Authentic8 Blog Category: Privacy

5 Must-Read Resources for Compliance and IT Leaders in Investment Firms

Illustration: 5 Must-Read Resources for Compliance and IT Leaders in Investment Firms - Authentic8 Blog

Regulated investment firms use the web to gather market intelligence, to access data aggregation tools and business apps, and to communicate via webmail and social media.

While many (if not most) business functions have shifted to the web and cloud apps, including IT security, the primary tool used by research analysts and investment managers remains stuck in IT’s past: the locally installed browser. A holdover from the 1990s, the local browser’s inherent weaknesses make it notoriously difficult to manage, monitor, and secure against web-borne exploits.

This has created a growing compliance blindspot for buy-side and sell-side firms. At the same time, the pressure from federal and state regulators is steadily increasing. Registered investment advisers are one example. By subjecting 17% of firms to OCIE examinations in FY 2018, the SEC already exceeded its own ambitious goal (15%) in this group alone for this year.

Chief Compliance Officers, CISOs and CTOs in the industry have been put on notice. One simple

GDPR in the US: After the British Airways Hack

Illustration: GDPR in the US: After the British Airways Hack - Authentic8 Blog

British Airways (BA) announced in September that it had fallen victim to a hack that affected the personal data of 380,000 passengers. The BA hack could be the first prominent test case for the European Union’s General Data Protection Regulation (GDPR) that went into effect in May.

How has GDPR impacted U.S.-based companies so far? Are they prepared for EU regulators cracking down on cross-border data protection failures and privacy violations? The BA attackers exploited a third-party vulnerability in the airline’s digital supply chain, taking a path we recently examined on this blog. What are the lessons to learn from the British Airways data breach?

On our Silo Sessions podcast, Authentic8 Co-founder and CEO Scott Petry discussed these questions as part of his ongoing GDPR conversation with Steve Durbin, Managing Director of the Information Security Forum (ISF).

P.S.: This Silo Sessions episode was recorded before the disclosure of the latest security breach at Facebook, a theft

How the PageUp Hack is Highlighting HR's Data Protection Problems

Illustration: How the PageUp Hack is Highlighting HR's Data Protection Problems - Authentic8 Blog

The recent data breach at global Human Resources services provider PageUp may have impacted millions of job seekers, the firm announced last week. Following such incidents that affect HR records, it’s often IT that gets the blame. Are HR firms and departments generally too lax at handling confidential data?

*

HR professionals have been found to be especially vulnerable to cyberattacks or user error. HR data breaches have severe consequences for individual employees and the whole organization. In 2015, confidental information of more than 22 million current and former federal employees and contractors was stolen when state-sponsored hackers hit the Office of Personnel Management (OPM), the U.S. government’s HR department.

Since then, employees have started suing their employers over other incidents, as in the case of an HR data breach at Seagate, and more law firms are lining up to take their cases. Lamps Plus was slapped with a class action in California federal court, accusing it of failing to

HTTPS: Beware the False Sense of Security

Illustration: HTTPS: Beware the False Sense of Security - Authentic8 Blog

HTTPS is the protocol that is getting a lot of attention these days. As more browsers migrate toward supporting it in meaningful ways — like by not connecting to sites that do not offer it — it would be easy for a user to think that once HTTPS has been implemented, everything security-related is taken care of.

That is not the case.

In fact, one of the major problems affecting HTTPS right now is that users think that it does more than it actually does, than it was designed to do.

A simple example of this would be when some page connects with HTTPS to a browser but has a link to an image on another server embedded in it. The page is sent to the user HTTPS encrypted and all. Yet on the page served to the browser, it also serves up the link to the image - an image file may or may not contain malicious code.

The user would have no

Fed Up? Fire Up This Cloud Browser.

Illustration: Fed Up? Fire Up This Cloud Browser. - Authentic8 Blog

The Facebook/Cambridge Analytica fiasco did not happen overnight or by “mistake”, as Facebook wants users to believe. The price of “free” services and apps online means the loss of data protection, privacy and transparency.

This isn’t a new phenomenon, it’s not limited to Facebook, and it should not be a surprise to anyone. Venture investment in companies building businesses around “eyeballs” and “clicks” had to convert to hard cash at some point, and that point is the monetization of user data.

In contrast, Authentic8’s cloud browser Silo was built on the trust of its users. How do we honor that trust? We think you have a right to know what we do with your data. But first, some background.

*

So Mark has admitted “mistakes” on behalf of Facebook. As did Marissa before him, for Yahoo. And don’t forget Richard (who?), who apologized - kinda, sorta - for Equifax. And so on…

Did it change anything that these