By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security, Risk Management

Low-Level Staffer Blamed for Committee on Standards Breach In case you missed the story last week, multiple lessons learned and teachable moments have emerged from an incident involving a sensitive ethics committee document that ended up in the hands of the Washington Post.  The ethics document exposed numerous ongoing investigations into the conduct of more than two dozen House members.   Most articles seem to be blaming the unauthorized access to the sensitive ethics document on a low-level staffer working from home on their personal laptop using a peer-to-peer file-sharing program which provided unauthorized access to the ethics document.  Asking good questions can be a greatRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, Legal, Regulatory Compliance, Risk Management

Two recent headlines caught my attention: Construction Company Sues Bank for Money Lost in Cyber Scam Couple’s Lawsuit Against Bank Over Breach to Move Forward In both of these cases, banks are being sued for not taking adequate precautions that could have prevented cyber thieves from stealing money from the customers’ accounts.  The customers claim that the banks did not offer two-factor authentication and also failed to notice suspicious and anomalous behavior.  Therefore, the customers are claiming that the banks breached their duty to protect account holder information. These lawsuits could have significant ramifications and I will be curious to see the final outcome.  ShouldRead More →