What You Need To Know About Cybersecurity Laws and Regulations in 2024
Marco Technologies
Transforming technology across your entire business ecosystem.
We write a LOT of blogs at Marco, and while we hope that’s helpful, we get that no one has the time to just sit around and read tech blogs all day! This newsletter is designed to tip you off about what you really need to know throughout the year.?
This issue’s topic is a doozie because while recovering from a cybersecurity incident can be costly, that’s small potatoes compared to a class action lawsuit. Cybersecurity laws and regulatory compliance are evolving quickly. So, without further ado, here’s what you should know in 2024…?
The Gramm-Leach-Bliley Act Might Apply To You
The Gramm-Leach-Bliley Act (GLBA) enacted a set of rules in 1999 that requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data.?
But wait — you’re not a bank or a credit union, so you’re in the clear, right? Wrong. A particular part of this act — The Safeguards Rule — was revised and kicked in last June.?
Now, if you offer financing or any financial services, you have to maintain compliance.?
Here are just a few of the companies that might be surprised to find out this law applies to them:?
So…if that’s you, what do you need to do? Consult section 314.4 of the Safeguards Rule, which outlines nine elements that your security program must include, like ongoing staff training, MFA, encryption, a written incident response plan, and more.?
FISMA Isn’t Just For Government Organizations
The Federal Information Security Modernization Act was recently overhauled to support more effective cybersecurity methods and improve coordination amongst various federal agencies.?
If you ask us, it was long overdue. But FISMA doesn’t just apply to government organizations. It also applies to companies that are federally regulated or do business with government organizations.?
Is that you? If so, for starters, your organization needs to follow cybersecurity best practices, as outlined in the NIST Cybersecurity Framework . But you’re also responsible for promptly and thoroughly reporting any cybersecurity incidents to relevant authorities.?
If you fail, you may face legal and regulatory penalties and loss of existing contracts or future opportunities to do business with federal agencies.
The Cybersecurity Information Sharing Act Is Your Friend
The Cybersecurity Information Sharing Act (CISA) makes it easier for companies in different sectors, like technology, finance, and manufacturing, to share internet traffic and cyber threat information while still protecting sensitive data.?
This. Is. Good!
We get that human beings — even adult ones — don’t always like to share, but we’ve been saying it for years:?
The harder we make it for cybercrime to pay off, the better it is for everyone.?
You Can Shape the Cyber Incident Reporting for Critical Infrastructure Act
The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) was passed in the spring of 2022. It requires the Cybersecurity and Infrastructure Security Agency? (CISA) to develop and publish rules for companies providing critical infrastructure.
Want to add your two cents? Get ready.?
领英推荐
The Notice of Proposed Rulemaking is required to be published no later than March.
Complying With the Health Insurance Portability and Accountability Act Saves Lives
The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The HIPAA Privacy Rule also outlines standards for an individual’s rights to understand and control how their data is used.?
You’re probably aware that the Office of Civil Rights, which enforces HIPAA, isn’t messing around. One healthcare organization recently entered into a $1.3M settlement after it repeatedly failed to protect sensitive data.?
One ransomware attack recently shut down several emergency rooms across the U.S., causing incoming emergencies to be diverted and time-sensitive operations to be postponed.?
Patient care is always a priority, but if you’re a healthcare organization that is using that thinking to put off upgrading your cybersecurity, think again.?
You Can’t Hide From the Fair Credit Reporting Act?
Originally enacted in 1970, The Fair Credit Reporting Act (FCRA) was originally drafted to help shield consumers from malicious or negligent use of their data in credit reports. It also requires consumer reporting agencies to provide notifications when a breach poses a significant risk of identity theft or fraud.
So don’t get mad at a consumer reporting agency for ratting you out if you fail to protect consumer data. They have to.?
Collect Data on Kids? Read Up on COPPA
The Children’s Online Privacy Protection Act (COPPA) is there to help parents have more control over the data that websites collect from their children. COPPA might apply to you if your business includes:?
Under COPPA, you need to notify parents when the personal information of any child under 13 is compromised.
Location Matters
Depending on where and how you do business, here are a few additional things to keep on your radar:?
More cybersecurity laws are expected in 2024 that will affect US defense contractors, certain cloud providers that use AI models, and more.?
Why We’re Telling You This Now
We recently wrote a blog on this topic that offers some additional context and details because…well…cybersecurity predictions for 2024 don’t look good.?
We get it — it’s extremely unfair that small to midsize businesses and nonprofits are now the favorite targets of sophisticated cybercriminals worldwide, and that foreign governments are trying to disrupt the operations of private companies.?
But if you haven’t updated your cybersecurity in recent years, it’s time. Because the penalties for failure are only getting worse.?
So, on behalf of everyone here at Marco, stay safe out there!
Want more ways to keep up to date in all things IT or sound smart in meetings? Subscribe to our blog !?