Category Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

Presidential Executive Order on Cybersecurity: No More Antiquated IT

On May 11, President Donald Trump issued his long-awaited Executive Order on cybersecurity, the ‘‘Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.’’ It had been in the works since early in the administration, and its release had been announced (and drafts leaked) several times, only to be pulled back and … Continue Reading

WannaCry Ransomware Alert

This is not a drill. Companies and law enforcement agencies around the world have been left scrambling after the world’s most prolific ransomware attack hit over 500,000 computers in 150 countries over a span of only 4 days. The ransomware – called WannaCry, WCry, WannaCrypt, or WannaDecryptor – infects vulnerable computers and encrypts all of … Continue Reading

New York State Department of Financial Services Cybersecurity Regulation Poised to Reshape Existing Regulatory Landscape

In late December, New York State’s Department of Financial Services (“DFS”) released its revised proposed cybersecurity regulation (the “DFS Rule”).  While the revisions pare back some of the DFS Rule’s original requirements and add some much needed flexibility, the regulation will still impose many new obligations upon a wide array of financial institutions doing business … Continue Reading

FCC Issues New Privacy Rules for Internet Service Providers: Safeguarding Consumers or Lulling Them Into A False Sense of Privacy?

Last Thursday, in a vote split along party lines, the Federal Communications Commission (“FCC”) approved a new regulatory regime staking its claim to privacy regulation of both fixed and mobile Internet service providers (“ISPs”) like Comcast, Verizon, and AT&T.  The FCC’s rules follow its decision in the Open Internet Order, released last year and analyzed … Continue Reading

Update on Data Breach and Data Privacy Class Actions Post-Spokeo

In May, the U.S. Supreme Court issued its opinion in Spokeo v. Robins, providing guidance on the “injury-in-fact” aspect of the constitutional standing requirement for putative class action plaintiffs.  136 S. Ct. 1540 (2016), as revised (May 24, 2016).  Spokeo was quickly hailed by both plaintiff- and defense-side lawyers as a major victory, but in … Continue Reading

New York State Department of Financial Services Proposes Cybersecurity Regulations for Financial Services Companies

If the New York State Department of Financial Services (“DFS”) has its way, come January 1, 2017, financial services companies that require a form of authorization to operate under the banking, insurance, or financial services laws (“Covered Entities”) will be required to comply with a new set of comprehensive cybersecurity regulations aimed at safeguarding information … Continue Reading

SEC Steps Up Cybersecurity Enforcement with $1 Million Fine Against Morgan Stanley

The Securities and Exchange Commission’s (“SEC”) recent $1 million settlement with Morgan Stanley Smith Barney LLC (“MSSB”) marked a turning point in the agency’s focus on cybersecurity issues, an area that the agency has proclaimed a top enforcement priority in recent years.  The MSSB settlement addressed various cybersecurity deficiencies that led to the misappropriation of … Continue Reading

Let’s Go Crazy: The FTC and FCC Launch “Parallel” Investigations Into Security Updates of Mobile Communications Industry

Earlier this week, the FTC and FCC announced “parallel” investigations into how carriers and mobile device makers release information on vulnerabilities, and how and when mobile security patches are distributed. The regulators, who have publicly jockeyed for position on privacy and cybersecurity matters in the past year, appear to have reached a truce of sorts, … Continue Reading

NTIA Issues Request for Comments on Policies Related to Cyber Threats Surrounding Internet of Things

On April 6, 2016, National Telecommunications and Information Administration (NTIA) issued a federal notice to request public comment on the benefits, challenges, and potential roles for the government in fostering the advancement of the Internet of Things (IoT).  (RFC at http://www.ntia.doc.gov/files/ntia/publications/fr_rfc_iot_04062016.pdf). Comments are due on May 23, 2016.… Continue Reading

To Share or Not to Share (with the Government)? That is the Question: DHS Announces Interim Guidelines for Sharing Cyber Threat Indicators

On February 16, 2016, Secretary of Homeland Security Jeh Johnson announced interim guidelines and procedures for sharing cyber threat indicators under the Cybersecurity Information Sharing Act of 2015 (“CISA”). Because the guidelines are voluntary, the next question is, Should your company share information with the Government?… Continue Reading

Do as You Say (and as You Should Do): How the Hospitality Industry Can Brace for Data Privacy Actions

On October 2, 2015, Trump International Hotels became the latest in a growing line of data breach class action victims. Driscoll v. Trump International Hotels Management LLC, No. 15-cv-1089 (S.D. Ill.).  Indeed, the hospitality industry as a whole is seeing increased scrutiny from both plaintiffs’ attorneys and federal regulators.  Less than two months ago, the … Continue Reading

The Baby and the Bathwater: The Department of Commerce’s Bureau of Industry and Security (BIS) Intrusion and Surveillance Software Export Licensing Proposal

If you are not aware, please take note that the July 20, 2015 deadline is fast approaching for comments to the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) proposed rule on the export control of certain intrusion and surveillance related software.  The proposed rule, which addresses changes to the U.S. Export Administration … Continue Reading

Ransoming Sensitive Personal Information: Will OPM’s Data Breach Trigger Your Insider Threats?

Perhaps it’s the books I’ve been reading or the television shows I’ve been watching, but my mind can’t seem to stop linking the recent barrage of cybersecurity attacks with those ne’er-do-wells that plagued the Caribbean from 1650 through the 1730s.  Yes, I’m talking about pirates, but not the Errol Flynn/Johnny Depp-style buccaneer, more the Edward … Continue Reading

ALERT: NIST Issues Final Guidance on Federal Contractor Cybersecurity Standards for Controlled Unclassified Information

On June 19, 2015, the National Institute of Standards and Technology (“NIST”) published the final version of guidance for federal agencies to ensure sensitive information remains confidential when stored outside of federal systems.  The guidelines, Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, apply to nonfederal information systems and organizations … Continue Reading

Cyber-Breach & NISPOM Conforming Change 2 – It’s What’s on the Inside That Counts

Most companies are worried about external threats – things that are coming at their people, their group, their company, their government, all from an outside actor.  Like government’s with an eye on counter-intelligence, however, savvy businesses also realize that their employees can also pose a very real, internal threat.  While an insider breach is not … Continue Reading
LexBlog