Category Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

FTC Cyber Guidance for Small Business has Tips Helpful to All

The Federal Trade Commission recently issued a cyber guide that, while intended for small businesses, can be of help for all businesses. The purpose of the guide, which includes various modules, is to help smaller businesses address data security threats. These modules follow guidance the FTC issued in April, stressing the importance of cyber security … Continue Reading

DOJ Report Suggests Direction For Addressing Cyber Threats

As many of you have no doubt seen, the Justice Department recently released the report of the Attorney General’s Cyber Digital Task Force, a body the Attorney General had created in February. In the report, the Task Force, chaired by Deputy Attorney General Rod Rosenstein, seeks to answer the question: “How is the Department responding … Continue Reading

DHS Releases New Cybersecurity Strategy

On May 15, the Department of Homeland Security released its long-awaited Cybersecurity Strategy. The Strategy aims to reduce cybersecurity risk through “an innovative approach that fully leverages our collective capabilities across the Department and the entire cybersecurity community.” It sets a course of cybersecurity policy for the Department for the next five years and signals … Continue Reading

Privacy, Data Security, and Your Board: Day Five

In our final installment on privacy, cyber security, and your board, we look at privacy and cyber issues in M&A. So you are thinking about acquiring a new entity? Divesting of current one? Due diligence will need to be conducted to best understand and evaluate privacy and data security issues and risks. Your board will … Continue Reading

Privacy, Data Security, and Your Board: Day Three

In our ongoing conversation about privacy, data security and your board, we turn next to cyber insurance and vendor management. Boards, when executing their duty of care, should keep in mind that while there may be some coverage for data incidents under a company’s CGL and D&O policies, there may be significant gaps in coverage … Continue Reading

Privacy, Data Security, and Your Board: Day Two

In our continuing series about privacy, data security and your board, we next turn to how to best educate a board. Yesterday we mentioned about how board members have a duty of care. Part of that duty includes effectively overseeing matters relating to privacy and data security (or the often-used buzzword “cybersecurity”). How can board … Continue Reading

SEC Takes Baby Steps on Cyber, but Signals Greater Vigilance

On February 21, the Securities and Exchange Commission issued new Interpretive Guidance regarding disclosures of cybersecurity-related information by publicly traded companies. This guidance comes in the context of public pressure on the SEC to update its 2011 Division of Corporation Finance guidance regarding cybersecurity risks and incidents. According to SEC Chairman Jay Clayton’s statement, this … Continue Reading

Justice Department Creates Cyber-Digital Task Force

On February 20, the Department of Justice announced that Attorney General Sessions had created a new, cross-departmental Cyber-Digital Task Force. He directed the Task Force to advise him on the most effective ways for DOJ to confront cyber threats and keep Americans safe. Specifically, the Task Force is charged with canvassing the work the Department … Continue Reading

The Encryption Battle Will Continue in 2018

While they may disagree in other areas, one thing that former FBI Director James Comey, current Deputy Attorney General Rod Rosenstein, and current FBI Director Christopher Wray all have in common is their distaste for strong encryption that prevents the government from accessing information. In 2016, Comey and the Justice Department went to court to … Continue Reading

2017 Saw Ransomware on the Rise – 2018 Will See Even More

It’s fair to say that ransomware exploded in 2017. After inflicting an estimated $350 million in damage in 2015 and $850 million in 2016, at least one source estimates that it hit $5 billion last year. Most prominent among these were WannaCry, which shut down computers in 80 organizations affiliated with Britain’s National Health Service … Continue Reading

How Will Breach Laws Develop in 2018?

You hopefully already know that Maryland’s amendment to its data breach notification law went into effect this week (on January 1, 2018). We anticipate that other states may follow one of Maryland’s modifications, namely its expansion of the definition of personal information. Under the amended law “personal information” now includes an expanded definition of biometric information. Biometric … Continue Reading

Cybersecurity in the First Year of the Trump Administration

As might be expected, the first year of the Trump Administration saw a lot of activity on the cybersecurity front. In May, the Administration issued its “Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” As we discussed in an analysis we issued shortly thereafter, the Order brought more accountability to agencies for monitoring their … Continue Reading

NIST’s Highly-Anticipated Security Requirements Draft Impacts Government Contractors’ Treatment of CUI

Government contractors have until December 31 to implement security requirements from NIST Special Publication (SP) 800-171 (here) as mandated by the Defense Federal Acquisition Regulation Supplement (DFARS). The requirements include provisions for protecting Controlled Unclassified Information (CUI) (government sensitive but unclassified information; see the CUI Registry here) in nonfederal systems and compliance is expected soon to … Continue Reading

Lessons Learned from Cyber Awareness Month – Part Three

Following up on our prior posts, we now turn to the future of cybersecurity. In so doing, we are reminded that, just as technology and the Internet are rapidly changing, so is the need for defenses against cyber attacks. Today’s cutting edge includes smart cities, connected devices, digitized records and smart cars. They bring with them … Continue Reading

Lessons Learned from Cyber Awareness Month – Part Two

Following up on our last post about Cyber Awareness, we now focus on cybersecurity in the workplace. All organizations – large and small, for-profit and non-profit – need to be vigilant about cybersecurity. According to one analysis, 918 data breaches led to 1.9 billion data records being compromised worldwide in the first half of 2017, or … Continue Reading

Lessons Learned from Cyber Awareness Month – Part One

October was Cyber Security Awareness Month. As proclaimed by President Trump and organized by the Department of Homeland Security, Cyber Security Awareness Month is a time to focus on cybersecurity as a shared responsibility that affects all Americans. Now that it has come to an end, it’s worth reviewing some of the important points highlighted during the … Continue Reading

Presidential Executive Order on Cybersecurity: No More Antiquated IT

On May 11, President Donald Trump issued his long-awaited Executive Order on cybersecurity, the ‘‘Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.’’ It had been in the works since early in the administration, and its release had been announced (and drafts leaked) several times, only to be pulled back and … Continue Reading

WannaCry Ransomware Alert

This is not a drill. Companies and law enforcement agencies around the world have been left scrambling after the world’s most prolific ransomware attack hit over 500,000 computers in 150 countries over a span of only 4 days. The ransomware – called WannaCry, WCry, WannaCrypt, or WannaDecryptor – infects vulnerable computers and encrypts all of … Continue Reading

New York State Department of Financial Services Cybersecurity Regulation Poised to Reshape Existing Regulatory Landscape

In late December, New York State’s Department of Financial Services (“DFS”) released its revised proposed cybersecurity regulation (the “DFS Rule”).  While the revisions pare back some of the DFS Rule’s original requirements and add some much needed flexibility, the regulation will still impose many new obligations upon a wide array of financial institutions doing business … Continue Reading
LexBlog

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.

Agree