The Big Day.

Re-posted from intothecyberbreach.com, originally published on March 24, 2020.

This past Saturday, March 21st, was the day the New York SHIELD Act required all businesses with New Yorkers’ personal information to comply with new “reasonable safeguard” requirements, proportionate to the size and scope of the business.

My firm has been focused on this day for a while now. But the world feels, somehow, vastly different than it was just a month ago. Focus changes, priorities change.

In some ways, cybersecurity risks loom larger than ever. There are reports of cyberattacks on hospitals and U.S. agencies. There are warnings of a coming surge in fraud schemes and other malicious scams. On the other hand, all non-essential businesses are closed, including most of the legal profession and court system.

Here is what we know hasn’t changed. Bad actors have been attempting to take advantage of your personal data for a long time. That remains constant. With so many businesses working from home, or working on a system in which they are not yet fully comfortable, the opportunities for those bad actors to take advantage are clearer than ever.

Budgets change. Focus changes. Priorities change. But if you’ve got a business, you need to take steps NOW. Just like you don’t cancel your insurance policy when a storm is coming. I think we can all safely say, the cybersecurity storm is on its way.

My own view is that while compliance for the sake of avoiding state enforcement, is probably not your top priority for today, those “reasonable safeguards” required under the law are a MUST to avoid further business disruptions during and after the pandemic. Those interruptions could prove fatal to many businesses. So if you aren’t going to do it for THEM, do it for YOU.

Be safe out there.