Carson Kuck

Carson Kuck

Alston & Bird

Contact
View Bio
RSS

Latest Publications

Share:

NYDFS Revises Prescriptive FAQs on Multifactor Authentication

Two months after the New York Department of Financial Services (“NYDFS”) updated its Frequently Asked Questions (“FAQs”), which we wrote about here, NYDFS has released updated FAQs on multifactor authentication (“MFA”) that...more

3/6/2026  /  Cybersecurity , Encryption , Financial Services Industry , Guidance Update , Multi-Factor Authentication , NYDFS , Regulatory Requirements , Risk Management , Security Controls

How AI is Changing the Incident Response Landscape: What GCs Need to Know

Our Privacy, Cyber & Data Strategy Team examines the profound implications of the evolution of AI-driven cyberattacks and offers practical steps general counsel can take to proactively defend against them....more

1/8/2026  /  Artificial Intelligence , Corporate Counsel , Cyber Attacks , Cyber Threats , Cybersecurity , Deep Fake , Incident Response Plans , Machine Learning , Malware , Risk Management , Risk Mitigation , Third-Party Risk

NYDFS Releases New Prescriptive FAQs on MFA

The New York Department of Financial Services (NYDFS) has released a new set of Frequently Asked Questions (FAQs 18–23) under 23 NYCRR Part 500, reinforcing its position that multifactor authentication (MFA) remains a...more

12/23/2025  /  Cloud Service Providers (CSPs) , Cybersecurity , Data Security , Financial Services Industry , Multi-Factor Authentication , NYDFS , Policies and Procedures , Regulatory Requirements , Risk Management , Technology Sector

NYDFS Issues Guidance on Managing Risks Related to Third-Party Service Providers

On October 21, 2025, the New York Department of Financial Services (“NYDFS”) published an Industry Letter (the “Letter”) outlining guidance on managing risks related to third-party service providers (“TPSPs”). NYDFS...more

10/28/2025  /  Cybersecurity , Due Diligence , Financial Services Industry , New Guidance , NYDFS , Risk Management , Third-Party Service Provider

Microsoft Announces Two New On-Premises SharePoint Vulnerabilities

Introduction - On July 19, 2025, Microsoft announced two new vulnerabilities that are actively being exploited (CVE-2025-49704 and CVE-2025-49706) and that relate to on-premises Microsoft SharePoint instances that are exposed...more

8/1/2025  /  Cyber Attacks , Cyber Threats , Cybersecurity , Data Security , Microsoft , National Security , Risk Management , Software , Vulnerability Assessments

Cybersecurity Controls: What Do Regulators Expect Nowadays?

Our Privacy, Cyber & Data Strategy Team highlights the increasingly specific cybersecurity controls identified by regulators, explains why these enhanced cybersecurity controls have become the focus of regulators, and shares...more

4/18/2025  /  Cybersecurity , Data Security , Employee Training , Enforcement Actions , Multi-Factor Authentication , NYDFS , Regulatory Requirements , Risk Management

FCC Announces New National Security Unit Focusing on State-Sponsored Cyber Threats

On March 13, 2025, the Federal Communications Commission’s (“FCC”) Chairman Brendan Carr announced the creation of a Council on National Security (the “Council”) with Adam Chan serving as the Director. This new Council will...more

3/17/2025  /  China , Cyber Threats , Cybersecurity , Data Security , FCC , National Security , Regulatory Oversight , Risk Management , Technology Sector , Telecommunications

Texas AG Files Complaint Against Major Insurance Company Regarding Data Practices

The Texas Office of the Attorney General recently has become increasingly interested in the practices of organizations who collect and utilize consumer data. On January 13, 2025, the Attorney General of Texas, Ken Paxton,...more

1/23/2025  /  Consent , Consumer Privacy Rights , Data Collection , Data Privacy , Data Protection , Enforcement Actions , Insurance Industry , Privacy Laws , State Attorneys General , State Privacy Laws

FTC Announces Proposed Settlement with GoDaddy Incorporating Prescriptive Cybersecurity Requirements

On January 15, 2025, the Federal Trade Commission (FTC) announced a proposed settlement with GoDaddy Inc. (GoDaddy) for making false or misleading representations about their security practices in violation of Section 5 of...more

1/22/2025  /  Antitrust Violations , Compliance , Cybersecurity , Data Privacy , Data Security , Enforcement Actions , Federal Trade Commission (FTC) , FTC Act , Misleading Statements , Privacy Laws , Risk Management , Unfair or Deceptive Trade Practices

OFAC Announces Sanctions Against Chinese-Based Cybersecurity Company

On January 3, 2025, the Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) announced sanctions on a Chinese-based cybersecurity company, Integrity Technology Group, Inc. (“Integrity Tech”). These sanctions...more

1/14/2025  /  China , Compliance , Cyber Attacks , Cybersecurity , Economic Sanctions , Enforcement Actions , National Security , Office of Foreign Assets Control (OFAC) , Sanctions , U.S. Treasury
10 Results
 / 
View per page
Page: of 1

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide