Department of Defense Releases Cybersecurity Model Certification Required in Contract Bids

The Department of Defense released last week its new Cybersecurity Maturity Model Certification (CMMC), which will require at least some companies bidding on defense contracts to certify that they are compliant with at least the basic level of cybersecurity standards to work on government contracts.  The CMMC is a certification procedure that ensures that contractors have the controls in place to protect sensitive data, including Federal contract information and Controlled Unclassified Information (CUI). The Department of Defense put these measures in place in furtherance of… Continue Reading

Countdown to New Year’s Day and the CCPA

The California Consumer Privacy Act (CCPA) becomes effective on January 1, 2020. We are counting down 10 practical measures you can take to begin down the path for CCPA compliance: 10. Determine whether your business must comply with the CCPA.
  • You must comply with the CCPA if:
    • You are a for-profit entity with over $25 million in gross revenues that conducts business in the state of California and collect the personal information of California residents
    • You annually buy, receive for the business’ commercial purposes, sell,
Continue Reading

Potential Changes to North Carolina Cybersecurity Law

As we continue to see substantial changes in the area of cybersecurity law across the United States as well as globally, North Carolina has undertaken preliminary steps to expand on its current laws within the state. On April 16, 2019, the North Carolina House of Representatives introduced a bipartisan bill to amend North Carolina’s Identity Theft Protection Act. The bill passed its first reading and was referred to committee. The proposed bill contains numerous changes that will affect how cybersecurity is handled in North… Continue Reading

NSA Launches Cybersecurity Directorate to Combat Cyber Attacks on Government and Private Sector Systems

The National Security Agency (NSA) has established a Cybersecurity Directorate that “unifies NSA’s foreign intelligence and cyber defense missions” to more closely align its offensive and defensive operations. The directorate, operating as of October 1, 2019 will help contribute to the NSA’s defensive mission to protect digital systems. It will focus initially on the defense industrial base and weapon security improvement.  The increased focus on cybersecurity comes in the wake of a 56-page report by the National Security Telecommunications Advisory Committee warning that the United… Continue Reading

The Push for a National Data Privacy Law Continues as Tech Giants Write to Congress

On September 10, 2019, 51 companies from the Business Roundtable joined together to send a letter to House and Senate leadership asking them to pass “a comprehensive data privacy law that strengthens protections for consumers and establishes a national privacy framework to enable continued innovation and growth in the digital economy.” The companies included, among others, Amazon, IBM, AT&T, Chubb, and Marriot International, Inc. Signatures from Facebook CEO Mark Zuckerberg and Apple CEO Tim Cook were notably absent, although both have, in the past, supported… Continue Reading

Another Month, Another Major Data Breach – This Time at Capital One

Capital One Financial Corp., the fifth largest United States credit card issuer, announced on July 29, 2019 that a data breach exposed approximately 140,000 Social  Security numbers and about 80,000 linked bank account numbers – impacting nearly 100 million U.S. residents and 6 million Canadian residents. The breach also included other personal information like names, addresses, postal codes, phone numbers, email addresses, dates of birth and self-reported income, credit scores, credit limits, balances, payment history, contact information and fragments of transaction data from a total… Continue Reading

Internet of Things Cybersecurity Improvement Act

On January 1, 2020, California’s “Security of Connected Devices” law (Senate Bill No. 327), which was enacted in 2018, will require companies that manufacture any device that connects “directly or indirectly” to the Internet that is sold in California to incorporate within the device “a reasonable security feature or features.” What constitutes as a “reasonable security feature” is largely undefined, but if the device is capable of authentication outside of a local area network (LAN), then the security will be deemed reasonable if a preprogrammed… Continue Reading

Considering Legal Privileges in the Cybersecurity Context

Any organization that is cognizant of its cybersecurity obligations faces a fundamental problem: the greater the effort to increase security, the greater the number of documents generated, memorializing those efforts. Those documents could be discoverable in the event of litigation. The law of privilege in the context of pre-breach planning, including application of the attorney-client relationship to third-party technology vendors and security engineers, remains largely uncharted. The thought leaders at The Sedona Conference are taking steps to help frame the dialogue and set the stage… Continue Reading

Everybody’s Buying Cyber… Why Aren’t You?

A recent market survey shows companies are getting the message that purchasing cyberinsurance is a corporate imperative today. According to a recent AM Best Market Segment Report, direct premiums written for U.S. cyberinsurance policies from 2015 to 2018 have doubled to $2 billion. Three million cyberinsurance policies were in force in 2018, an increase from 2.6 million in 2017. Admittedly, premium growth has slowed to 12.6 percent in 2018, although that may be due in part to the number of companies using captives for their… Continue Reading

Cryptocurrency Theft is on the Rise

According to a recent study, losses from theft, fraud, and misappropriation of cryptocurrency increased to $1.2 billion worldwide in the first quarter of 2019, which is already 70 percent of all such activity from 2018.  In fact, it was  reported that hackers used phishing, viruses, and other techniques to steal $41 million in cryptocurrency from Binance, one of the world’s largest cryptocurrency exchanges. This is on the heels of an announcement by Fidelity Investments that it will soon buy bitcoin and sell bitcoin for institutional… Continue Reading