SEC Recommendations to Protect Against Cybersecurity Threats
March 09, 2020 —
Shaia Araghi and Jeffrey Dennis – Newmeyer DillionWhat Happened?
The Securities and Exchange Commission's Office of Compliance Inspections and Examinations ("OCIE") issued a detailed
report on January 27, 2020 regarding various ways for organizations to safeguard data and protect against security and data breaches. Cyber threat actors are now invading data in a more sophisticated manner than ever before, and implementation of the SEC's recommended practices are essential in order to protect from outside vulnerabilities.
What is at Risk?
If market participants fail to implement these recommended policies, they will become more vulnerable to external attacks and data breaches. This can weaken an organization or firm if all employees are not properly trained and informed of the increasing dangers of cybersecurity breaches.
What Can You Do to Protect Yourself from a Cybersecurity Threat?
1.
Governance and Risk Management. Senior leaders should make efforts to improve the cyber safety at their organization. Some of these efforts may include:
- Devote attention to overseeing the organization's cybersecurity and resilience programs;
- Develop a risk assessment process to identify and mitigate cybersecurity risks to the organization;
- Adopt and implement policies and procedures regarding these risks;
- Promptly respond and adapt to changes by updating policies and procedures when necessary; and
- Establish communication policies and procedures to provide timely information to customers, employees, and others when needed.
2.
Access Rights and Controls. Implement updated controls to determine appropriate users for organization systems, limit access as appropriate to authorized users (including the set-up of multi-factor authentication) and monitor user access.
3.
Data Loss Prevention. OCIE has recommended various important data loss prevention measures for organizations:
- Establish a vulnerability management program;
- Implement capabilities that can monitor network traffic and detect threats on endpoints;
- Establish a patch management program covering all software and hardware;
- Maintain an inventory of hardware and software assets;
- Encrypt data and implement network segmentation;
- Create an insider threat program to monitor any suspicious behaviors; and
- Secure legacy systems and equipment through disposal of sensitive information from hardware and software and by reassessing vulnerability and risk assessments.
4.
Mobile Security. Establish policies and procedures for mobile device use, manage use of mobile devices through a mobile device management application, implement security measures for internal and external users, and train employees on mobile device policies and effective practices.
5.
Incident Response and Resiliency. Detect and disclose material information regarding incidents in a timely manner and assess appropriateness of corrective actions taken in response to incidents. Organizations should develop a plan if an incident occurs, address applicable reporting requirements, assign staff to execute specific areas of the plan, and test and assess the plan. In the event that a data breach occurs, an organization should improve its resiliency by maintaining an inventory of core business services and prioritizing business operations based on an assessment of risks.
6.
Vendor Management. Establish a vendor management program to ensure that vendors meet your organization's security requirements. Organizations should aim to understand all contract terms with vendors to ensure that all parties are in agreement regarding risk and security. Organizations should also monitor third-party vendors and ensure that the vendor continues to meet the organization's security requirements.
7.
Training and Awareness. Train staff to implement cybersecurity policies of the organization. Organizations should provide cybersecurity and resiliency training and re-evaluate the effectiveness of training procedures.
A Final Reminder for Organizations
Organizations should strive to implement as many of the SEC's recommended protection measures as possible. Ensuring that senior members of an organization are leading the initiative in increased awareness about cybersecurity threats through training of employees will lead to greater cyber safety for the overall organization. Although prevention of all breaches cannot be guaranteed, developing data loss prevention plans to keep the organization and its core businesses safe from attack will benefit the entire organization.
How We Can Help
If you feel that your business falls below the SEC's recommended security measures, our firm can assist with compliance. Contact us for a free initial consultation to determine a reasonable and practical way for your business to become compliant with these guidelines.
Shaia Araghi is an associate in the firm's Privacy & Data Security, and supports the team in advising clients on cyber-related matters, including compliance and prevention that can protect their day-to-day operations. For more information on how Shaia can help, contact her at shaia.araghi@ndlf.com.
