SEC Recommendations to Protect Against Cybersecurity Threats
March 09, 2020 —
Shaia Araghi and Jeffrey Dennis – Newmeyer DillionWhat Happened?
The Securities and Exchange Commission's Office of Compliance Inspections and Examinations ("OCIE") issued a detailed
report on January 27, 2020 regarding various ways for organizations to safeguard data and protect against security and data breaches. Cyber threat actors are now invading data in a more sophisticated manner than ever before, and implementation of the SEC's recommended practices are essential in order to protect from outside vulnerabilities.
What is at Risk?
If market participants fail to implement these recommended policies, they will become more vulnerable to external attacks and data breaches. This can weaken an organization or firm if all employees are not properly trained and informed of the increasing dangers of cybersecurity breaches.
What Can You Do to Protect Yourself from a Cybersecurity Threat?
1.
Governance and Risk Management. Senior leaders should make efforts to improve the cyber safety at their organization. Some of these efforts may include:
- Devote attention to overseeing the organization's cybersecurity and resilience programs;
- Develop a risk assessment process to identify and mitigate cybersecurity risks to the organization;
- Adopt and implement policies and procedures regarding these risks;
- Promptly respond and adapt to changes by updating policies and procedures when necessary; and
- Establish communication policies and procedures to provide timely information to customers, employees, and others when needed.
2.
Access Rights and Controls. Implement updated controls to determine appropriate users for organization systems, limit access as appropriate to authorized users (including the set-up of multi-factor authentication) and monitor user access.
3.
Data Loss Prevention. OCIE has recommended various important data loss prevention measures for organizations:
- Establish a vulnerability management program;
- Implement capabilities that can monitor network traffic and detect threats on endpoints;
- Establish a patch management program covering all software and hardware;
- Maintain an inventory of hardware and software assets;
- Encrypt data and implement network segmentation;
- Create an insider threat program to monitor any suspicious behaviors; and
- Secure legacy systems and equipment through disposal of sensitive information from hardware and software and by reassessing vulnerability and risk assessments.
4.
Mobile Security. Establish policies and procedures for mobile device use, manage use of mobile devices through a mobile device management application, implement security measures for internal and external users, and train employees on mobile device policies and effective practices.
5.
Incident Response and Resiliency. Detect and disclose material information regarding incidents in a timely manner and assess appropriateness of corrective actions taken in response to incidents. Organizations should develop a plan if an incident occurs, address applicable reporting requirements, assign staff to execute specific areas of the plan, and test and assess the plan. In the event that a data breach occurs, an organization should improve its resiliency by maintaining an inventory of core business services and prioritizing business operations based on an assessment of risks.
6.
Vendor Management. Establish a vendor management program to ensure that vendors meet your organization's security requirements. Organizations should aim to understand all contract terms with vendors to ensure that all parties are in agreement regarding risk and security. Organizations should also monitor third-party vendors and ensure that the vendor continues to meet the organization's security requirements.
7.
Training and Awareness. Train staff to implement cybersecurity policies of the organization. Organizations should provide cybersecurity and resiliency training and re-evaluate the effectiveness of training procedures.
A Final Reminder for Organizations
Organizations should strive to implement as many of the SEC's recommended protection measures as possible. Ensuring that senior members of an organization are leading the initiative in increased awareness about cybersecurity threats through training of employees will lead to greater cyber safety for the overall organization. Although prevention of all breaches cannot be guaranteed, developing data loss prevention plans to keep the organization and its core businesses safe from attack will benefit the entire organization.
How We Can Help
If you feel that your business falls below the SEC's recommended security measures, our firm can assist with compliance. Contact us for a free initial consultation to determine a reasonable and practical way for your business to become compliant with these guidelines.
Shaia Araghi is an associate in the firm's Privacy & Data Security, and supports the team in advising clients on cyber-related matters, including compliance and prevention that can protect their day-to-day operations. For more information on how Shaia can help, contact her at shaia.araghi@ndlf.com.
Jeff Dennis (CIPP/US) is the Head of the firm's Privacy & Data Security practice. Jeff works with the firm's clients on cyber-related issues, including contractual and insurance opportunities to lessen their risk. For more information on how Jeff can help, contact him at jeff.dennis@ndlf.com.
