The California Consumer Privacy Act (CCPA) is a data protection law that came into effect on January 1, 2020. The CCPA is designed to give California consumers greater control over their personal information that is collected, received, used, shared, and/or sold (i.e. ‘processed’) by businesses. The CCPA is often compared to the European Union’s General Data Protection Regulation (GDPR) as it provides similar rights and protections to consumers.

The CCPA requires businesses to be transparent about their data collection and sharing practices, as well as to provide individuals with certain rights over their personal information, and to implement reasonable security measures to protect that information.

Today, we’re exploring CCPA. Let’s jump in right away.

Who must comply with the California Consumer Privacy Act?

The CCPA applies to businesses that operate in California and collect, and store with personal consumer data of California’s residents, and meet one or more of the following criteria:

1. Have an annual gross revenue of over $25 million.

2. Buy, receive, share or sell the personal information of 50,000 or more California consumers, households, or devices.

3. Derive 50% or more of their annual revenue from selling California consumers’ personal data.

The CCPA also applies to businesses that control or are controlled by a business that meets the above criteria and share common branding.

What is the definition of personal information?

The CCPA defines personal information as any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

The definition of personal information by the CCPA may also include but is not limited to names, aliases, postal addresses,, email addresses, social security numbers, IP addresses, biometric information and other information that helps to directly or indirectly identify a person.

Data Covered by the CCPA

CCPA is designed to ensure that individuals are the ones in control of their data, and because of that the act defines the way business should process individuals’ personal information.

This includes information obtained from the consumer directly or indirectly, such as through a third party. The CCPA also covers information about a consumer’s household, such as their family members’ names and ages.

However, the CCPA excludes certain data, such as publicly available information, deidentified or aggregated consumer information, and data covered by other laws, such as the Health Insurance Portability and Accountability Act (HIPAA).

What are the CCPA Requirements?

1. Right to know what personal information is being collected, used, shared and sold

2. Right to request deletion of personal information

3. Right to opt-out of the sale or sharing of personal information

4. Right to access personal information in a portable and easily understandable format

5. Right to non-discrimination for exercising their CCPA rights

6. Right to correct Inaccurate Personal Information

7. Right to Limit Use and Disclosure of Sensitive Personal Information

Businesses must also provide notice to consumers at or before the time of collection of their personal information. The notice must inform consumers of the categories of personal information that will be collected, the purposes for which the personal information will be used, and the categories of third parties with whom the information may be shared.

Furthermore, businesses must implement robust security measures to protect consumers’ personal information from unauthorized access, destruction, modification, or disclosure. On top of that companies are also expected to establish and maintain reasonable practices and procedures for responding and honoring to consumer requests.

H2: CCPA Compliance Checklist

Organizations subject to the CCPA should take several steps to comply with the law.

• Conduct a data inventory to identify personal information collected, used, and sold.

  To meet CCPA requirements, organizations should conduct a thorough review of their data practices to identify the personal information collected, used, and sold. This inventory should include a comprehensive assessment of data sources, purposes for which the information is collected, categories of third parties with whom information is shared, and security measures implemented to protect information.

• Update privacy policies to include CCPA-required notices.

  Organizations must ensure that their privacy policies are updated to include CCPA-required notices, which should be clear, concise, and written in plain language. The privacy policy must inform consumers of their CCPA rights, such as the right to access personal information, the right to request deletion of personal information, and the right to opt-out of the sale of their personal information.

• Implement processes for receiving and responding to consumers’ requests.

  To comply with the CCPA, organizations must have effective processes in place for receiving and responding to consumers’ requests. These requests may include access to personal information, deletion of personal information, or opting-out of the sale of personal information. Organizations should establish procedures to verify requesters’ identities and respond to requests within the CCPA’s required timeframe.

• Provide an opt-out mechanism for the sale of personal information.

  Organizations wishing to comply with the CCPA must provide a mechanism for consumers to opt-out of the sale of their personal information. This mechanism should be easy to use and prominently displayed on the organization’s website.

