Group items tagged

The data breaches of 2014 have yet to fade into memory, and we already have 2015 looming. Experian's 2015 Data Breach Industry Forecast gives us much to anticipate, and I've asked security experts to weigh in with their thoughts for the coming year as well. Experian highlights a number of key factors that will drive or contribute to data breaches in 2015. A few of them aren't surprising: Organizations are focusing too much on external attacks when insiders are a significantly bigger threat, and attackers are likely to go after cloud-based services and data. A few new factors, however, merit your attention. First, there is a looming deadline of October, 2015 for retailers to upgrade to point-of-sale systems capable of processing chip-and-PIN credit cards. As banks and credit card issuers adopt more secure chip-and-PIN cards, and more consumers have them in hand, it will be significantly more difficult to clone cards or perpetrate credit card fraud. That's why Experian expects cybercriminals to increase the volume of attacks early in 2015, to compromise as much as possible while they still can. The third thing that stands out in the Experian report is an increased focus on healthcare breaches. Electronic medical records and the explosion of health or fitness-related wearable devices make sensitive personal health information more vulnerable than ever to being compromised or exposed. The risk of health related data being breached is also a concern voiced by Ken Westin, security analyst with Tripwire. He pointed out that part of the reason that retail breaches have escalated is because cybercriminals have developed the technologies and market for monetizing that data. "The bad news is that other industries can easily become targets once a market develops for the type of data they have. For more info: Westhill Insurance Consulting Data breach trends for 2015: C

According to healthcare attorney Susan Miller, detailed evidence of HIPAA compliance and going beyond just the black letter HIPAA rules will be important factors when the Office for Civil Rights (OCR) makes its HIPAA audit rounds this fall. Miller said that OCR has been talking about evidence of compliance since 2009, when it first released the HIPAA Omnibus Rule Notice of Proposed Rule Making (NPRM). Evidence of compliance, in my view, goes beyond what the rule asks of an organization, such as where its policies and procedures are. This includes the Notice of Privacy Practices (NPPs), business associate agreements (BAAs), but they've also [made it clear] that organizations must have a breach plan. In no place in the regulation does it say that an organization has to have a breach plan or process. It does makes sense to have a breach plan to know what the organization will do when it has a breach event. I would suggest that organizations have a breach plan that they look at and update yearly. OCR will be looking for specific things in the plans, Miller said, including communication tactics within a breach plan. And Miller tells her clients that they need a detailed training plan, as well as the training materials and sign-in sheet or even some way to know when staff completes computer based training (CBT) modules, depending on how they do training. The important thing is knowing the training was completed. And organizations need something similar to a contingency plan, which is in the Security Rule but the larger organizations name as business continuity and disaster recovery plans. "Think of [the Boston Marathon bombings] - you need something that's going to help you continue to function during these events that are out of the control of the covered entity or business associate (BA)," Miller said.

1. It's Smart to Prepare for a Breach How many data breaches from 2014 can you name? The freshest one in your mind is probably the Sony hack, but there were also attacks on Home Depot, Staples, Dairy Queen, P.F. Chang's the list goes on. Credit.com Co-Founder and Chairman Adam Levin recently wrote about the most important lessons you can learn from the Sony hack, encouraging consumers and companies to prioritize data security and behave with the knowledge that your personal information and correspondence could be exposed at any time. Prepare for the possibility of fraud by monitoring your credit, regularly reviewing account activity and knowing what to do if your personal information has been stolen. Do what you can to strengthen your data security, but know that so much of it is beyond your control, so the best thing you can do is know how to react to a breach. 2. Communication Is Crucial to Getting Debt-Free as a Couple We published several success stories about getting out of debt, but some of the most memorable involved couples working together to conquer their finances. The stories had similar themes: Ellie Kay married her husband without knowing about his $40,000 of consumer debt, and Ja'Net Adams was unaware her husband took out student loans to pay for college. Both families eventually hit breaking points where they realized debt was holding them back, and they needed to make drastic changes to get rid of it. Getting out of debt is never easy, and the more people who are involved, the more complicated it can be. At the same time, having someone to work through the challenges with you can be extremely helpful. Adams' and Kay's stories highlight two crucial elements of getting debt free: staying committed to a plan and remaining open and honest about the process' progress and challenges. Those lessons apply to any personal finance goal, whether you're planning with a family or on your own.