Category Archives: Cybersecurity

CISA Issues First Installment of Cyber Essentials

By Jonathan E. Meyer on June 2, 2020 Posted in Cybersecurity, Data Security

On Friday, May 29, the Cybersecurity and Infrastructure Security Agency (CISA) issued the first in a series of six Cyber Essentials Toolkits. These toolkits are described as “bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential,” focused on building a company’s cyber readiness.… Continue Reading

Buyers (And Sellers) Beware!: SEC Observations on Cybersecurity and Resiliency

By David Poell on March 2, 2020 Posted in Cybersecurity, Data Security, SEC

The Securities and Exchange Commission recently published a set of observations designed to assist financial market participants. While not legally binding, the observations are guideposts for investment companies, securities issuers, and others. They outline steps to improve cyber preparedness and to protect against well-known and evolving cybersecurity threats faced by companies in the United States … Continue Reading

CMMC Version 1.0: Enhancing DOD’s Supply Chain Cybersecurity

By Jonathan E. Meyer, Townsend Bourne and Nikole Snyder on February 12, 2020 Posted in Cybersecurity

Cybersecurity Maturity Model Certification (“CMMC”) v.1.0, after releasing several draft versions of the document over the past year. In an effort to enhance supply chain security, the CMMC sets forth unified cybersecurity standards that DOD contractors and suppliers (at all tiers, regardless of size or function) must meet to participate in future DOD acquisitions. Through … Continue Reading

New Trends Emerge in FTC Data Security Orders, Including Emphasis on C-Suite Involvement

By Julia Kadish on January 15, 2020 Posted in Consumer Privacy, Cybersecurity, Data Security, FTC

The FTC recently summarized three major changes it made to its orders in data security cases. In a blog signaling these changes, the FTC Indicated that some of the things it has been requiring of companies in 2019 are here to stay.… Continue Reading

Iran’s Imminent Cybersecurity Threat

By Jonathan E. Meyer on January 7, 2020 Posted in Cybersecurity, Data Breach, Data Security

In response to the killing of Major General Qassim Suleimani, the government of Iran and its supreme leader, Ayatollah Ali Khamenei, have declared the country’s intention to strike back at the United States. According to reports, their desire is to respond proportionally, but not start a war, and they are contemplating multiple options, any subset … Continue Reading

CISA Releases “Cyber Essentials” to Assist Small Businesses

By Jonathan E. Meyer, Townsend Bourne and Nikole Snyder on November 12, 2019 Posted in Cybersecurity, Data Security

The Department of Homeland Security Cybersecurity & Infrastructure Security Agency recently released its Cyber Essentials guide. Consistent with the NIST Cybersecurity Framework, these Cyber Essentials provide “a starting point to cyber readiness,” and are specifically aimed at small businesses and local government agencies that may have fewer resources to dedicate to cybersecurity. The guide suggests … Continue Reading

Feds Want New IoT Guidance to Address Security Vulnerabilities

By Townsend Bourne and Elfin Noce on May 22, 2019 Posted in Cybersecurity, Data Security, Government Privacy, Internet of Things

“Internet of Things” devices are listening. And now the federal government is taking notice. As we reported in our Government Contracts and Investigations blog, to date, federal cybersecurity regulations for government contractors focus on implementing safeguards to protect sensitive government data. A gap has emerged where the federal government purchases IoT devices. Those devices collect and send data … Continue Reading

SEC To Focus on Cybersecurity in 2019

By Kari Rollins and Sarah Aberg on March 27, 2019 Posted in Cybersecurity, Data Security, SEC

For the fourth year running, the Securities and Exchange Commission’s Office continues to list cybersecurity as one of the top enforcement priorities for 2019. As it relates to cybersecurity, the SEC will be focusing on ensuring companies have proper configuration of network storage devices, robust information security governance, and established policies and procedures specific to … Continue Reading

Happy First Day of Spring! Ohio Insurance Law Effective Today

By Liisa Thomas, Elfin Noce and Kari Rollins on March 20, 2019 Posted in Consumer Privacy, Cybersecurity, Data Security

Ohio recently followed South Carolina as the second state to adopt cybersecurity legislation modeled after the NAIC’s Insurance Data Security Model Law. The Ohio law, Senate Bill 273, applies to insurers authorized to do business in Ohio and goes into effect today, March 20, 2019 (the first day of Spring). Companies have, under the law, … Continue Reading

Court Finds Cybersecurity-Related Claims Sufficient in Securities Class Action

By Jonathan E. Meyer and Elfin Noce on February 6, 2019 Posted in Consumer Privacy, Cybersecurity, Data Breach, Data Security, Privacy

In the aftermath of Equifax’s data breach, a federal court recently found that allegations of poor cybersecurity coupled with misleading statements supported a proper cause of action. In its decision, the U.S. District Court for the Northern District of Georgia allowed a securities fraud class action case to continue against Equifax. The lawsuit claims the company issued … Continue Reading

When the U.S. Government Declares Companies Cyber-Insecure, We Should All Pay Attention

By Jonathan E. Meyer, Townsend Bourne and Bryce Chadwick on January 7, 2019 Posted in Cybersecurity, Data Protection, Data Security

The U.S. Government is increasingly taking the initiative to alert companies to the cybersecurity risks of certain foreign corporations. Whether by issuing binding directives on agencies, passing laws or promulgating regulations that include prohibitions on the use of these companies’ products – including by government contractors, the Government is becoming less reluctant to interfere in … Continue Reading

FTC Cyber Guidance for Small Business has Tips Helpful to All

By Liisa Thomas on November 12, 2018 Posted in Cybersecurity, FTC

The Federal Trade Commission recently issued a cyber guide that, while intended for small businesses, can be of help for all businesses. The purpose of the guide, which includes various modules, is to help smaller businesses address data security threats. These modules follow guidance the FTC issued in April, stressing the importance of cyber security … Continue Reading

