Stay Informed on the Recent Developments in Data Privacy and Discover Exciting Career Opportunities in the Field.

01. How 2023 Broke Long-Running Records for Health Data Breaches

In 2023, the healthcare sector experienced a record-breaking 734 major data breaches affecting nearly 135.3 million individuals, surpassing the previous record set in 2015. Third-party business associates, such as bill collection companies and medical transcription services, contributed significantly to the breaches. The increasing sophistication of cyber threats raises concerns for 2024, prompting calls for intensified cybersecurity measures in the healthcare sector. Regulatory action and guidance have been issued to address the escalating cybersecurity challenges. The healthcare industry is urged to enhance data security strategies, adopt comprehensive automated solutions, and prioritize continuous monitoring of sensitive data to safeguard patient information.

02. AnyDesk says hackers breached its production server

AnyDesk, a remote access solution, recently suffered a cyberattack where hackers gained access to the company's production systems. Source code and private code signing keys were stolen. The company, with 170,000 customers, including major entities like 7-Eleven and the United Nations, confirmed the breach but did not disclose whether data was stolen. AnyDesk engaged cybersecurity firm CrowdStrike, revoked security certificates, and assured users that the service is now safe. Passwords for the web portal are being revoked as a precaution, although no authentication tokens were stolen. The incident led to a four-day outage starting on January 29th. Users are advised to update to the latest version due to the replacement of code signing certificates.

03. Uber Fined 10 Million Euros by Dutch Data Regulator

Uber has been fined 10 million euros by the Dutch Data Protection Authority for violating data processing and transparency requirements under the European General Data Protection Regulation (GDPR). The fine resulted from complaints by 172 French Uber drivers and a Paris-based civil society organization. The Dutch regulator found that Uber had not been transparent about how long it retained driver data and which employees outside of Europe had access to the data. Issues included obstacles to users exercising their right to privacy, a cumbersome process for requesting access to personal data, and insufficiently concrete terms regarding data retention.

Strac’s Latest Views on Securing User Data

01. How Secure is SharePoint Online for Your Data?

This article is written by Strac Founder, Aatish Mandelecha. It explores SharePoint Online, a Microsoft service for collaboration and data management in terms of its security and compliance measures. Despite being a robust platform, SharePoint Online is not immune to cyber threats, as evidenced by a ransomware attack in June 2023. This article addresses common myths about SharePoint Online security and highlights its built-in security features, including physical data center security, data encryption, secure network infrastructure, and user controls. It discusses compliance with standards such as ISO, FERPA, and GDPR and provides best practices for enhancing security at different levels, including infrastructure, user, and content security. The article also discusses how Strac enhances security and compliance capabilities in SharePoint Online by offering automatic remediation of sensitive data, compliance with regulations, integration with Microsoft services, and support for collaboration tools.

02. A Complete Guide to BYOD Security in the Modern Workplace

In this article, Strac Founder, Aatish Mandelecha provides a guide to BYOD (Bring Your Own Device) security in the modern workplace. The article highlights the significance of BYOD in business operations and the associated challenges such as data leakage, device management complexities, and the blending of personal and business data. The guide emphasizes the importance of implementing technical safeguards like encryption and BYOD policies, fostering a security-conscious culture, and introduces how Strac is supporting BYOD security efforts. Strac features real-time threat detection, data remediation, and seamless integration with various applications, making it essential for protecting sensitive data in a BYOD environment.

03. How to Enhance Fintech Cybersecurity in 2024?

This article discusses the imperative need for enhancing cybersecurity in the fintech industry in 2024. It highlights key threats including data sprawl and ransomware attacks. Financial data security regulations such as GDPR and PCI DSS are discussed, with a focus on global variations. The integration of SaaS and cloud computing in fintech introduces challenges, necessitating the adoption of measures like AI, continuous monitoring, and a zero-trust model. The article also underscores the essential role of DLP, CASB, and endpoint security in fintech and provides insights into how Strac safeguards sensitive financial data through features like data discovery, remediation, flexible API integration, analytics, and compliance maintenance.

Security Jobs On The Market

1. Splunk is hiring a Legal Counsel, Data Protection

Looking for: “an experienced technology transactions Legal Counsel to support our commercial privacy and security program initiatives.”

Skills required: minimum of 6 years tech transactions experience, with at least 4 years in SaaS, cloud computing and enterprise software supporting data protection, minimum of 2 years prior experience in at least one of the following areas: payments (and related credit and debit processing), financial services or fintech industries, excellent legal drafting, project management, communication and stakeholder management skills, significant experience in drafting and negotiation of different agreements, especially data processing agreements and information security agreements, addendums and the ability to provide legal advice and appropriate level of detail when communicating with internal business stakeholders, solid grasp of the commercial requirements of key data protection compliance programs in the EU/US (GDPR, CCPA, HIPAA)

Learn more here

2. Capital One is hiring a Cybersecurity Distinguished Engineer

Looking for: “an experienced Cybersecurity Distinguished Engineer to seamlessly switch from diving deep into technology with engineers to driving high level, strategic discussions around cloud roadmaps and security patterns.”

Skills required: bachelor's degree, at least 7 years of experience in identity and access management, at least 5 years of experience deploying and building modern cloud based applications, at least 7 years of experience in software development or software engineering, at least 7 years of experience in cyber security, at least 7 years of experience in securing a public cloud environment and services (AWS, GCP, Azure).

Learn more here

3. Dropbox is hiring a Staff Cyber Threat Intelligence Engineer

Looking for: “a Staff Security Engineer to join our Threat Intelligence and Hunting team. You will investigate critical threats to Dropbox and our customers, profiling threat actors and uncovering the actions, techniques and objectives of these malicious actors…”

Skills required: 10 years of demonstrated experience in areas such as system security and/or network security, 2 years of experience in threat intelligence, cybercrime investigations/intelligence, tracking threat actor behaviors, including investigating, researching or analyzing TTPs (Tactics, Techniques and Procedures) or attribution research, experience with security vulnerabilities, exploitation techniques, and methods for remediation of such, experience in threat hunting tooling and planning, experience analyzing logs, building detections and coordinating remediation scripting skills (e.g. Python, PowerShell, other common languages).

Learn more here