Cybersecurity and Risk Insights and Alerts

July 31, 2020

Many authorities are questioning whether mandatory password reset policies are worth the hassle. Get ACA's guidance on when, if ever, you can remove or relax your password reset policy.

July 22, 2020

Running vendor management or third-party risk management (TPRM) programs can be a complicated process for both consumers and providers of services. Here are some of the current challenges with due diligence and opportunities to improve the process for all parties involved.

July 21, 2020

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert identifying a critical vulnerability affecting all versions of Microsoft® Windows Server® configured with the Domain Name System (DNS) role enabled. The vulnerability could potentially allow a remote attacker to gain control of affected systems.

July 20, 2020

The Court of Justice of the European Union (CJEU) has determined that the Privacy Shield agreement, a key data sharing agreement that allows signatory U.S. companies to transfer EU resident personal data to the U.S., is no longer valid. Learn what action you may need to take due to this change.

July 17, 2020

The California Consumer Privacy Act (CCPA) went into effect on 1/1/20 and enforcement began on 7/1/20. There has already been considerable activity on the class action front, much of it even before the enforcement date. Review what you need to do to avoid CCPA penalties.

July 13, 2020

The SEC OCIE has issued a Risk Alert warning of an increase in the sophistication of ransomware attacks against SEC registrants with attackers using advanced phishing and other social engineering tactics to penetrate financial institution networks and install malware that limits company access to data until a ransom is paid.