DOJ Report Suggests Direction For Addressing Cyber Threats

By Jonathan E. Meyer on August 8, 2018 Posted in Cybersecurity, Data Security, Government Privacy

As many of you have no doubt seen, the Justice Department recently released the report of the Attorney General’s Cyber Digital Task Force, a body the Attorney General had created in February. In the report, the Task Force, chaired by Deputy Attorney General Rod Rosenstein, seeks to answer the question: “How is the Department responding … Continue Reading

DHS Releases New Cybersecurity Strategy

By Jonathan E. Meyer on May 21, 2018 Posted in Cybersecurity, Privacy Regulation

On May 15, the Department of Homeland Security released its long-awaited Cybersecurity Strategy. The Strategy aims to reduce cybersecurity risk through “an innovative approach that fully leverages our collective capabilities across the Department and the entire cybersecurity community.” It sets a course of cybersecurity policy for the Department for the next five years and signals … Continue Reading

White House Eliminates Top Cybersecurity Position

By Jonathan E. Meyer on May 18, 2018 Posted in Cybersecurity, Privacy Regulation

On May 15, the White House announced that it was eliminating the position of Cybersecurity Coordinator at the National Security Council, the highest position at the White House devoted to cybersecurity. While not unexpected, this move is significant.… Continue Reading

NY Issues Data Breach Report

By Snehal Desai and Kari Rollins on April 12, 2018 Posted in Cybersecurity, Data Breach, Data Security

New York Attorney General, Eric. T. Schneiderman, stated in a recent press release that 9.2 million New Yorkers had their personal data compromised in 2017. Such data compromises were mainly due to large scale data hacks, such as the Equifax and Game Stop hacks. According to the NYAG office’s report, 1,583 data breaches were reported … Continue Reading

Privacy, Data Security, and Your Board: Day Five

By Kari Rollins and Liisa Thomas on March 2, 2018 Posted in Consumer Privacy, Cybersecurity, Data Breach, Data Security, Employee Privacy, Privacy

In our final installment on privacy, cyber security, and your board, we look at privacy and cyber issues in M&A. So you are thinking about acquiring a new entity? Divesting of current one? Due diligence will need to be conducted to best understand and evaluate privacy and data security issues and risks. Your board will … Continue Reading

Privacy, Data Security, and Your Board: Day Three

By Kari Rollins and Liisa Thomas on February 28, 2018 Posted in Consumer Privacy, Cybersecurity, Data Breach, Data Security, Employee Privacy, Privacy

In our ongoing conversation about privacy, data security and your board, we turn next to cyber insurance and vendor management. Boards, when executing their duty of care, should keep in mind that while there may be some coverage for data incidents under a company’s CGL and D&O policies, there may be significant gaps in coverage … Continue Reading

Privacy, Data Security, and Your Board: Day Two

By Kari Rollins and Liisa Thomas on February 27, 2018 Posted in Cybersecurity, Data Security, Employee Privacy, Privacy

In our continuing series about privacy, data security and your board, we next turn to how to best educate a board. Yesterday we mentioned about how board members have a duty of care. Part of that duty includes effectively overseeing matters relating to privacy and data security (or the often-used buzzword “cybersecurity”). How can board … Continue Reading

SEC Takes Baby Steps on Cyber, but Signals Greater Vigilance

By Jonathan E. Meyer on February 27, 2018 Posted in Consumer Protection, Cybersecurity, Data Security, Privacy and Data Security

On February 21, the Securities and Exchange Commission issued new Interpretive Guidance regarding disclosures of cybersecurity-related information by publicly traded companies. This guidance comes in the context of public pressure on the SEC to update its 2011 Division of Corporation Finance guidance regarding cybersecurity risks and incidents. According to SEC Chairman Jay Clayton’s statement, this … Continue Reading

Justice Department Creates Cyber-Digital Task Force

By Jonathan E. Meyer and Townsend Bourne on February 26, 2018 Posted in Cybersecurity, Data Security, Government Privacy

On February 20, the Department of Justice announced that Attorney General Sessions had created a new, cross-departmental Cyber-Digital Task Force. He directed the Task Force to advise him on the most effective ways for DOJ to confront cyber threats and keep Americans safe. Specifically, the Task Force is charged with canvassing the work the Department … Continue Reading

The Encryption Battle Will Continue in 2018

By Jonathan E. Meyer on January 16, 2018 Posted in Cybersecurity, Data Security, Privacy, Privacy and Data Security

While they may disagree in other areas, one thing that former FBI Director James Comey, current Deputy Attorney General Rod Rosenstein, and current FBI Director Christopher Wray all have in common is their distaste for strong encryption that prevents the government from accessing information. In 2016, Comey and the Justice Department went to court to … Continue Reading

2017 Saw Ransomware on the Rise – 2018 Will See Even More

By Jonathan E. Meyer on January 8, 2018 Posted in Cybersecurity, Data Security

It’s fair to say that ransomware exploded in 2017. After inflicting an estimated $350 million in damage in 2015 and $850 million in 2016, at least one source estimates that it hit $5 billion last year. Most prominent among these were WannaCry, which shut down computers in 80 organizations affiliated with Britain’s National Health Service … Continue Reading

Will 2018 Bring Developments in Government Access to Electronic Records?

By Jonathan E. Meyer on January 4, 2018 Posted in Cybersecurity, Government Privacy

2018 should prove to be a particularly interesting year on the subject of government access to private electronic records, as 2017 has served as an interesting prelude to what’s ahead:… Continue Reading

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.

Agree