October 5, 2021
Good morning, everyone!
This week’s critical vulnerabilities:
Patch All the Things!
Say what you do, and do what you say
A couple weeks ago, the U.S. Securities Exchange Commission (SEC) reached settlement with App Annie for $10 million, for telling users it would use their data only in "aggregated and anonymized form" when it actually used their data also in a "non-aggregated and non-anonymized form." What does this mean for your organization?
- You overstate your security posture on a compliance checklist sent by a customer, and then the customer performs an audit and discovers the deception (or worse still, you actually have a data breach that shouldn’t have happened if you really had those controls in place)
- You check “yes” on all those boxes on the questionnaire for your cyber liability policy, without knowing for sure (or understanding) whether you have those controls in place, then you have a cyber incident and the policy doesn’t cover you, because you provided false information in your application
Until next week!
Talk to you again soon!
Security Awareness Training Available Here, There, Everywhere!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