LATEST INSIGHTS

Cyber Risk / Cybersecurity / Legislation

Congress Continues to Grapple with Election Interference

The Secure Elections Act may be back on the table once again. The bipartisan bill was introduced “to protect the administration of Federal elections against cybersecurity Threats.” In large part, the bill was intended to combat concerns that Russia and other state and private actors could exploit vulnerabilities in backend election systems, including voter registration databases, ballot creation systems, election voting services, voting machine configuration systems, absentee processing and reporting and tabulation software. The bill’s sponsors hope to pass a version of the… Continue Reading
Cyber Risk / Regulation

GAO Report on Cybersecurity Provides Useful Strategies for Federal Agencies and Private Industry

The Government Accountability Office (GAO) recently published another report in its High-Risk Series detailing the major cybersecurity challenges facing the federal government and outlines key strategic elements to address those challenges. While the report focuses on issues pertaining to federal agencies, several of the observations, and recommendations are also applicable to private businesses. To start, the report details five key elements that are needed to make progress in addressing cyber threats: 1) Leadership Commitment; 2) Capacity; 3) Action Plan; 4) Monitoring; and 5) Demonstrated Progress.… Continue Reading
Regulation

The FTC Gang’s All Here, Part III

As we noted in a previous post, the United States Senate has confirmed five new commissioners, bringing a full complement to the Federal Trade Commission (FTC). Four of those commissioners have taken their seats, with the fifth likely to join in the Fall. Here we will provide the biographies of the last two commissioners (based on seniority).  We have already discussed the other three new commissioners. Commissioner Rebecca Kelly Slaughter – Commissioner Slaughter was sworn in in May 2018. She comes to the… Continue Reading
Cyber Attacks

Health Care Organizations Seek Regulatory Changes To Improve Access To Cybersecurity Tools

Cybersecurity presents thorny problems specific to healthcare organizations. Not only are their protection of personal health information strictly regulated by the HIPAA and HITECH laws, but such organizations are also more frequently the targets of cyberattacks due in part to the highly personal information collected by such organizations, and in part due to the relative lack of resources available to battle cyber-threats. One set of healthcare regulations not directly related to cybersecurity, the Stark anti-kickback law, has potentially hindered healthcare organizations in adapting to an… Continue Reading
Cybersecurity

Cyber Survey Underscores Perspective of In-House Lawyers

In May, the Association of Corporate Counsel (ACC) Foundation released its “State of Cybersecurity Report: An In-House Perspective,” This report conveys the results of the organization’s far-ranging survey on this topic. In addition to the statistics elicited from 617 in-house lawyers (based in 33 countries), the report also includes many comments from the respondents. This report is full of interesting statistics.  Some of the highlights include:
  • One in three respondents indicated that either their current company or a previous employer had experienced a
Continue Reading
Cybersecurity

Why Not Cyberinsurance?

A July 2018 Market Watch Survey by the Council of Insurance Agent & Brokers revealed that only 32 percent of respondents purchased some form of cyber coverage in the past six months. And, 70 percent of U.S. healthcare firms have elected against carrying cyberinsurance. Incredible, right? With reports that cyberattacks affect businesses of all types, sizes, geographies, and industries, no business should prepare to shoulder the entire load should it suffer a breach.This is especially so, as evidence mounts that hackers can cause property Continue Reading
Cybersecurity

Embracing Data Security Can Avoid Penalties, and Gain Consumer Trust

The European Union’s (EU) General Data Protection Regulation (GDPR) is now in force, governing data protection and privacy for all individuals within the EU. Attorneys in Goldberg Segalla’s Cybersecurity and Data Privacy Group compiled a white paper to answer frequently asked questions and offer practical guidance related to the GDPR, which can be found here. Multinational firms based in the US with a presence in the EU, including restaurant chains, have (or should have) implemented policies to comply with the GDPR, and avoid the… Continue Reading
Cybersecurity

It’s OK to Cry Over Spilled Credentials

From a young age, we are taught not to cry over spilled milk. We inevitably come to learn that this euphemism is generally intended to have a broader application than dairy beverages, and also learn that crying is sometimes an acceptable response so long as it is followed by a corrective action. It follows that spilled credentials may warrant some tears, but a recent study by Shape Security suggests that there currently is no comprehensive solution to address this problem. We are not to suggesting… Continue Reading
Cybersecurity / Regulation

Compliance Deadline Approaching for NY Cybersecurity Regulation

A key compliance date for the NY Cybersecurity Regulation is quickly approaching. September 4, 2018 will serve as the third key implementation date for individuals and companies (Covered Entities) governed by New York’s Cybersecurity Requirements for Financial Services Companies (23 NYCRR Part 500). Unless the Covered Entity qualifies for one of the exemptions under 23 NYCRR 500.19, by September 4, all Covered Entities must have completed the following*:
  • create and maintain systems that can reconstruct material financial transactions to support and maintain the obligations of
Continue Reading
Cybersecurity

Encouraging Greetings from BlackHat USA 2018: the world’s leading information security event in Las Vegas, Nevada

As this author, and 10,000+ other attendees were reminded yesterday at Day One of the BlackHat USA 2018 conference in Las Vegas, Nevada, cybersecurity (and data protection) has extended beyond a technical issue to encompass one of the most pressing social and political problems in the world today. For those technical specialists who create, maintain and secure the digital space in which we not only conduct business, but also live a significant portion of our lives, the message was clear: only by collaborating with other… Continue Reading