Category Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

Iran’s Imminent Cybersecurity Threat

Jonathan E. MeyerBy Jonathan E. Meyer on Posted in Cybersecurity, Data Breach, Data Security
In response to the killing of Major General Qassim Suleimani, the government of Iran and its supreme leader, Ayatollah Ali Khamenei, have declared the country’s intention to strike back at the United States. According to reports, their desire is to respond proportionally, but not start a war, and they are contemplating multiple options, any subset … Continue Reading

CISA Releases “Cyber Essentials” to Assist Small Businesses

Jonathan E. MeyerTownsend BourneBy Jonathan E. Meyer, Townsend Bourne and *Nikole Snyder on Posted in Cybersecurity, Data Security
The Department of Homeland Security Cybersecurity & Infrastructure Security Agency recently released its Cyber Essentials guide. Consistent with the NIST Cybersecurity Framework, these Cyber Essentials provide “a starting point to cyber readiness,” and are specifically aimed at small businesses and local government agencies that may have fewer resources to dedicate to cybersecurity.  The guide suggests … Continue Reading

Feds Want New IoT Guidance to Address Security Vulnerabilities

Townsend BourneElfin NoceBy Townsend Bourne and Elfin Noce on Posted in Cybersecurity, Data Security, Government Privacy, Internet of Things
“Internet of Things” devices are listening.  And now the federal government is taking notice. As we reported in our Government Contracts and Investigations blog, to date, federal cybersecurity regulations for government contractors focus on implementing safeguards to protect sensitive government data. A gap has emerged where the federal government purchases IoT devices. Those devices collect and send data … Continue Reading

SEC To Focus on Cybersecurity in 2019

Kari RollinsSarah AbergBy Kari Rollins and Sarah Aberg on Posted in Cybersecurity, Data Security, SEC
For the fourth year running, the Securities and Exchange Commission’s Office continues to list cybersecurity as one of the top enforcement priorities for 2019. As it relates to cybersecurity, the SEC will be focusing on ensuring companies have proper configuration of network storage devices, robust information security governance, and established policies and procedures specific to … Continue Reading

Happy First Day of Spring! Ohio Insurance Law Effective Today

Liisa ThomasElfin NoceKari RollinsBy Liisa Thomas, Elfin Noce and Kari Rollins on Posted in Consumer Privacy, Cybersecurity, Data Security
Ohio recently followed South Carolina as the second state to adopt cybersecurity legislation modeled after the NAIC’s Insurance Data Security Model Law. The Ohio law, Senate Bill 273, applies to insurers authorized to do business in Ohio and goes into effect today, March 20, 2019 (the first day of Spring). Companies have, under the law, … Continue Reading

Court Finds Cybersecurity-Related Claims Sufficient in Securities Class Action

Jonathan E. MeyerElfin NoceBy Jonathan E. Meyer and Elfin Noce on Posted in Consumer Privacy, Cybersecurity, Data Breach, Data Security, Privacy
In the aftermath of Equifax’s data breach, a federal court recently found that allegations of poor cybersecurity coupled with misleading statements supported a proper cause of action. In its decision, the U.S. District Court for the Northern District of Georgia allowed a securities fraud class action case to continue against Equifax. The lawsuit claims the company issued … Continue Reading

When the U.S. Government Declares Companies Cyber-Insecure, We Should All Pay Attention

Jonathan E. MeyerTownsend BourneBryce ChadwickBy Jonathan E. Meyer, Townsend Bourne and Bryce Chadwick on Posted in Cybersecurity, Data Protection, Data Security
The U.S. Government is increasingly taking the initiative to alert companies to the cybersecurity risks of certain foreign corporations. Whether by issuing binding directives on agencies, passing laws or promulgating regulations that include prohibitions on the use of these companies’ products – including by government contractors, the Government is becoming less reluctant to interfere in … Continue Reading

FTC Cyber Guidance for Small Business has Tips Helpful to All

Liisa ThomasBy Liisa Thomas on Posted in Cybersecurity, FTC
The Federal Trade Commission recently issued a cyber guide that, while intended for small businesses, can be of help for all businesses. The purpose of the guide, which includes various modules, is to help smaller businesses address data security threats. These modules follow guidance the FTC issued in April, stressing the importance of cyber security … Continue Reading

DOJ Report Suggests Direction For Addressing Cyber Threats

Jonathan E. MeyerBy Jonathan E. Meyer on Posted in Cybersecurity, Data Security, Government Privacy
As many of you have no doubt seen, the Justice Department recently released the report of the Attorney General’s Cyber Digital Task Force, a body the Attorney General had created in February. In the report, the Task Force, chaired by Deputy Attorney General Rod Rosenstein, seeks to answer the question: “How is the Department responding … Continue Reading

DHS Releases New Cybersecurity Strategy

Jonathan E. MeyerBy Jonathan E. Meyer on Posted in Cybersecurity, Privacy Regulation
On May 15, the Department of Homeland Security released its long-awaited Cybersecurity Strategy. The Strategy aims to reduce cybersecurity risk through “an innovative approach that fully leverages our collective capabilities across the Department and the entire cybersecurity community.” It sets a course of cybersecurity policy for the Department for the next five years and signals … Continue Reading