• Train employees on CCPA compliance.

  To comply with the CCPA, organizations must train their employees on CCPA compliance, including a review of CCPA requirements and guidance on handling consumer requests. Employees who handle personal information must also receive training on security policies and procedures.

• Implement reasonable security measures to protect personal information.

  Organizations must implement reasonable security measures to protect personal information. This includes physical, technical, and administrative safeguards to prevent unauthorized access, use, and disclosure of personal information.

• Monitor and update compliance measures as necessary.

  To maintain CCPA compliance, organizations must continuously monitor and update their compliance measures as necessary. Among other things, this includes regular review and updating of privacy policies, employee training on new requirements, and ensuring that their processes for receiving and responding to consumer requests are effective.

What new law goes into effect beginning January 1, 2023?

In November 2020, California voters passed Proposition 24, the California Privacy Rights Act (CPRA). The CPRA is designed to amend and extend the original CCPA.

Not only does the CPRA expand consumer rights, but it also brings fresh rules to the table. The right to correction allows consumers to have incorrect information rectified while the right to limit sensitive personal information will give them greater control over their data in general.

Consumers can also request information on automated decision-making and opt-out of the use of such technologies.

The CPRA went into effect on 1st of January, 2023 and is now state-wide law.

Are there any penalties for violating CCPA?

Penalties for violating CCPA are very real. Businesses that fail to comply with the CCPA may face fines of up to $7,500 per violation. Consumers also have the right to bring a private action against a business that violates their CCPA rights.

What is the difference between GDPR and CCPA?

While the CCPA and GDPR share similarities, there are some key differences between the two laws. The GDPR applies to businesses that collect and process the personal data of individuals in the European Union, while the CCPA applies to businesses that collect and process the personal data of California residents only.

The GDPR also gives individuals more rights, such as the right to object to the processing of their personal data and the right to restrict processing in certain circumstances. The CCPA, on the other hand, gives consumers the right to opt-out of the sale of their personal information.

Another difference between the two laws is that the GDPR applies to all businesses, regardless of their size or revenue, while the CCPA only applies to larger businesses that meet certain criteria.

What does CCPA mean for cybersecurity?

In terms of cybersecurity, the CCPA has significant implications. Companies that collect and store personal information are required to implement reasonable security measures to protect that data from unauthorized access or theft.

Under the CCPA, companies can be held liable for breaches that occur due to their failure to implement reasonable security measures. This means that companies must ensure that they have robust cybersecurity policies, procedures and tools in place to protect consumer data. The CCPA also requires companies to conduct regular risk assessments and to update their security measures as needed.

Overall, the CCPA represents a significant shift in the way that companies collect, store, and use personal information and at the same time provides Californian consumers with greater control over their data. On top of that the CCPA holds companies accountable for protecting that data from unauthorized access or theft. As such, the CCPA is likely to have a positive impact on cybersecurity by encouraging companies to take their data privacy and security obligations seriously.

CCPA and NordPass Business

Organizations can ensure the security of personal information through the security measures that the legal act encourages to implement in order to comply with CCPA. One of effective security measures is a password manager such as NordPass Business. Password management is a crucial aspect of data security, and NordPass Business provides organizations with an easy-to-use, yet robust solution that can help them implement security measures needed to comply with the CCPA.

Firstly, NordPass Business can help you ensure that passwords across the organization are unique and complex. With the option to generate strong and unique passwords for each account, organizations can rest assured that their users’ accounts are secure.

NordPass Business allows organizations to securely share passwords. Sharing passwords can be a security risk, but in some cases, it is necessary for business operations. NordPass Business provides a secure way for organizations to share passwords, ensuring that only authorized users can access personal information. This feature is especially important for organizations that have employees working remotely or have multiple team members who need access to certain accounts.

By using NordPass Business to store passwords, organizations can demonstrate that they are taking measures to protect their users’ personal information.

In today’s world, Zoom has become an essential tool for both personal and professional communication. Whether you’re conducting a virtual meeting with colleagues or catching up with friends and family, Zoom is the go-to platform. However, with so many passwords to remember, it’s not uncommon to forget your Zoom password. If you’re in this situation right now, don’t worry – resetting your forgotten Zoom password is a straightforward process.

In this article, we’ll guide you through the steps to reset your Zoom password, answer frequently asked questions, and provide tips to keep your passwords secure.

How do I change my Zoom password?

Before we dive into resetting a forgotten Zoom password, let’s look at how to change the password. Changing your Zoom password regularly is an essential security measure, especially if you use Zoom for confidential meetings. To change your password, simply follow these steps:

1. Log in to your Zoom account on the web portal.

2. Click “Profile” in the left-hand menu.

3. Scroll down to “Password” and select “Edit.”

4. Enter your current password, followed by a new password.

5. Click “Save changes.”

You’re all set now.

How do I reset my Zoom Password?

Resetting your Zoom password is not that much different from changing it. Here are the steps to reset your forgotten Zoom password:

1. Open your browser and go to zoom.us/forgot_password.

2. Enter the email address associated with your Zoom account.

3. Verify the reCAPTCHA.

4. Click “Send” and wait for the reset password link to arrive in your email inbox.

5. Check your email inbox for an email from Zoom with a link to reset your password. If you can’t find the email in your inbox, check your Spam folder.

6. Click on the link in the email.

7. Enter your new password.

8. Enter it again for confirmation.

9. Click “Save.”

10. You have successfully reset your password and can now log in to the Zoom web portal.

Can I get into a Zoom meeting without a password?

It is possible to set up a Zoom meeting without a password, and it’s also possible to join a meeting without a password.

However, if you’re hosting a Zoom cloud meeting, it’s essential to set up a password to protect your meeting from unwanted guests. Without a password, anyone with the meeting ID can join your Zoom conference, which can lead to unwanted interruptions or something far worse — actual security breaches.

You can set up a Zoom meeting password by navigating to the Zoom website and logging into your account. From there, you can schedule a new meeting and enable the “Require meeting password” option. This will generate a unique password that you can share with your participants to ensure secure access to your meeting.

FAQ regarding a forgotten Zoom password

How to reset a password for a user in your account

If you are a Zoom account administrator and need to reset a password for a Zoom client user in your account, follow these steps:

1. Log in to the Zoom website.

2. Click on “User management” in the left-hand menu.

3. Click on the user’s name.

4. Scroll down to “Password,” and click “Edit.”

5. Enter the new password.

6. Click “Save changes.”

The user will receive an email with the new password.

I can’t reset my password on Zoom

If you are having trouble resetting your Zoom password, there are a few things you can try. First, make sure you are entering the correct email associated with your account. If you are still having trouble, try clearing your browser cache and cookies, and then try resetting your password again.

I didn’t receive a confirmation email

Sometimes, you may not receive the confirmation email from Zoom. This could happen for a variety of reasons, including issues with your email provider, spam filters, or incorrect email address. If you don’t receive the confirmation email within a few minutes, check your spam folder to see if it was mistakenly marked as spam. If it’s not in your spam folder, try requesting another email by clicking on the “Resend confirmation email” button on the Zoom website.

What should I do if the link has expired?

If you clicked on the reset password link in the email and it has expired, you will need to request a new one. Go to the Zoom website and click on the “Forgot password” button. Enter your email address, and then click on the “Send” button. Zoom will send you a new password reset link via email, and you can click on it to create a new password. Make sure to reset your password as soon as possible after receiving the link to avoid it expiring again.

Keep your Zoom password safe with NordPass

In today’s digital age, passwords are an integral part of our daily lives. From online shopping to social media and beyond, we rely on passwords to keep our personal information secure. However, with so many different accounts to manage, it can be challenging to remember every login detail. That’s where a password manager such as NordPass comes in handy. NordPass is a secure and user-friendly password manager that can help you store and manage all of your passwords safely in one place.

With NordPass, you don’t have to worry about forgetting your Zoom password ever again. NordPass securely stores passwords, credit card details, personal information and secure notes in a single place. What’s great about this is that you can easily access your Zoom or any other password from any device using the NordPass app. Everything you store in NordPass is secure thanks to advanced encryption technology.

On top of all that NordPass makes the online experience much more enjoyable. Thanks to autosave and autofill, you will no longer need to worry about coming up with passwords or manually typing them whenever you want to access one of your online accounts. Give NordPass a try and get peace of mind online.

With the rise of remote working came a surge in cybercrime. Business Email Compromise (BEC) attacks have seen a 150% year-over-year increase, so the odds are not in any business’s favor. However, staying vigilant and educated can protect your company and avoid such attacks. Keep reading to find out the main dangers business email accounts face and get 10 business email security tips.

What is Business Email Compromise (BEC)?

BEC is a type of cybercrime that involves impersonating a trusted business contact, such as a CEO or supplier, in order to trick employees into transferring money or sensitive information to the criminal’s account. These schemes often involve careful research and social engineering to create a convincing ruse.

According to the FBI, BEC fraud has cost companies over $26 billion globally since 2016, and the threat continues to grow. Small businesses are particularly vulnerable, as they may not have the resources or expertise to detect and prevent these attacks.

One example of a BEC scam involved the director of Puerto Rico’s Industrial Development Company, Ruben Rivera, who mistakenly made the transaction of $2.6 million to a fake bank account. In another case, Ubiquiti Networks Inc., the San Jose-based manufacturer of high-performance networking technologies, fell victim to a BEC attack that resulted in a loss of $46.7 million.

As the use of email continues to be an essential aspect of business communication, it is crucial for companies to remain vigilant and take proactive measures to defend against the threat of BEC.

Phishing is the number one email security threat

Phishing is a type of digital scam that is especially common in emails. It’s a form of social engineering where a hacker tries to deceive an employee into believing the email is coming from a credible source. Phishing emails usually have some sort of CTA: it’s like a form of marketing, if you will. Except that phishing CTAs usually involve clicking on a malicious link or revealing sensitive company data to outsiders.

Well, just like any other marketer, hackers employ creative techniques to improve the conversion rates of their scams. The more deceitful the email, the higher the conversion rate. That’s why phishing emails can be difficult to spot at times. Examples of phishing emails include:

• Account verification scam. You may receive a phishing email that looks something like this: “Due to a recent security threat, we would like to ask you to verify your account by signing in through the link below. Failing to do so will result in the permanent deactivation of your account.”

• Fake invoice scam. Hackers may send out emails saying, “We still haven’t received your payment for our services. Please use the link below to complete the transaction.”

• Spear phishing. This is a more advanced and tailored form of phishing that requires hackers to do some research on your company. For instance, an employee may receive an email that looks like it’s coming from a specific coworker, instructing them to visit a website or disclose information.

Best practices for business email security

Falling for phishing scams can expose your company to data breaches and malware. Taking steps to appropriately ensure the security of your email will help protect your business from phishing and other forms of cybercrime:

1. Conduct phishing awareness training

Emails usually get breached through employee negligence and lack of knowledge. So the first way to increase email cybersecurity is to raise awareness about the main threat: phishing. All employees should receive in-depth training on recognizing and avoiding attempted phishing schemes. The main points to cover here are:

• Becoming familiar with the main phishing schemes

• Being suspicious about unusual requests

• Never clicking on random links received through email

Once employees are familiar with these precautions, your company’s susceptibility to phishing emails will significantly decrease and your business email security will improve in general.

2. Train employees on how to deal with email attachments and suspicious email links

Email attachments and suspicious links are the most common methods cybercrooks use to spread malicious software. Ensure that your employees are well aware of these devious practices and are trained to spot them in real-life situations. With time and a lot of practice, your team will develop a sense for suspicious email links and attachments, which should considerably lower the potential attack vector and significantly improve your overall security posture.

3. Enable multi-factor authentication

You can make your account safer from hackers by connecting your smartphone to your email. Even if the passwords to your email accounts are leaked, no outsiders will be able to access them without having access to the device it’s connected to. All vital business accounts, not just email accounts, should have multi-factor authentication enabled.

4. Avoid using email when on public Wi-Fi

Public Wi-Fi poses massive risks to email security. If it’s unencrypted (which it often is), anybody can connect to the same network. You never know when a hacker will be that someone.

If a hacker intercepts your connection with unencrypted public Wi-Fi and catches you logging into your email, they can steal your email password. It’s best to steer clear of public Wi-Fi altogether, but if connecting to it is necessary, never transmit important data while on it.

5. Avoid using business emails for private purposes and vice versa

Most office jobs these days come with an email address. Some people get the temptation to use the new email address for all sign-ins. Need to sign up for a new streaming service? Well, why not use your brand new business email for that? Everybody else does it, anyway, right?

At first, it might sound like a great idea. Yet using your enterprise email for private purposes and vice versa could cause significant security concerns for you as an individual and the company.

First, using a company email for your personal online activities allows for easier and simpler profiling. Consequently, that could lead to spear-phishing — a targeted phishing campaign or other targeted cyberattacks.

6. Encrypt company email

Encrypting company email using special email security software is a great way to steer hackers away. Encryption ensures that the only people able to view the emails are the sender and recipient. If a hacker intercepts an employee’s Wi-Fi connection or email account, they will not see any sensitive data.

7. Set up email security protocols

Email security protocols are immensely important because they provide an extra layer of security to your digital communications. The protocols are designed to ensure the safety of your communications as they pass through webmail services over the internet. Without the aid of email security protocols, bad actors can intercept communication in a relatively easy manner. Please familiarize yourself with different email security protocols and enable them to ensure secure communications.

8. Improve endpoint security

To further fortify your security stance, take action to improve your endpoint security. Often the easiest and most effective way to boost endpoint security is by implementing security tools for company-wide use.

Consider deploying a VPN like NordLayer — a tool that encrypts the internet connection and data transferred over your business network. Antivirus software is another tool that should be used on all business workstations to ensure a proactive defense.

9. Don’t change passwords too often

Password fatigue is a fact of life — today, the average user has about 100 passwords on their hands. Keeping track of all the passwords is a challenge.

The conventional wisdom regarding password security is that you should change your passwords every 90 days. While that might sound like a reasonable security practice, it could lead to simpler and easy-to-crack passwords being used.

If you know that your employees take password hygiene seriously and craft hard-to-guess passwords and that none of their passwords were ever leaked, then they should stick to the passwords they already use. If any password (no matter how strong it is) is leaked or breached — the change should be immediate.

10. Use strong passwords for email accounts

Strong passwords are the backbone of account safety. Yet businesses often fail to secure their emails with strong passwords. If your business is like this, you should know that the easier the password, the easier it is to hack, especially through brute-force attacks. Brute-force attacks are when hackers try to guess a password by flooding your account with thousands of attempts.

To protect your business email from such attacks, ensure everyone in your organization secures their passwords. Secure email passwords are:

• Long

• Complicated

• Contain different types of characters

• Unique (never reused from other accounts)

These points are crucial if you want to ensure the safety of your business. However, passwords that are difficult to hack are also difficult to remember. The last thing anyone would want is to secure their account so well that they couldn’t even access it themselves.

Luckily, the business password manager by NordPass can come to the rescue. If all members of your company use it for their accounts, their emails will be safe, and they won’t need to scratch their heads trying to remember their passwords.

Bottom line

Business email security is never a given. Even though platforms like Gmail or Outlook do their best to ensure the safety of their users, you can easily fall victim to hackers if you don’t actively protect your account. By following these five email security best practices, the chances of getting your business emails hacked will be much slimmer because hackers will likely prefer more vulnerable prey.