📰 US Department of Labor Releases Principles on AI | Tuesday Times | May 21, 2024

Joses
Joses Member Posts: 68 admin
edited May 21 in General Community

What is Tuesday Times?

Tuesday Times is a weekly Tuesday series where we highlight a handful of recent cybersecurity-related news stories. We'll provide brief summaries of these news stories and link the articles directly, should you want to read more!

Feel free to comment on any of the articles highlighted, or share your own in the comments below!

US Department of Labor Releases Principles on AI | Tuesday Times | May 21, 2024

Department of Labor's Artificial Intelligence and Worker Well-Being: Principles for Developers and Employers

  • On October 30, 2023, an executive order focused on generating AI guidelines was released. This order "directed the Department of Labor (DOL) to establish a set of key principles that protect workers and ensure they have a seat at the table in determining how these technologies are developed and used."
  • On May 16, 2024, the DOL officially released eight principles meant to be applied while creating and using AI systems in the workplace.
  • Some key principles that might interest you include:
    • "Ensuring Responsible Use of Worker Data" which states worker data should be handled responsibly and for business goals
    • "Supporting Workers Impacted by AI" which states "employers should support or upskill workers during job transitions related to AI."

EPA Outlines Enforcement Measures to Help Prevent Cybersecurity Attacks and Protect the Nation’s Drinking Water

  • While water facilities may not be the first thing that comes to mind when one thinks of cybersecurity attacks, that doesn't mean they shouldn't be included in the conversation.
  • On May 20, 2024, the Environmental Protection Agency (EPA) issued an enforcement alert that outlined "the urgent cybersecurity threats and vulnerabilities to community drinking water systems and the steps these systems need to take to comply with the Safe Drinking Water Act."
  • According to the EPA, "threats to, and attacks on, the nation’s water system have increased in frequency and severity to a point where additional action is critical." Some steps system operators are recommended to take include reducing exposure to public-facing internet, developing cybersecurity plans, and conducting cybersecurity assessments.

Cybercriminals Exploit Docusign With Customizable Phishing Templates

  • Our last story involves Docusign, a document-signing software product you may not have used but have likely heard about. Recently, companies have seen an increase in Docusing phishing emails, and when Abnormal saw these types of emails begin to target their customers, they took it upon themselves to investigate.
  • They found that the template used to target their customers was "distributed on a Russian cybercrime forum." These customizable Docusign templates are being bought and sold to scam businesses and employees out of both sensitive information and sums of money.
  • These cybercriminals try to mimic a real document as closely as possible, so to make sure you or anyone you know doesn't get scammed, it's important to learn how to detect a DocuSign phishing email. Some tips Abnormal provides include:
    • Going to Docusign directly instead of using the email links.
    • Checking the sender's email address.
    • Inspecting links before clicking them to make sure the destination includes docusign.net.
  • Since DocuSign has been made aware of these phishing attempts, they've created this Incident Reporting Guide to teach users how to spot and report these scams.