Tag Archives: cyber security

New York Joins the Wave of States Requiring Businesses to Adopt Reasonable Cybersecurity Safeguards to Protect Private Information

New York is the latest state to adopt a law that requires businesses that collect private information on its residents to implement reasonable cybersecurity safeguards to protect that information. New York now joins California, Massachusetts and Colorado in setting these standards. New York’s law mandates the implementation of a data security program, including measures such as risk assessments, workforce training and incident response planning and testing. Businesses should immediately begin the process to comply with the Act’s requirements effective March 21, 2020. Notably, New York’s law covers all employers, individuals or organizations, regardless of size or location, which collect private information on New York State residents.

Read more

Read full article

Recent Indictment of Anthem Hackers Serves as a Reminder of the Importance of Rigorous Workforce Cybersecurity Training, Incident Response Plans and Formalized Security Programs

On May 9, 2019, the United States Department of Justice announced the indictment of two Chinese Nationals as members of a sophisticated hacking group responsible for the hack of Anthem, Inc. and other unnamed U.S. based large technology, communications and basic materials companies. The hack resulted in the breach of personally identifiable information of over 78 million individuals held by Anthem and the theft of confidential business information from the victimized organizations. The indictment provides a roadmap to advanced hacking attacks regularly faced by technology, healthcare and infrastructure organizations with valuable data to protect. The indictment serves as a reminder that organizations subject to advanced persistent threat from organized hacking groups should adopt a defense in depth strategy including workforce cybersecurity training, vulnerability scanning, network monitoring and comprehensive incident response plans to thwart or mitigate these attacks. These protective countermeasures should be part of the organization’s formalized information security program.

Read more

Read full article

Formal Insider Threat Risk Assessment Program Best Addresses Employee Threats to Critical Technologies

We published an article with NYSBA Labor and Employment Law Journal, titled “Employee Threats to Critical Technologies Are Best Addressed Through a Formalized Insider Threat Risk Assessment Process and Program.” With the New York State Bar Association’s permission.

Read more

Read full article

Model Cyber Security Law Pending Final Action By National Association of Insurance Commissioners

It is highly likely that the National Association of Insurance Commissioners (“NAIC”) will adopt a model data cyber security law premised largely on the New York State Department of Financial Services (“NYSDFS”) cyber security regulations.  Recently, we discussed the NYSDFS’ proposed extension of its cyber security regulations to credit reporting agencies in the wake of the Equifax breach.  New York Governor Andrew Cuomo has announced, “The Equifax breach was a wakeup call and with this action New York is raising the bar for consumer protections that we hope will be replicated across the nation.”  Upon adoption by the NAIC, the NYSDFS regulations requiring that NYS financial organizations have in place a written and implemented cyber security program will gain further traction toward setting a nationwide standard for cyber security and breach notification.  Indeed, although there are differences, the NAIC drafters emphasized that any Licensee in compliance with the NYSDFS “Cybersecurity Requirements for Financial Services Companies” will also be in compliance with the model law.

Read full article

Model Cyber Security Law Pending Final Action By National Association of Insurance Commissioners

It is highly likely that the National Association of Insurance Commissioners (“NAIC”) will adopt a model data cyber security law premised largely on the New York State Department of Financial Services (“NYSDFS”) cyber security regulations.  Recently, we discussed the NYSDFS’ proposed extension of its cyber security regulations to credit reporting agencies in the wake of the Equifax breach.  New York Governor Andrew Cuomo has announced, “The Equifax breach was a wakeup call and with this action New York is raising the bar for consumer protections that we hope will be replicated across the nation.”  Upon adoption by the NAIC, the NYSDFS regulations requiring that NYS financial organizations have in place a written and implemented cyber security program will gain further traction toward setting a nationwide standard for cyber security and breach notification.  Indeed, although there are differences, the NAIC drafters emphasized that any Licensee in compliance with the NYSDFS “Cybersecurity Requirements for Financial Services Companies” will also be in compliance with the model law.

Read full article

Cyber Security: What attorneys can do to protect their jobs and their companies

It is becoming common knowledge that the barrage of data security breaches, including the recent Yahoo and Experian breaches, can cause severe disruptions, financial costs, and liabilities in the workplace. As Yahoo’s now ex-General Counsel and former top security officials from Experian could attest, heads can roll following a data security breach. In-house counsel—who regularly help their companies balance business realities and legal requirements—are at particular risk of being “scapegoated” for organizational failures that lead to major breaches. The best way to protect the company and preserve the counsel’s job security is to proactively help identify and address data protection and cyber security issues. Here are three action items to consider in assuming this data leadership role.

Read full article

“Car Hacking Growing More Likely, Security Experts Say,” Jim Giszczak quoted by Yahoo! Auto

Mr. Robot wants to drive your car.

But the Golden Globe winning drama’s fictional team of hackers is not nearly as dangerous as the real people who might try to take control while you’re driving, according to cyber security experts speaking at the Automotive Press Association luncheon Tuesday in Detroit.

“It’s going to happen,” said Tom Winterhalter, supervisory special agent, FBI Detroit Division, cyber squad. “There are groups out there that will want to try.”

Read full article

“APA Cyber Security Briefing at the DAC,” Jim Giszczak quoted by The Auto Channel

Expect to buy a new car in the near future ? Be prepared to enter the “wild, wild west.”

That’s the assessment of a Detroit FBI agent who specializes in cyber security and the impact of hacking and other electronic threats on the future of what we drive.

Read full article

“Cyber security requires preparedness,” Jim Giszczak quoted in SAE International

A ‘door-open’ warning as a vehicle cruises at highway speed is very worrisome. But if the alert doesn’t match reality, a cyber hack could be the culprit.

Read full article

McDonald Hopkins issues new white paper: 7 tactics for winning the cyber war

McDonald Hopkins issues new white paper: 7 tactics

CLEVELAND (August 25, 2015) – As businesses collect more personal and sensitive customer and commercial data, they become bigger targets for data breaches. And what many board members don’t realize is that in the face of a cyber attack, they can find themselves the target of shareholder derivative action or regulatory enforcement action. Cybersecurity needs to be looked at as more than an IT issue – it’s a corporate strategy issue that affects everyone at a business. 

Read full article