Security Awareness Training Blog

Compliance Blog

Compliance news as it relates to cybersecurity, who it affects, and how to stay compliant.

Financial Phishing Campaigns on the Rise

More than 1900 new potential bank phishing sites were registered in the first half of 2019, according to researchers at NormShield. Based on the increase in new suspicious domains ...
Continue Reading

British Airways Hit With Record $229 Million GDPR Fine Following 2018 Data Breach

U.K.-based airline British Airways (BA) is facing a record fine of £183 million ($229 million) after suffering a cyberattack in September last year. The U.K. Information Commissioner’s ...
Continue Reading

Nearly Half of US Orgs Not Ready for California Consumer Privacy Act Deadline

InfoSec Mag observed something a bit worrisome. "In advance of the California Consumer Privacy Act (CCPA) going into effect January 1, 2020, researchers analyzed how prepared US ...
Continue Reading

Vendors are Responsible for Almost Half of All Data Breaches

The latest data from a survey of 600 SpiceWorks IT and Security professionals shows that vendor users aren’t doing their part to keep your organization’s data safe.
Continue Reading

NY Cyber Law Hits 3rd Deadline: Toughest Yet to Come, How To Get And Stay Compliant?

Craig A. Newman, partner at Patterson Belknap wrote: "By today, financial institutions are required to meet their next deadline for compliance with New York’s cybersecurity law. The ...
Continue Reading

[Heads-up] The May 2018 GDPR Deadline May Fuel New Extortion Attempts

Trend Micro has released its annual security roundup, and it shows several interesting trends that will likely continue into 2018. There is bad news and worse news, with a little bit of ...
Continue Reading

KnowBe4 Attains SOC 2 Type I Compliance For The Hosted Phishing And Training Product Offerings

KnowBe4, Inc, the world's largest security awareness training and simulated phishing platform, this week announced it has successfully completed a Service Organization Controls (SOC) 2 ...
Continue Reading

Which EU 2018 Directive Is More Important Than GDPR?

If you have sales offices in Europe, or full subsidiaries, you need to be aware of the NIS directive. Peter Dekker at Enisa warned about the following: During 2017, the GDPR buzz reached ...
Continue Reading

Complex regulations and sophisticated cyber attacks inflate non-compliance costs

The cost of non-compliance has significantly increased over the past few years, and the issue could grow more serious. 90 percent of organizations believe that compliance with the GDPR ...
Continue Reading

URGENT - If IT and Marketing are not freaking out about GDPR compliance, you are not paying attention

I found an article about GDPR compliance written by the fine folks of HubSpot, which we use ourselves here at KnowBe4 use for marketing automation. We have customers in Europe, so our ...
Continue Reading

We're Still Not Ready for GDPR? What is Wrong With Us?

Sara Peters, Senior Editor at Darkreading wrote an excellent article about GDPR. It is both reprimanding and encouraging to get off our collective butts and do something about GDPR very ...
Continue Reading

Federal Contractor? Insider Threat Training Deadline June 1- Don't Lose Your Clearance

Insider Threat Training Requirement for US Gov't Contractors (Deadline May 31, 2017) SANS just alerted US federal contractors that wish to maintain their clearances must have completed an ...
Continue Reading

Cybersecurity Top Risk Consideration In Board Room

The Wall Street Journal polled its readers and asked them to rate the top compliance issues of 2014. The answers were very interesting!
Continue Reading

PCI Publishes Guidance On Security Awareness Training

The Payment Card Industry Council thinks Security Awareness Training is so important that they just published a 25-page guidance paper that fully explains the why, how and what of ...
Continue Reading

NISTs New Approach to Cybersecurity Standards

Applying Engineering Values to IT Security. The National Institute of Standards and Technology is developing new cybersecurity standards based on the same principles engineers use to ...
Continue Reading

80% Fail To Maintain PCI Compliance Between Assessments

OUCH. Verizon said in a report this month that nearly 80% of organizations that achieve annual compliance with the PCI Data Security Standard -fail- to maintain that status after passing ...
Continue Reading

Dont Let Your C-Level Execs Wind Up At Capitol Hill Like This

Major U.S. retailers at Senate hearing: hackers have upper hand
Continue Reading

INFOGRAPHI​C: The Illusion of Personal Data Security in E-Commerce

Dashlane’s first quarterly Personal Data Security Roundup was released recently. The roundup takes a look at password policies of the top 100 e-commerce sites, and the results are ...
Continue Reading

Do You Automate Sending SMS/Text Messages For Marketing?

My friend Chip Cooper at digicontracts sent me this, and I think it's a good heads up for all of you. There is a common misconception that text/SMS messages are subject to the same ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews