Addresses the intersection of employee cybersecurity training and regulatory compliance mandates. Covers how organizations can build training programs that satisfy legal requirements while genuinely improving security awareness across teams.
posts
A $1.3 Million Fine for Skipping the Basics In 2023, the FTC settled with Drizly and its CEO after a data breach exposed roughly 2.5 million customer records. The root cause? The company failed to implement basic security measures — including adequate employee security training. The FTC's
The FTC Doesn't Care About Your Good Intentions In 2023, the FTC finalized an order against Drizly — an online alcohol delivery company — after a data breach exposed the personal information of roughly 2.5 million consumers. The kicker? The FTC didn't just go after the company.
In October 2024, the FTC finalized a settlement with Marriott International and its subsidiary Starwood Hotels over data breaches that exposed the personal information of 344 million customers. Among the FTC's requirements: Marriott had to implement a comprehensive information security program — including mandatory employee training. That wasn'
The FTC Settlement That Should Make You Rethink Your Training Program In January 2023, the FTC finalized a settlement with Drizly and its CEO after a data breach exposed the personal information of roughly 2.5 million consumers. The kicker? The FTC specifically called out the company's failure
The Fine That Changed Everything for One Healthcare Provider In October 2020, the U.S. Department of Health and Human Services fined Premera Blue Cross $6.85 million after a data breach exposed 10.4 million records. The root cause wasn't some exotic zero-day exploit. It was a
The Audit Finding That Costs More Than the Breach In 2023, a regional healthcare provider in Oklahoma paid a $1.3 million HIPAA settlement to the Office for Civil Rights. The root cause wasn't a sophisticated nation-state attack. It was a phishing email that an untrained employee clicked
A $1.3 Million Fine for Skipping the Basics In 2023, the U.S. Department of Health and Human Services fined Lafourche Medical Group $480,000 for a phishing attack that compromised nearly 35,000 patient records. The root cause wasn't a sophisticated zero-day exploit. It was the
