On August 7, 2024, after three years of negotiation, the United Nation’s Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal...more
Recent enforcement actions and announcements show that state and federal regulators are continuing to focus intensely on cybersecurity and data protection. Notably, the New York Department of Financial Services (“NYDFS”)...more
7/18/2023
/ Consent Order ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Enforcement ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
New York ,
NYDFS ,
Popular ,
Settlement ,
State and Local Government ,
State Data Privacy Laws
Last month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Energy (DOE) issued a joint advisory providing “information on multiple...more
4/26/2022
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Protection ,
Data Security ,
Department of Energy (DOE) ,
FBI ,
Information Sharing ,
International Trade ,
Popular ,
Russia
The Federal Trade Commission (FTC) recently warned private entities to remediate any ongoing Log4j vulnerabilities present within their networks or face possible enforcement action....more
According to numerous government and media sources, malicious cyber actors are targeting a new “zero day” vulnerability on a massive scale. This vulnerability, referred to as “Log4j” or “Log4Shell,” has resulted in widespread...more
12/22/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Hackers ,
Incident Response Plans ,
Popular ,
Risk Management ,
Software
We have written here previously about the dramatic increase in cyberattacks on companies of all types since the start of the COVID-19 pandemic. Indeed, by some estimates, ransomware attacks have increased over 90% during the...more
As the COVID era drags on, it is clear that work life “post-COVID” may be very different from life “pre-COVID.” This is especially true as it relates to IT security. More and more employees have shifted to a telecommuting...more
1/15/2021
/ Coronavirus/COVID-19 ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Employees ,
Employer Liability Issues ,
Multi-Factor Authentication ,
Network Security ,
Remote Working ,
Telecommuting ,
Virtual Private Networks
Earlier this week, Texas-based IT software vendor SolarWinds issued a critical security advisory, acknowledging that a “highly sophisticated” hacker had inserted a vulnerability in an updated version of SolarWinds’ Orion...more
On October 8, 2020, Community Health Systems, Inc. (Community Health) and its subsidiary CHSPSC, LLC entered into a settlement agreement with 28 states for $5 million to resolve claims related to a 2014 data breach. Community...more
On October 1, 2020, the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory to companies that pay a ransom in the wake of a cyberattack. Specifically, the advisory warned that...more
On September 15, 2020, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert highlighting the recent uptick in “credential stuffing” cyber-attacks against SEC-registered investment advisors...more
9/18/2020
/ Broker-Dealer ,
Compliance ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
Identity Theft ,
Investment Adviser ,
Popular ,
Risk Alert ,
Securities and Exchange Commission (SEC)
In July 2020, the New York State Department of Financial Services (NYDFS) filed the first enforcement action under the new NYDFS Cybersecurity Regulation, 23 NYCRR Part 500 (Part 500), against First American Title Insurance...more
Business Email Compromise (BEC) scams have become increasingly commonplace and financially destructive. According to the Federal Bureau of Investigation (FBI), 2019 was the worst year on record for BEC scams — both in terms...more
As the COVID-19 pandemic continues to demand the attention of corporate leaders and the public at large, businesses have likely had little time to get up to speed on New York’s new data breach notification law, the Stop Hacks...more
On May 23, 2019, the United States Securities and Exchange Commission (“SEC”)’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert entitled “Safeguarding Customer Records and Information in Network...more
5/29/2019
/ Broker-Dealer ,
Cloud Storage ,
Customer Information ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Data Storage Providers ,
Identity Theft ,
Identity Theft Red Flags Rule ,
Investment Adviser ,
OCIE ,
Policies and Procedures ,
Popular ,
Regulation S-ID ,
Regulation S-P ,
Regulatory Requirements ,
Risk Alert ,
Safeguards Rule ,
Securities and Exchange Commission (SEC) ,
Third-Party Service Provider ,
Vendors