read more »

“Everybody Hurts” … and everybody needs a cyber risk management plan

As R.E.M. said it in their hit-song from their Automatic for the People album, Everybody Hurts  … and everybody needs a risk plan to deal with it.  We are pretty sure R.E.M. wasn’t envisioning their song would be a lead-in to a blog about enterprise-level risk management and cybersecurity, but then again, the year was… Read more »

Three Upcoming Trends in the Cybersecurity Landscape

By Rob Hegedus, Sera-Brynn CEO A massive conflagration that changed the course of a great city’s history. A well-known disaster relief franchise firm. A former American president’s pet saying to a peer. These three unrelated items are all illustrative of trends we at Sera-Brynn foresee in the cybersecurity marketplace. In the business and nonprofit worlds,… Read more »

If you are breached, you’re not the victim. You’re the villain.

By Rob Hegedus, Sera-Brynn CEO A disturbing trend is developing in the corporate world and unfortunately it’s only going to get worse: Breached companies are not the victims. They are the villains. High profile businesses and organizations, to include publicly traded companies, hospital networks and top non-profits, are no longer viewed as the victim following… Read more »

Guarding against social engineering

Social engineering is a trendy phrase in the world of cybersecurity. But social engineering is nothing new. From famous social engineers like Ulysses and his Trojan Horse to encyclopedia salesmen pounding the pavement forty years ago, convincing people to do something that may not be in their best interest is a timeless profession. Research in… Read more »

The steps of a cyber criminal

Some cyber crime requires criminals to have high-level information security and technology skills to achieve the goal of a full data breach. In a world of virtual reality where it seems the sky’s the limit, it would stand to reason that bad actors would target businesses with the most valuable data. But cyber criminals, much… Read more »