Jeff Dennis (CIPP/US) is the Head of the firm's Privacy & Data Security practice. Jeff works with the firm's clients on cyber-related issues, including contractual and insurance opportunities to lessen their risk. For more information on how Jeff can help, contact him at jeff.dennis@ndlf.com.
About Newmeyer Dillion
For 35 years, Newmeyer Dillion has delivered creative and outstanding legal solutions and trial results that achieve client objectives in diverse industries. With over 70 attorneys working as a cohesive team to represent clients in all aspects of business, employment, real estate, environmental/land use, privacy & data security and insurance law, Newmeyer Dillion delivers holistic and integrated legal services tailored to propel each client's success and bottom line. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California and Nevada, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.newmeyerdillion.com.
Read the court decisionRead the full story...Reprinted courtesy of
Building and Landscape Standards Enacted in Response to the Governor's Mandatory Water Restrictions Dealing with the Drought and Possible Effects of El Niño
January 06, 2016 —
Clayton T. Tanaka – Newmeyer & Dillion, LLPEarlier this year, with California facing one of the most severe droughts on record, Governor Edmund G. Brown, Jr. issued Executive Order B-29-15 (the “Executive Order”) aimed at conserving water supplies and reducing water waste throughout the State of California. For the first time in California’s history, this Executive Order directed state agencies to implement immediate measures to save water, increase enforcement against water waste, invest in new technologies, and streamline government response to ongoing drought conditions.
In response, various state agencies proposed emergency changes to existing building and landscape standards in the California Green Building Standards Code (California Code of Regulations, title 24, part 11) (“CALGreen”) and the Model Water Efficient Landscape Ordinance (California Code of Regulations, title 23, part 11) (“Model Ordinance”) pertaining to the use of potable water. In July, the California Building Standards Commission and the California Water Commission adopted the proposed changes after public review and comment.
Read the court decisionRead the full story...Reprinted courtesy of
Clayton T. Tanaka, Newmeyer & Dillion, LLPMr. Tanaka may be contacted at
clay.tanaka@ndlf.com
9th Circuit Plumbs Through the Federal and State False Claims Acts
January 16, 2024 —
Garret Murai - California Construction Law BlogYou may have heard of the False Claims Act and know that it penalizes companies and individuals in contract with the government who present false claims. The federal False Claims Act was signed into law by President Abraham Lincoln in 1863 to penalize profiteers during the Civil War who were selling the Union Army moth eaten blankets, boxes of sawdust instead of guns, and sometimes re-selling the Army calvary horses several times over. Since then, many states, including California, as well as municipalities, have enacted their own false claim statutes.
As currently written, the federal False Claims Act provides for statutory penalties against any person who:
- “[K]nowingly presents, or causes to be presented, a false or fraudulent claim for payment or approval”;
- “[K]nowingly makes, uses or causes to be made or used, a false record or statement material to a false or fraudulent claim”;
- “[H]as possession, custody, or control of property or money used, or to be used, by the Government an knowingly delivers, or causes to be delivered, less than all of that money or property”;
Read the court decisionRead the full story...Reprinted courtesy of
Garret Murai, Nomos LLPMr. Murai may be contacted at
gmurai@nomosllp.com
A New Lawsuit Might Change the Real Estate Industry Forever
December 23, 2023 —
Tracy Alloway, Joe Weisenthal, and Aashna Shah - BloombergLast month, a Missouri jury found that real estate brokers colluded to artificially inflate and fix their own commissions, and as a result, ordered the National Association of Realtors to pay $1.8 billion in damages. While the ruling will be appealed, with highly uncertain damages and remedies, the case is shining a light on how participants in the real estate industry get paid, and raising the question of whether homebuyers are paying too much to their brokers. So how do brokers get paid? What are their incentives? And why haven't fees for brokers gone down, even as online platforms that compete with them have proliferated. On this episode of the podcast, we speak with Andra Ghent, a finance professor at the University of Utah and a specialist in real estate who explains how the structure works currently, and how the lawsuit could ultimately change the entire business model of buying and selling homes. This transcript has been lightly edited for clarity.
