Returning to Work with Secure Systems
Following the update to the Committee on Foreign Investment in the United States (“CFIUS” or the “Committee”) Enforcement and Penalty Guidelines, the Committee has continued to signal its intention to more heavily leverage...more
The proposed rule requires contractors to make annual affirmations regarding their cybersecurity maturity, thus increasing their risk of False Claims Act Liability. The proposed rule allows for limited use of Plans of...more
On December 26, 2023, the US Department of Defense (DoD) published its long-awaited proposed rule codifying the Cybersecurity Maturity Model Certification (CMMC) Program. The proposed CMMC rule will apply to all DoD...more
Aimed at combatting lawsuit abuse, Florida’s recently passed tort reform bill (HB 837/SB 236) makes dramatic changes to the state’s justice system, including negligent security cases against owners and operators of...more
According to the State of Ohio Department of Transportation website, the new division is intended to develop and provide training for school staff members whose districts opt to allow certain employees to be armed on school...more
Anti-Cheat, Code-Signed Driver Abused to Bypass Privileges and Deploy Ransomware - Trend Micro researchers observed a ransomware infection in late July 2022 that involved a code-signed driver called "mhyprot2.sys", which...more
In an opinion released on March 10, 2022, California Attorney General Rob Bonta addressed the applicability of the “right to know” under the California Consumer Privacy Act (CCPA) (pdf) to internal inferences that...more
Over the past few years, cities have started to implement workplace regulation, an area previously reserved to federal and state governments. The hotel industry, which often is one of the primary drivers of a local economy,...more
With cybersecurity legislation and regulation sweeping the country in response to a series of high-profile hacking and ransomware attacks, it was little surprise that cybersecurity was a topic at the recently concluded...more
The New York State Department of Financial Services (DFS) issued a letter to the cyber insurance community on February 4, 2021 that should signal a warning to many other businesses seeking to obtain or keep their...more
The current COVID-19 pandemic has forced many businesses online in order to survive. In many cases, businesses had no plans to be online. Others were forced to move online more quickly than planned. In order to assist these...more
Here are some tips to make sure you secure your systems as employees head back into the office after working remotely....more
Earlier this month, it was reported that the National Security Agency (NSA) discovered a serious security flaw in Microsoft Windows 10 cryptographic functionality, CVE-2020-0601.That security flaw could render trust...more
On August 26, 2019, the Transportation Security Administration (TSA) enacted its new Action Plan Program. The Action Plan Program "provides an opportunity for eligible parties and TSA to discuss and reach an agreement on...more
Governor Pritzker recently signed a law requiring notification or attempted notification of the parent or guardian of a student suspected of criminal activity prior to detaining and questioning the student on school grounds...more
Cybersecurity continues to be an imperative for the protection of the Department of Defense (DoD) and its contractors' supply chain. On June 19, 2019, the National Institute of Standards and Technology (NIST) issued two draft...more
Effective November 2, 2018, companies that suffer a breach may have certain defenses in Ohio if they have a written cybersecurity program in place. Under this new law, companies can use as an affirmative defense the existence...more
According to recent documents made public by the U.S. Patent and Trademark Office (USPTO) IBM has applied for a patent for a system that would use distributed ledger technology to address privacy and security concerns...more
While meeting with Russian President Vladimir Putin, President Trump was given a soccer ball, symbolic of the 2018 World Cup played in Russia. Bloomberg has reported that the soccer ball contained a chip, known as near-field...more
When a company is acquired, the buyer ultimately becomes responsible for the data security practices of the company that it acquired. This is true with regard to litigation risks, reputational risks, and regulatory risks. ...more
Almost all parties are required to exchange personal data as part of a merger and acquisition transaction. With data breaches on the rise, any buyer in a M&A transaction cannot afford to ignore privacy and data security...more
We’re all concerned with our home’s physical security, but so often we forget to pay the same amount of attention to our digital security. However, leaving your home’s digital entry points open is like leaving your front door...more
The United States Pipeline and Hazardous Materials Safety Administration (“PHMSA”) addressed in an August 15th letter the Hazardous Materials Regulations (“HMR”) security plan requirements. PHMSA was responding to two...more
Facing pressure from stakeholders and technological realities, the U.S. Food and Drug Administration has again delayed its enforcement of parts of the Drug Supply Chain Security Act (DSCSA). As we discussed in a prior post,...more
The Office of Inspector General for the Fed and CFPB has completed a report setting forth its findings from an audit in which it evaluated “selected security controls for protecting the [CFPB’s] consumerfinance.gov website...more