Mark Rasch

Cyber Law Editor

Security Current


Managing Risk in the Era of Pandemic

Posted on: 24 Mar 2020

Cyber Security is NOT about cybersecurity. It’s not about compliance with regulations. At the end of the day, cyber security is about identifying and managing risks. Risks associated with the use and misuse of technology. Risks associated with failing to protect data. Risks associated with doing too little. And risks associated with doing too much.…

DR/BCP – TL:DR – Preparing for the Wrong Disaster is Better than Not Preparing At All

Posted on: 23 Mar 2020

In the wake of the SARS CoViD-19 pandemic, news organizations have been interviewing so-called “preppers” – survivalists who have been preparing for some natural or man-made disaster by hoarding shelf-stabilized food, guns, underground bunkers, water, and backup electricity. The preppers are taking a victory lap essentially saying, “we told you so.” Not quite. You see,…

Data Security for Telecommuters

Posted on: 20 Mar 2020

The first day was like a snow day. Maybe sleep in late. Maybe handle a few hundred e-mails and phone calls. It was either very hectic, or very slow. It was anything but normal. By day three it has already gotten old. You’re not really into the telecommuting routine. You’re not quite “at home” but…

COVID-19 and the Spread of Personal Information

Posted on: 19 Mar 2020

Important News about COVID-19! That e-mail came from the Virginia EZ-Pass. In the past two weeks, if you are anything like me, you have been receiving hundreds of e-mails from vendors, suppliers, and third parties from Outback steak house to 1-800-CONTACTS telling you about their policies, plans or procedures for the coming zombie apocalypse that…

Data Privacy in the Era of COVID-19

Posted on: 16 Mar 2020

One of the most important things for employers, schools, universities, hospitals, and public places to do during the time of a pandemic is to determine (to some degree of certainty) which individuals are infected, which are contagious, and which are symptomatic. The concept of “social distancing” is enhanced if we can know who is contagious…

My CORONA (Virus) – How To Survive With IT

Posted on: 16 Mar 2020

In the wake of the COVID-19 pandemic companies are increasingly calling on employees to work from home. Hospitals, clinics, and doctor’s offices are preparing for massive infections, not only of patients but of healthcare workers. Colleges and Universities are sending students home en masse. Sporting events are considering playing in empty arenas. Airlines and other…

Ransomware Response — A Better Way

Posted on: 15 Mar 2020

On March 15, 2020, during the height of the COVID-19 pandemic, hackers attacked the Department of Health and Human Services (HHS) servers. In the past, computers belonging to hospitals, doctor’s offices, and other medical providers have been a particular target for ransomware purveyors who lock computers or files and demand the immediate payment of ransom…

BEC and Call – Business E-Mail Compromise Leads to Liability

Posted on: 30 Jan 2020

When William Darby went to work as a securities broker in October of 2018, little did he know that he was going to not only have a bad day, but ultimately a bad career. Darby’s firm fell victim to an increasingly common form of attack — a Business E-Mail Compromise, or BEC attack. An unknown hacker…

NSA and FBI Take Different Paths for Cybersecurity

Posted on: 15 Jan 2020

When NSA security researchers learned that the methods used by Microsoft Windows 10 machines to examine digitally signed code (like that used to install patches) had a vulnerability which would have allowed the Agency to slip in malware, they had to debate the best method of protecting the nation. On the one hand, they could…

Update on Iowa

Posted on: 19 Sep 2019

Yesterday, I wrote about two employees of CoalFire who were arrested for performing a physical pen test of various courthouses in Iowa. The article focused on the need to have a well-defined Statement of Work and contract. Well, guess what. The State of Iowa Judicial Branch released exactly these documents. And guess what? Page 12 of the…