ACA Aponix

ACA Aponix® and ACA Technology Solutions Announce Release of ACA’s Vendor Management Platform

ACA Aponix and ACA Technology Solutions, divisions of ACA Compliance Group ("ACA"), announced today the official release of ACA’s Vendor Management Platform, a centralized solution designed to streamline the vendor due diligence process and reduce the burden, risks, and costs associated with managing the vendor life cycle.

Cybersecurity Alert: Keylogger Installed on Certain HP Devices

Threat Summary

A security researcher discovered keylogging code in software pre-installed on certain HP devices, including EliteBook, ProBook, Pavilion, and others. The keylogger was originally installed as a debugging tool to check for errors in the Synaptics Touchpad software. The keylogger is disabled by default, however anyone with physical access to the device could activate the keylogger. HP has issued a software patch to remove the keylogger.

GDPR Data Processing Reviews

The European Union’s General Data Protection Regulation (“GDPR”) aims to strengthen and unify data protection requirements across all EU member states. GDPR’s core principles are designed to protect the personal information of European citizens, allowing them greater rights over how their data is processed, stored and used by organisations.

Cybersecurity Considerations for Private Equity Firms: Mitigating the Cyber Risks of Portfolio Companies

As we approach the end of 2017 and reflect on the past year, it’s hard to ignore the recent surge in cybercrime and the financial, operational, and reputational losses that breaches have caused portfolio companies and M&A targets. Some notable examples include the $350 million (7%) deal adjustment on the Yahoo acquisition as well as the Whole Foods breach announcement that followed their acquisition by Amazon.

Cybersecurity Alert: North Korean Trojan Malware and Microsoft DDE Security Advisory

North Korean Trojan Malware (Volgmer)

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) released a joint technical alert on Monday, November 14 regarding malicious cyber activity by the North Korean government referred to as HIDDEN COBRA. The alert identified IP addresses and other indicators of compromise connected to a backdoor Trojan malware variant commonly known as Volgmer. The DHS and FBI suspect that spear phishing is the primary delivery mechanism for Volgmer infections.

DFS 23 NYCRR 500 Compliance Assistance

The New York State Department of Financial Services’ (“DFS”) New York State Law 23 NYCRR 500 Cybersecurity Requirements for Financial Services Companies (“23 NYCRR 500”) went into effect on March 1, 2017. 23 NYCRR 500 requires that firms meeting the regulation’s definition of “Covered Entity” have certain cybersecurity measures in place by the stipulated compliance dates. Among other requirements, firms will be required to self-certify their compliance with 23 NYCRR 500. The two-year transitional period ends on March 1, 2019.

Cybersecurity Awareness Month Week 4: Don’t Let Third Parties Be Your Downfall — How to Ensure Your Vendors are Protecting Your Assets

In the wake of the recent Equifax breach that potentially affected the personal data of more than 143 million Americans, Equifax is pointing the finger at one of its third-party vendors as the cause.