Reprinted courtesy of
Tracy Alloway, Bloomberg,
Joe Weisenthal, Bloomberg and
Aashna Shah, Bloomberg Read the court decisionRead the full story...Reprinted courtesy of
Bad News for Buyers: U.S. Mortgage Rates Hit Highest Since 2014
February 22, 2018 —
Prashant Gopal – BloombergShanne Sleder, a San Diego mortgage banker, recently had to break the bad news to some would-be homebuyers: Borrowing costs jumped about 6 percent since he pre-approved them a couple months ago.
Read the court decisionRead the full story...Reprinted courtesy of
Prashant Gopal, Bloomberg
Revamp to Nationwide Permits Impacting Oil and Gas Pipeline, Utility and Telecom Line Work
March 29, 2021 —
Alex P. Prochaska, Jones Walker LLP - ConsensusDocsTo avoid delay costs and penalties, contractors involved in pipeline and utilities construction maintenance, repair and removal need to understand how the 43 year old Nationwide Permit (NWP) regime has changed specific to the NWP 12 and what is now required for compliance. This change is important for contractors who construct, maintain, or repair pipelines that cross or impact waters of the United States, including wetlands. NWPs are a useful tool to streamline construction of a pipeline project, but it is important for contractors to know when certain terms and conditions still apply to the particular NWP and those that have been eliminated.
On January 13, 2021, the United States Army Corps of Engineers (the Corps) published a final rule that reissued and modified twelve existing NWPs and issued four new NWPs that will take effect on March 15, 2021.1 The remaining 40 NWPs that were not reissued or modified under this rule will continue under the general conditions and definitions of the January 6, 2017 final rule.
Read the court decisionRead the full story...Reprinted courtesy of
Alex P. Prochaska, Jones Walker LLPMr. Prochaska may be contacted at
aprochaska@joneswalker.com
Collapse Claim Dismissed
December 04, 2018 —
Tred R. Eyerly - Insurance Law HawaiiThe complaint alleged collapse, but the claimed cause of the collapse was not a covered cause under the insured's policy, mandating a dismissal of the complaint. Coonce v. CSSA Fire & Cas. Ins. Co., 2018 U.S. App. LEXIS 25010 (10th Cir. Sept. 4, 2018).
The ceiling in the insured's living and dining areas caved in. An engineering survey determined that the nails used in the construction had failed to hold. The insured made a claim on her policy issued by CSAA. Coverage was denied and the insured sued.
The insured was given two opportunities to amend her complaint by the district court, but the motion to dismiss for failure to state a claim was eventually granted.
Read the court decisionRead the full story...Reprinted courtesy of
Tred R. Eyerly, Damon Key Leong Kupchak HastertMr. Eyerly may be contacted at
te@hawaiilawyer.com
Playing Hot Potato: Indemnity Strikes Again
September 17, 2015 —
Garret Murai – California Construction Law BlogIndemnity can be like playing hot potato (for those of you closer to the Minecraft generation, in the game of hot potato, a metaphoric “hot potato” is tossed between (ahem amongst) players while music is playing, and when the music stops, the player holding the hot potato is out. It’s a barrel of monkeys, trust me.).
Anyway, like hot potato, with indemnity an owner typically requires its general contractor to indemnify the owner (sometimes the property owner in TI projects and occasionally design professionals) from and against any and all claims arising out of, related to . . . blah, blah, blah . . . the general contractor’s scope of work . A general contractor in turn will usually require indemnity from its subcontractors. And subcontractors will require indemnity from their sub-subcontractors. And down the line it goes with each party pointing their finger at the next party down the proverbial “food chain.”
But it doesn’t always happen that way as the next case, American Title Insurance Company v. Spanish Inn, Case No D067137, California Court of Appeals for the Fourth District (August 14, 2015), illustrates.
Read the court decisionRead the full story...Reprinted courtesy of
Garret Murai, Wendel Rosen Black & Dean LLPMr. Murai may be contacted at
gmurai@wendel.com