The Matrix

Privacy and data security laws and regulations continue to evolve quickly, and companies processing personal data have an increasing array of issues to manage. As we enter 2024, below are five key considerations for companies managing privacy and data security risks.

Because the use of passwords alone is a relatively weak method to prove identity, enforcement agencies are ramping up pressure for companies to implement multi-factor authentication (MFA) both internally and to customers for online services. MFA makes it more difficult for cyber threat actors to gain access to networks and information systems if authentication information, such as passwords, is compromised through phishing attacks or other means. Below is information that may be helpful in assessing whether your company should implement MFA, and how to do so.

In late 2020, a sophisticated adversary used the SolarWinds Orion Platform to plant covert backdoors in the networks of thousands of companies and government agencies.  The attack confirms the importance of vigorous third-party risk management.  Last month, the New York State Department of Financial Services (“NYDFS”) issued a report on the SolarWinds attack and provided the following steps that companies can take to reduce supply chain risk: