Category Archives: Cybersecurity

CISA Releases “Cyber Essentials” to Assist Small Businesses

By Jonathan E. Meyer, Townsend Bourne and *Nikole Snyder on November 12, 2019 Posted in Cybersecurity, Data Security

The Department of Homeland Security Cybersecurity & Infrastructure Security Agency recently released its Cyber Essentials guide. Consistent with the NIST Cybersecurity Framework, these Cyber Essentials provide “a starting point to cyber readiness,” and are specifically aimed at small businesses and local government agencies that may have fewer resources to dedicate to cybersecurity. The guide suggests … Continue Reading

Feds Want New IoT Guidance to Address Security Vulnerabilities

By Townsend Bourne and Elfin Noce on May 22, 2019 Posted in Cybersecurity, Data Security, Government Privacy, Internet of Things

“Internet of Things” devices are listening. And now the federal government is taking notice. As we reported in our Government Contracts and Investigations blog, to date, federal cybersecurity regulations for government contractors focus on implementing safeguards to protect sensitive government data. A gap has emerged where the federal government purchases IoT devices. Those devices collect and send data … Continue Reading

SEC To Focus on Cybersecurity in 2019

By Kari Rollins and Sarah Aberg on March 27, 2019 Posted in Cybersecurity, Data Security, SEC

For the fourth year running, the Securities and Exchange Commission’s Office continues to list cybersecurity as one of the top enforcement priorities for 2019. As it relates to cybersecurity, the SEC will be focusing on ensuring companies have proper configuration of network storage devices, robust information security governance, and established policies and procedures specific to … Continue Reading

Happy First Day of Spring! Ohio Insurance Law Effective Today

By Liisa Thomas, Elfin Noce and Kari Rollins on March 20, 2019 Posted in Consumer Privacy, Cybersecurity, Data Security

Ohio recently followed South Carolina as the second state to adopt cybersecurity legislation modeled after the NAIC’s Insurance Data Security Model Law. The Ohio law, Senate Bill 273, applies to insurers authorized to do business in Ohio and goes into effect today, March 20, 2019 (the first day of Spring). Companies have, under the law, … Continue Reading

Court Finds Cybersecurity-Related Claims Sufficient in Securities Class Action

By Jonathan E. Meyer and Elfin Noce on February 6, 2019 Posted in Consumer Privacy, Cybersecurity, Data Breach, Data Security, Privacy

In the aftermath of Equifax’s data breach, a federal court recently found that allegations of poor cybersecurity coupled with misleading statements supported a proper cause of action. In its decision, the U.S. District Court for the Northern District of Georgia allowed a securities fraud class action case to continue against Equifax. The lawsuit claims the company issued … Continue Reading

When the U.S. Government Declares Companies Cyber-Insecure, We Should All Pay Attention

By Jonathan E. Meyer, Townsend Bourne and Bryce Chadwick on January 7, 2019 Posted in Cybersecurity, Data Protection, Data Security

The U.S. Government is increasingly taking the initiative to alert companies to the cybersecurity risks of certain foreign corporations. Whether by issuing binding directives on agencies, passing laws or promulgating regulations that include prohibitions on the use of these companies’ products – including by government contractors, the Government is becoming less reluctant to interfere in … Continue Reading

FTC Cyber Guidance for Small Business has Tips Helpful to All

By Liisa Thomas on November 12, 2018 Posted in Cybersecurity, FTC

The Federal Trade Commission recently issued a cyber guide that, while intended for small businesses, can be of help for all businesses. The purpose of the guide, which includes various modules, is to help smaller businesses address data security threats. These modules follow guidance the FTC issued in April, stressing the importance of cyber security … Continue Reading

DOJ Report Suggests Direction For Addressing Cyber Threats

By Jonathan E. Meyer on August 8, 2018 Posted in Cybersecurity, Data Security, Government Privacy

As many of you have no doubt seen, the Justice Department recently released the report of the Attorney General’s Cyber Digital Task Force, a body the Attorney General had created in February. In the report, the Task Force, chaired by Deputy Attorney General Rod Rosenstein, seeks to answer the question: “How is the Department responding … Continue Reading

DHS Releases New Cybersecurity Strategy

By Jonathan E. Meyer on May 21, 2018 Posted in Cybersecurity, Privacy Regulation

On May 15, the Department of Homeland Security released its long-awaited Cybersecurity Strategy. The Strategy aims to reduce cybersecurity risk through “an innovative approach that fully leverages our collective capabilities across the Department and the entire cybersecurity community.” It sets a course of cybersecurity policy for the Department for the next five years and signals … Continue Reading

White House Eliminates Top Cybersecurity Position

By Jonathan E. Meyer on May 18, 2018 Posted in Cybersecurity, Privacy Regulation

On May 15, the White House announced that it was eliminating the position of Cybersecurity Coordinator at the National Security Council, the highest position at the White House devoted to cybersecurity. While not unexpected, this move is significant.… Continue Reading

NY Issues Data Breach Report

By Snehal Desai and Kari Rollins on April 12, 2018 Posted in Cybersecurity, Data Breach, Data Security

New York Attorney General, Eric. T. Schneiderman, stated in a recent press release that 9.2 million New Yorkers had their personal data compromised in 2017. Such data compromises were mainly due to large scale data hacks, such as the Equifax and Game Stop hacks. According to the NYAG office’s report, 1,583 data breaches were reported … Continue Reading

Privacy, Data Security, and Your Board: Day Five

By Kari Rollins and Liisa Thomas on March 2, 2018 Posted in Consumer Privacy, Cybersecurity, Data Breach, Data Security, Employee Privacy, Privacy