About Newmeyer Dillion
For 35 years, Newmeyer Dillion has delivered creative and outstanding legal solutions and trial results that achieve client objectives in diverse industries. With over 70 attorneys working as a cohesive team to represent clients in all aspects of business, employment, real estate, environmental/land use, privacy & data security and insurance law, Newmeyer Dillion delivers holistic and integrated legal services tailored to propel each client's success and bottom line. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California and Nevada, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.newmeyerdillion.com.
Read the court decisionRead the full story...Reprinted courtesy of
Insurer Beware: Failure to Defend Ends with Hefty Verdict
June 01, 2011 —
Douglas Reiser, Builders Council BlogServed with a lawsuit that you turned over to your insurer? Insurer refusing to defend you? Well, find some hope in this news. Washington’s IFCA has the claws to ensure that insurers perform their duties.
Contractors heavily rely on the defense provisions of their Commercial General Liability (CGL) policies. In construction, a legal dispute can easily rear its head when you least expect it. Luckily, Washington registered contractors are required to maintain CGL insurance. That insurance often provides contractors with adequate legal defense in the event that they are sued.
But, what if your insurer turns down the defense request? They might be staring at massive damages. A current Reiser Legal client, Australia Unlimited, Inc., recently won a large verdict against Hartford Insurance, after the insurer unreasonably denied their claim. The firm who represented Australia Unlimited Inc. in that case, Hackett Beecher and Hart, were successful in procuring a $5.43 Million verdict
Read the full story…
Reprinted courtesy of Douglas Reiser of Reiser Legal LLC. Mr. Reiser can be contacted at info@reiserlegal.com
Read the court decisionRead the full story...Reprinted courtesy of
Insurer's Motion for Summary Judgment in Collapse Case Denied
November 10, 2016 —
Tred R. Eyerly – Insurance Law HawaiiThe court denied the insurer's motion for summary judgment seeking to establish it did not breach the policy when denying coverage for the collapse of basement walls. Belz v. Peerless Ins. Co., 2016 U.S. Dist. LEXIS 118900 (D. Conn. Sept. 2, 2016).
The Belzes purchased their home in 2001. Prior to the purchase, they were aware of notable cracking in the basement walls. An engineer was hired to inspect the cracking and determined the cracks did not threaten the structural integrity of the home.
Read the court decisionRead the full story...Reprinted courtesy of
Tred R. Eyerly, Insurance Law HawaiiMr. Eyerly may be contacted at
te@hawaiilawyer.com
Staffing Company Not Entitled to Make a Claim Against a Payment Bond and Attorneys’ Fees on State Public Works Payment Bonds
August 12, 2024 —
Garret Murai - California Construction Law BlogIt’s not quite Baskin Robbin’s “31 Flavors” but the panoply of statutory construction payment remedies available to contractors, subcontractor and material suppliers in California, from mechanics liens to stop payment notices to payment bond claims, can be tempting to reach for when you are not paid. However, some flavors are more readily available than others, as a staffing agency discovered in
K & S Staffing Solutions, Inc. v. The Western Surety Company, Case Nos. C096705 and C097987 (January 2, 2024).
The K & S Staffing Case
The California Department of Transportation awarded VSS International, Inc. two public works construction contracts for road maintenance. Each involved an expenditure of over $25,000 and VSSI obtained a payment bond from Western Surety Company.
Titan DVBE Inc. was a subcontractor on both projects. For most years, Titan employed its own workers. However, when it learned that its insurance carrier would no longer be offering workers’ compensation insurance in California it switched to K & S Staffing Solutions, Inc. to fulfill its staffing needs.
Read the court decisionRead the full story...Reprinted courtesy of
Garret Murai, Nomos LLPMr. Murai may be contacted at
gmurai@nomosllp.com
Heatup of Giant DOE Nuclear Waste Melter Succeeds After 2022 Halt
August 21, 2023 —
Tim Newcomb - Engineering News-RecordBefore 56 million gallons of long-stored radioactive waste at the federal Hanford nuclear waste site in Washington state can be turned into vitrified glass for disposal beginning in 2024, crews from the U.S. Energy Dept and Bechtel National that built and are commissioning the site's giant waste vitrification plant need to heat up its two 300-ton melters, the world's largest, to 2,100° F.
