Cybersecurity

Subscribe to Cybersecurity RSS Feed

NYDFS Files Formal Charges Against Insurance Company for Violations of New York’s Cybersecurity Regulation

As predicted in our February 4, 2020 blog post, the New York Department of Financial Services (“DFS”) has filed its first formal charges for violation of the state’s cybersecurity regulation. The charges were filed against an insurance company for allegedly violating several provisions of Part 500 of Title 23 of the New York Codes, Rules, … Continue Reading

Federal Government Issues Alert on Top Ten Cybersecurity Vulnerabilities

Robust cybersecurity continues to be of paramount importance as the COVID-19 outbreak develops and cybercriminals seek to exploit a remote workforce, which necessitates that companies check their policies, procedures, and controls to ensure they are addressing the highest areas of risk.  On May 12, 2020, the Cybersecurity and Infrastructure Security Agency (“CISA”) at the U.S. … Continue Reading

Cybercriminals Are Beginning to Master the Exploitation of Public Entities

“Public service is a public trust” In March, 2020, a smaller municipality of approximately 145,000 people fell victim to a sophisticated ransomware attack.  When city officials issued statements to the public that personal information was not compromised, the cybercriminals retaliated.  The bad actors flooded the internet and dark web with personal information from a portion … Continue Reading

Fraud in Times of Crisis

Following recent data security blogs by Francesca Fellowes and Dillon Ravikumar on April 20 and March 26, this update shares guidance from our colleagues in litigation. Ian Debbage and Gareth Timms, write about one of the intended aims of a security breach; fraud – what it is, how you can reduce the risks of fraud … Continue Reading

New York’s SHIELD Act Provisions Now In Effect

The final provision of New York’s Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”), 2019 N.Y. Ch. 117, took effect on March 21, 2020.  For more information on the SHIELD Act, visit our previous blog post, New York Cybersecurity Upgrades: Are you Ready?, which provides an overview of the most-recent provision that took … Continue Reading

PCI Data Security Standard Compliance Falling: What Could it Cost You?

Is compliance with payment card data security standards being ignored? In a world where data breach scrutiny and sanctions have increased dramatically, compliance with payment card security standards have fallen. Sam Tibbetts has drafted a post on our sister blog, Global IP & Technology Law, detailing the Payment Card Industry Data Security Standard, why businesses … Continue Reading

Enforcement of the NYDFS Cybersecurity Regulation Coming in the Near Future

The NY Department of Financial Services Cybersecurity Regulation, 23 N.Y. Comp. Code R. & Regs. § 500, provides for the protection of customer information and information technology systems of Covered Entities, in recognition of the “ever growing threat posed to information and financial systems by nation-states, terrorist organizations and independent criminal actors.” The Cybersecurity Regulation … Continue Reading

Heightened Risk of Cyberattacks – What You Should Do Now

In recent days, all eyes have been on the escalating tension between Iran and the US.  While we wait and watch politics unfold, the Department of Homeland Security (DHS), New York’s Department of Financial Services and the Cybersecurity and Infrastructure Security Agency (CISA) have all issued notices concerning the heightened risk of an Iranian cyberattack. … Continue Reading

Executive Hacks and What To Do

I was recently helping a client in Tokyo respond to a serious and sophisticated cyber breach where hackers executed a transfer of nearly US$1M out of the client’s Hong Kong bank account. In this instance, the hackers had hacked into the CEO’s cloud-based corporate e-mail account and had determined a way to create a transaction … Continue Reading

Cybersecurity Takes Focus in Healthcare

Cybersecurity awareness recently took center stage in the healthcare industry when the Department of Health and Human Services (HHS) issued comprehensive risk-prioritized cybersecurity best practices to combat top threats.  HHS mapped this guidance to the National Institute of Standards and Technology (NIST) Cybersecurity Framework, cross-referencing 88 individual sub-practices for healthcare organizations of all sizes. The … Continue Reading

Data Privacy or Cybersecurity: Which is More Important?

To any good lawyer, the answer is ‘both’ are important.  However, most in-house counsel know the answer is which receives the limited available budget.  Compliance budgets usually follow the greatest risks for the company.  Therefore, in Europe, where the EU’s General Data Protection Regulation is the scariest new compliance issue, it stands to reason that … Continue Reading

SEC Fines Yahoo $35 Million for Misleading Investors by Failing to Disclose Cybersecuity Breach

In a first of its kind, the SEC recently fined Yahoo US$35 million for failing to assess and disclose a 2014 data breach that affected over 500 million user accounts. What caused the SEC to charge Yahoo with cybersecurity-related disclosure violations?  Our colleague Coates Lear has prepared an analysis of this enforcement action, including the post-breach information relayed … Continue Reading

Emerging Technologies and Cybersecurity

Ann LaFrance has published an article in this month’s Cyber Security Practitioner on a recent report by the European Union Agency for Network and Information Security on cybersecurity issues in relation to emerging technologies, including: The Internet of Things (IoT) Autonomous systems (e.g., vehicles) Next-generation virtualized infrastructures (e.g., software-defined networks and 5G) Upcoming societal challenges … Continue Reading

Federal Financial Institutions Examination Council Cautions Companies Not to Over-Rely On Cyber Insurance in Lieu of Robust Security Controls

In a Joint Statement issued this week, the Federal Financial Institutions Examination Council (“FFIEC”) – which comprises the principals of the Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, and State Liaison Committee – cautioned the … Continue Reading

Alternative Communications Planning and Cybersecurity Incident Response

In her fourth installment of “Cybersecurity Law” for CSO, Tara Swaminatha focuses on communications planning as part of an incident response plan (IR). Many companies are now rightfully revisiting their IR protocols to prepare themselves for future attacks. More and more regulatory requirements dictate that organizations must have a written IR plan. While an IR plan … Continue Reading

The CLOUD Act, Part 2

Our March 22, 2018 our readers were directed to a post published on our sister Anticorruption Blog which discussed the at the time proposed The CLOUD Act.  The act was signed into law as part of the Omnibus Spending Bill on March 23, 2018.  In Part 2 of her article, Ericka Johnson focuses on The … Continue Reading

Supreme Court Hears Arguments on Cloud Security

On February 27, 2018 the Supreme Court heard arguments surrounding the privacy of data stored abroad and the reach of U.S. search warrants to retrieve such data.  While the Supreme Court decides the merits of United States v. Microsoft, Congress will debate on overhauling the Stored Communications Act (“SCA”) to reflect technological advances that were … Continue Reading

SEC Emphasizes Cybersecurity as a Focus Area for the Coming Year

Last week, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations released its enforcement priorities for 2018.  Making the list for the fifth year in a row, cybersecurity was emphasized as a focus for the SEC in the coming year. In a recent post on Squire Patton Boggs’ anticorruption blog, Coates Lear and Elizabeth Weil … Continue Reading

A Week Later, Early Predictions about Meltdown and Spectre Largely Hold True

The two attacks affect nearly 90 percent of the world’s computers. Recent reports suggest that computers – personal, business, and cellular alike – are susceptible to two newly discovered major security flaws. These flaws, colloquially known as “Meltdown” and “Spectre,” could open the door for hackers to access the contents of almost any computer. Meltdown … Continue Reading
LexBlog