In our final installment on privacy, cyber security, and your board, we look at privacy and cyber issues in M&A. So you are thinking about acquiring a new entity? Divesting of current one? Due diligence will need to be conducted to best understand and evaluate privacy and data security issues and risks. Your board will … Continue Reading

Privacy, Data Security, and Your Board: Day Three

By Kari Rollins and Liisa Thomas on February 28, 2018 Posted in Consumer Privacy, Cybersecurity, Data Breach, Data Security, Employee Privacy, Privacy

In our ongoing conversation about privacy, data security and your board, we turn next to cyber insurance and vendor management. Boards, when executing their duty of care, should keep in mind that while there may be some coverage for data incidents under a company’s CGL and D&O policies, there may be significant gaps in coverage … Continue Reading

Privacy, Data Security, and Your Board: Day Two

By Kari Rollins and Liisa Thomas on February 27, 2018 Posted in Cybersecurity, Data Security, Employee Privacy, Privacy

In our continuing series about privacy, data security and your board, we next turn to how to best educate a board. Yesterday we mentioned about how board members have a duty of care. Part of that duty includes effectively overseeing matters relating to privacy and data security (or the often-used buzzword “cybersecurity”). How can board … Continue Reading

SEC Takes Baby Steps on Cyber, but Signals Greater Vigilance

By Jonathan E. Meyer on February 27, 2018 Posted in Consumer Protection, Cybersecurity, Data Security, Privacy and Data Security

On February 21, the Securities and Exchange Commission issued new Interpretive Guidance regarding disclosures of cybersecurity-related information by publicly traded companies. This guidance comes in the context of public pressure on the SEC to update its 2011 Division of Corporation Finance guidance regarding cybersecurity risks and incidents. According to SEC Chairman Jay Clayton’s statement, this … Continue Reading

Justice Department Creates Cyber-Digital Task Force

By Jonathan E. Meyer and Townsend Bourne on February 26, 2018 Posted in Cybersecurity, Data Security, Government Privacy

On February 20, the Department of Justice announced that Attorney General Sessions had created a new, cross-departmental Cyber-Digital Task Force. He directed the Task Force to advise him on the most effective ways for DOJ to confront cyber threats and keep Americans safe. Specifically, the Task Force is charged with canvassing the work the Department … Continue Reading

The Encryption Battle Will Continue in 2018

By Jonathan E. Meyer on January 16, 2018 Posted in Cybersecurity, Data Security, Privacy, Privacy and Data Security

While they may disagree in other areas, one thing that former FBI Director James Comey, current Deputy Attorney General Rod Rosenstein, and current FBI Director Christopher Wray all have in common is their distaste for strong encryption that prevents the government from accessing information. In 2016, Comey and the Justice Department went to court to … Continue Reading

2017 Saw Ransomware on the Rise – 2018 Will See Even More

By Jonathan E. Meyer on January 8, 2018 Posted in Cybersecurity, Data Security

It’s fair to say that ransomware exploded in 2017. After inflicting an estimated $350 million in damage in 2015 and $850 million in 2016, at least one source estimates that it hit $5 billion last year. Most prominent among these were WannaCry, which shut down computers in 80 organizations affiliated with Britain’s National Health Service … Continue Reading

Will 2018 Bring Developments in Government Access to Electronic Records?

By Jonathan E. Meyer on January 4, 2018 Posted in Cybersecurity, Government Privacy

2018 should prove to be a particularly interesting year on the subject of government access to private electronic records, as 2017 has served as an interesting prelude to what’s ahead:… Continue Reading

How Will Breach Laws Develop in 2018?

By Liisa Thomas on January 3, 2018 Posted in Cybersecurity, Data Security, Privacy and Data Security

You hopefully already know that Maryland’s amendment to its data breach notification law went into effect this week (on January 1, 2018). We anticipate that other states may follow one of Maryland’s modifications, namely its expansion of the definition of personal information. Under the amended law “personal information” now includes an expanded definition of biometric information. Biometric … Continue Reading

Cybersecurity in the First Year of the Trump Administration

By Jonathan E. Meyer on December 27, 2017 Posted in Cybersecurity, Data Security, Privacy and Data Security

As might be expected, the first year of the Trump Administration saw a lot of activity on the cybersecurity front. In May, the Administration issued its “Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” As we discussed in an analysis we issued shortly thereafter, the Order brought more accountability to agencies for monitoring their … Continue Reading

NIST’s Highly-Anticipated Security Requirements Draft Impacts Government Contractors’ Treatment of CUI

By Townsend Bourne on December 18, 2017 Posted in Cybersecurity, Data Security, Privacy

Government contractors have until December 31 to implement security requirements from NIST Special Publication (SP) 800-171 (here) as mandated by the Defense Federal Acquisition Regulation Supplement (DFARS). The requirements include provisions for protecting Controlled Unclassified Information (CUI) (government sensitive but unclassified information; see the CUI Registry here) in nonfederal systems and compliance is expected soon to … Continue Reading

Lessons Learned from Cyber Awareness Month – Part Four

By Jonathan E. Meyer on November 27, 2017 Posted in Cybersecurity

In this, our last post about learnings from cyber awareness month, we focus on developing the next generation of cybersecurity experts and increasing its size. According to a study by the Center for Cyber Safety and Education, within five years there will be a shortage of 1.8 million data security workers. This means companies will find it … Continue Reading

Lessons Learned from Cyber Awareness Month – Part Three

By Jonathan E. Meyer on November 20, 2017 Posted in Cybersecurity, Internet of Things

Following up on our prior posts, we now turn to the future of cybersecurity. In so doing, we are reminded that, just as technology and the Internet are rapidly changing, so is the need for defenses against cyber attacks. Today’s cutting edge includes smart cities, connected devices, digitized records and smart cars. They bring with them … Continue Reading

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.

Agree