Resource Search

Get ready to comply with the five new data privacy laws that will come into effect in January 2025 in Delaware, Nebraska, Iowa, New Hampshire, and New Jersey. With the active enforcement by several states’ Attorneys General and a trend toward broader applicability, data privacy compliance is becoming increasingly important and complex. Companies should carefully evaluate whether they are subject to any laws coming into effect and take steps to ensure compliance.

As companies and service organizations increasingly use third-party service for outsourced services, there is more demand for a detailed understanding of the processes and controls of these third-party service providers. To show they have the right processes and internal controls in place, it’s crucial to provide a System and Organization Controls (SOC) report.

Safety risk assessments are becoming a preferred regulatory tool around the world. Online safety laws in Australia, Ireland, the United Kingdom, and the United States will require a range of providers to evaluate the safety and user-generated content risks associated with their online services. While the specific assessment requirements vary across jurisdictions, the common thread is that providers will need to establish routine processes to assess, document, and mitigate safety risks.

The growth of ChatGPT and other artificial intelligence (AI) tools is not slowing down. From small startups to multinational corporations, employees across the spectrum are leveraging ChatGPT to enhance their productivity and streamline their workflows. Given the potential risks—including confidentiality and personal data and privacy violations—associated with the use of ChatGPT and similar tools, it’s crucial for companies to provide guidance to their employees.

Focusing on how companies are implementing enhanced security as the attacker-defender struggle continues, this Report dives into the 9 key takeaways along with other cutting-edge topics related to the data life cycle. While ransomware attacks decreased dramatically during 2022, they were again on the rise at the end of 2022 into 2023. Business email compromise incidents were way up, while fraudulent wire transfers were down. Going further with an in-depth view, full sections are included on:

Cyber threats and fraud schemes are designed to infiltrate and compromise your business. By using this cybersecurity resource guide and taking proactive actions to prevent cyber threats, you can strengthen your defensive strategy. This guide includes: Cyber Fraud Overview Recommendations and Resources Quick Reference Guide for Employees Cybersecurity Checklist

Since 2022, there has been a significant increase in cyberattack attempts targeting email accounts. Taking a closer look, BPM’s Cybersecurity Assessment Partner, David Trepp, explains how attacks are launched against employees, business email systems, and their authentication mechanisms. He also outlines the threat scenarios, shows examples from real-world post-breach analysis, and elaborates on strategies to better secure your organization from business email compromise.

The new cyber risk paradigm requires organizations to become more comfortable with the reality that the connective tissue of modern business is digital. Given this landscape and the increasing cyber threat, organizations are recommended to implement twelve cyber hygiene controls that are key to achieving cyber resilience and insurability.

Designed to help your board take practical steps toward strengthening your organization's cyber risk, this data privacy and governance checklist outlines the basics for understanding your current data protection posture regarding the handling of personal and sensitive data. With the questions and responsibilities from the checklist, you can leverage it to enhance your organization's privacy practices and reduce regulatory risk.