CRN's story on the CIA Wikileaks leak

Partners Say Alleged CIA Hacking Papers Prompt 'Constant Vigilance' In Mobile Security

In its news release on the so-called "Vault 7" documents, WikiLeaks describes a specialty CIA unit that develops malware to "infest, control and exfiltrate data" from iPhones as well as from iPads. WikiLeaks describes a "similar unit" for Android devices. The documents stem from 2013-2016.

Kevin McDonald, executive vice president and chief information security officer at Alvaka Networks, an Irvine, Calif.-based solution provider, said "layering as many security options over the top as you can" is the only reasonable response. And he agreed that vigilance is the key for security professionals.

The case "tells me and anyone who is paying attention, that if you think you're secure, you've got a lesson coming to you," McDonald said.

Read the full story - HERE

DFARS 252.204-7012 is going to define new winners and losers in defense contracting

Kevin McDonald has just published his latest article of DFARS (Defense Federal Acquisition Regulations Supplement) at

If you fall into this category, a recently implemented rule from the Department of Defense called the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 will impact how you handle controlled unclassified information (CUI).

Kevin writes to the important issue that is certain to impact contractors’ revenues. Compliance here is certain to make for new winners and losers in the defense contracting space. Which side you land on will depend largely where you fall this year with regards to DFARS compliance.

Read Kevin’s full story here - DFARS compliance targets 'controlled unclassified information'


Aligning IT and compliance procedures increasingly a business priority

Kevin McDonald writes for TechTarget SearchCompliance on Aligning IT and compliance procedures increasingly a business priority.

He says, "When I've asked IT pros about HIPAA Security Rule compliance within their organization, they've typically responded with, "That is the compliance officer's realm" or "Risk handles compliance." If you ask executives about the IT functions required under the Security Rule, you will very often get, "The IT folks assure us they follow industry security best practices." Or "I have no idea what they do; it is all Greek to me."

IT personnel -- and executives -- often have too much trust that someone else is taking care of compliance. They're also often all too willing to remain ignorant of any IT-specific issue that might be even slightly outside their domain."

Read the full story here - Aligning IT and compliance procedures increasingly a business priority.

IT solution providers speak out on the Silicon Valley/Trump Summit meeting

Irvine, CA - IT solution providers have never been a shy bunch. In this article by CRN - Solution Providers Cheer Trump Tech Summit, Hoping It Will Help Channel Partners Create More Jobs, many share their thoughts on where our president-elect and big tech leaders should take policy. Alvaka's EVP Kevin McDonald is one of those tapped for his opinions.

Data Privacy: What are the Risks?

If you are handling PII (Personally Identifiable Information) for your clients or anyone else you should read this article. It is delivered in the context of a sweepstakes type of program, but it is applicable to anyone handling PII. The article is care of The Morningstar Law Group.

Promotions and Data Privacy: What are the Risks?

...Have A Privacy Policy In Place

Hopefully, your business already has a privacy policy in place. If you collect information from consumers or have any type of web presence, you should have a privacy policy on your website. Ideally, the consumer information that is collected as part of your promotion should be afforded the same protection as any other consumer information that you collect (aside from financial information and personally identifiable information, which is afforded a higher level of protection).

Be Up-Front With Consumers

Additionally, if you plan to maintain information that you collect from consumers as part of your promotion, you need to make sure that you notify consumers that you are keeping their information for use beyond possible notification of whether they won the sweepstakes.

Say What You Are Going To Do, And Do What You Say

A good rule of thumb when handling consumer information – say what you are going to do and do what you say you will do. DO NOT use consumer information beyond the bounds of what you have received permission from the consumer to do. Please note that even if you put the consumer on notice that you plan to keep the information shared to provide additional information or sales opportunities, and the consumer consents to such use (the method of consent varies depending on how you collect entries), you must still consider issues that are raised by the CAN SPAM Act, the Telephone Consumer Protection Act (TCPA) and various other federal and state law concerns, which may restrict such uses....

To read the whole column click here for Promotions and Data Privacy: What are the Risks? by Catherine Otto.