Reprinted courtesy of
Tim Newcomb, Engineering News-Record
ENR may be contacted at enr@enr.com
Read the full story... Read the court decisionRead the full story...Reprinted courtesy of
Hail Damage Requires Replacement of Even Undamaged Siding
February 05, 2015 —
Tred R. Eyerly – Insurance Law HawaiiIn a dispute over the property policy's requirement that lost or damaged property be repaired or replaced, the Minnesota Supreme Court held that the policy language called for replacement of undamaged siding panels to obtain a color match. Cedar Bluff Townhome Condominium Ass'n, Inc. v. Am. Family Mut. Ins. Co., 2014 Minn. LEXIS 661 (Minn. Dec. 17, 2014).
During a hail storm, all 20 of Cedar Bluff's buildings sustained some damage. The roofs on all of the buildings needed to be replaced, and at least one siding panel on each building sustained damage. Eleven of the 20 buildings had three or fewer damaged panels. At the time of the hail storm, the siding was approximately 11 years old, and the color of the panels had faded. Replacement panels were available, but not in the same color.
Cedar Bluff submitted a claim under its business owners' policy to American Family. The policy obligated the insurer to pay for "direct physical loss of or damage to Covered Property at the premises . . . caused by or resulting from any Covered Cause of Loss." "Covered Property" was broadly defined in the policy to include buildings at the premises.
Read the court decisionRead the full story...Reprinted courtesy of
Tred R. Eyerly, Insurance Law HawaiiMr. Eyerly may be contacted at
te@hawaiilawyer.com
Can General Contractors Make Subcontractors Pay for OSHA Violations?
March 05, 2015 —
Craig Martin – Construction Contractor AdvisorOSHA has long held the opinion that general contractors may be held liable for subcontractor’s OSHA violations and the Eighth Circuit Court of Appeals, overseeing the Midwest, has agreed since 2009. To combat this risk, general contractors would be well served to incorporate targeted indemnity provisions into their subcontracts that require subcontractors to pay for all claims and costs associated with subcontractor caused OSHA violations.
OSHA’s Multi-Employer Policy
OSHA’s Multi-Employer Policy, a/k/a OSHA Instruction CPL 02-00-124, allows OSHA to cite multiple employers at a single worksite for creating a hazard, or for failing to prevent or correct a hazard, even if their own workers are not exposed to the hazard. A ‘‘controlling’’ or ‘‘correcting’’ employer is liable for hazards that it did not take ‘‘reasonable care’’ to detect and prevent.
Read the court decisionRead the full story...Reprinted courtesy of
Craig Martin, Lamson, Dugan and Murray, LLPMr. Martin may be contacted at
cmartin@ldmlaw.com
Consumer Protections for California Residential Solar Energy Systems
September 25, 2018 —
Robert A. James & Alexandra Brandt - Gravel2Gavel Construction & Real Estate BlogIt was already the case that in order to offer to install California residential solar energy systems, a contractor must be licensed by the California Contractors State License Board (CSLB) and must hold an appropriate specialty classification. Under AB 1070 enacted late last year (Chapter 662, Statutes of 2017), special consumer protections are being deployed for the benefit of homeowners. Those protections are steadily rolling out.
Step one is the requirement of new Business & Professions Code (B&P Code) Section 7169 that, as of January 1, 2019, a disclosure document must be provided to consumers prior to sale and included on page 1 of the sale contract. The initial version of this document, which was developed by the CSLB and endorsed on August 23, 2018 by the California Public Utilities Commission (CPUC), is available here. The disclosure requirement doesn’t apply to systems included in new home construction.
Reprinted courtesy of
Robert A. James, Pillsbury and
Alexandra Brandt, Pillsbury
Mr. James may be contacted at rob.james@pillsburylaw.com
Ms. Brandt may be contacted at alexandra.brandt@pillsburylaw.com
Read the court decisionRead the full story...Reprinted courtesy of