Privacy, Data Security, and Your Board: Day Five

Kari RollinsLiisa ThomasBy Kari Rollins and Liisa Thomas on Posted in Consumer Privacy, Cybersecurity, Data Breach, Data Security, Employee Privacy, Privacy
In our final installment on privacy, cyber security, and your board, we look at privacy and cyber issues in M&A. So you are thinking about acquiring a new entity? Divesting of current one? Due diligence will need to be conducted to best understand and evaluate privacy and data security issues and risks. Your board will … Continue Reading

Privacy, Data Security, and Your Board: Day Three

Kari RollinsLiisa ThomasBy Kari Rollins and Liisa Thomas on Posted in Consumer Privacy, Cybersecurity, Data Breach, Data Security, Employee Privacy, Privacy
In our ongoing conversation about privacy, data security and your board, we turn next to cyber insurance and vendor management. Boards, when executing their duty of care, should keep in mind that while there may be some coverage for data incidents under a company’s CGL and D&O policies, there may be significant gaps in coverage … Continue Reading

Privacy, Data Security, and Your Board: Day Two

Kari RollinsLiisa ThomasBy Kari Rollins and Liisa Thomas on Posted in Cybersecurity, Data Security, Employee Privacy, Privacy
In our continuing series about privacy, data security and your board, we next turn to how to best educate a board. Yesterday we mentioned about how board members have a duty of care. Part of that duty includes effectively overseeing matters relating to privacy and data security (or the often-used buzzword “cybersecurity”). How can board … Continue Reading

SEC Takes Baby Steps on Cyber, but Signals Greater Vigilance

Jonathan E. MeyerBy Jonathan E. Meyer on Posted in Consumer Protection, Cybersecurity, Data Security, Privacy and Data Security
On February 21, the Securities and Exchange Commission issued new Interpretive Guidance regarding disclosures of cybersecurity-related information by publicly traded companies. This guidance comes in the context of public pressure on the SEC to update its 2011 Division of Corporation Finance guidance regarding cybersecurity risks and incidents. According to SEC Chairman Jay Clayton’s statement, this … Continue Reading

Justice Department Creates Cyber-Digital Task Force

Jonathan E. MeyerTownsend BourneBy Jonathan E. Meyer and Townsend Bourne on Posted in Cybersecurity, Data Security, Government Privacy
On February 20, the Department of Justice announced that Attorney General Sessions had created a new, cross-departmental Cyber-Digital Task Force. He directed the Task Force to advise him on the most effective ways for DOJ to confront cyber threats and keep Americans safe. Specifically, the Task Force is charged with canvassing the work the Department … Continue Reading

The Encryption Battle Will Continue in 2018

Jonathan E. MeyerBy Jonathan E. Meyer on Posted in Cybersecurity, Data Security, Privacy, Privacy and Data Security
While they may disagree in other areas, one thing that former FBI Director James Comey, current Deputy Attorney General Rod Rosenstein, and current FBI Director Christopher Wray all have in common is their distaste for strong encryption that prevents the government from accessing information. In 2016, Comey and the Justice Department went to court to … Continue Reading

2017 Saw Ransomware on the Rise – 2018 Will See Even More

Jonathan E. MeyerBy Jonathan E. Meyer on Posted in Cybersecurity, Data Security
It’s fair to say that ransomware exploded in 2017. After inflicting an estimated $350 million in damage in 2015 and $850 million in 2016, at least one source estimates that it hit $5 billion last year. Most prominent among these were WannaCry, which shut down computers in 80 organizations affiliated with Britain’s National Health Service … Continue Reading

How Will Breach Laws Develop in 2018?

Liisa ThomasBy Liisa Thomas on Posted in Cybersecurity, Data Security, Privacy and Data Security
You hopefully already know that Maryland’s amendment to its data breach notification law went into effect this week (on January 1, 2018). We anticipate that other states may follow one of Maryland’s modifications, namely its expansion of the definition of personal information. Under the amended law “personal information” now includes an expanded definition of biometric information. Biometric … Continue Reading

Cybersecurity in the First Year of the Trump Administration

Jonathan E. MeyerBy Jonathan E. Meyer on Posted in Cybersecurity, Data Security, Privacy and Data Security
As might be expected, the first year of the Trump Administration saw a lot of activity on the cybersecurity front. In May, the Administration issued its “Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” As we discussed in an analysis we issued shortly thereafter, the Order brought more accountability to agencies for monitoring their … Continue Reading

NIST’s Highly-Anticipated Security Requirements Draft Impacts Government Contractors’ Treatment of CUI

Townsend BourneBy Townsend Bourne on Posted in Cybersecurity, Data Security, Privacy
Government contractors have until December 31 to implement security requirements from NIST Special Publication (SP) 800-171 (here) as mandated by the Defense Federal Acquisition Regulation Supplement (DFARS). The requirements include provisions for protecting Controlled Unclassified Information (CUI) (government sensitive but unclassified information; see the CUI Registry here) in nonfederal systems and compliance is expected soon to … Continue Reading
LexBlog

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.

Agree