SEC Recommendations to Protect Against Cybersecurity Threats
March 09, 2020 —
Shaia Araghi and Jeffrey Dennis – Newmeyer DillionWhat Happened?
The Securities and Exchange Commission's Office of Compliance Inspections and Examinations ("OCIE") issued a detailed
report on January 27, 2020 regarding various ways for organizations to safeguard data and protect against security and data breaches. Cyber threat actors are now invading data in a more sophisticated manner than ever before, and implementation of the SEC's recommended practices are essential in order to protect from outside vulnerabilities.
What is at Risk?
If market participants fail to implement these recommended policies, they will become more vulnerable to external attacks and data breaches. This can weaken an organization or firm if all employees are not properly trained and informed of the increasing dangers of cybersecurity breaches.
What Can You Do to Protect Yourself from a Cybersecurity Threat?
1.
Governance and Risk Management. Senior leaders should make efforts to improve the cyber safety at their organization. Some of these efforts may include:
- Devote attention to overseeing the organization's cybersecurity and resilience programs;
- Develop a risk assessment process to identify and mitigate cybersecurity risks to the organization;
- Adopt and implement policies and procedures regarding these risks;
- Promptly respond and adapt to changes by updating policies and procedures when necessary; and
- Establish communication policies and procedures to provide timely information to customers, employees, and others when needed.
2.
Access Rights and Controls. Implement updated controls to determine appropriate users for organization systems, limit access as appropriate to authorized users (including the set-up of multi-factor authentication) and monitor user access.
3.
Data Loss Prevention. OCIE has recommended various important data loss prevention measures for organizations:
- Establish a vulnerability management program;
- Implement capabilities that can monitor network traffic and detect threats on endpoints;
- Establish a patch management program covering all software and hardware;
- Maintain an inventory of hardware and software assets;
- Encrypt data and implement network segmentation;
- Create an insider threat program to monitor any suspicious behaviors; and
- Secure legacy systems and equipment through disposal of sensitive information from hardware and software and by reassessing vulnerability and risk assessments.
4.
Mobile Security. Establish policies and procedures for mobile device use, manage use of mobile devices through a mobile device management application, implement security measures for internal and external users, and train employees on mobile device policies and effective practices.
5.
Incident Response and Resiliency. Detect and disclose material information regarding incidents in a timely manner and assess appropriateness of corrective actions taken in response to incidents. Organizations should develop a plan if an incident occurs, address applicable reporting requirements, assign staff to execute specific areas of the plan, and test and assess the plan. In the event that a data breach occurs, an organization should improve its resiliency by maintaining an inventory of core business services and prioritizing business operations based on an assessment of risks.
6.
Vendor Management. Establish a vendor management program to ensure that vendors meet your organization's security requirements. Organizations should aim to understand all contract terms with vendors to ensure that all parties are in agreement regarding risk and security. Organizations should also monitor third-party vendors and ensure that the vendor continues to meet the organization's security requirements.
7.
Training and Awareness. Train staff to implement cybersecurity policies of the organization. Organizations should provide cybersecurity and resiliency training and re-evaluate the effectiveness of training procedures.
A Final Reminder for Organizations
Organizations should strive to implement as many of the SEC's recommended protection measures as possible. Ensuring that senior members of an organization are leading the initiative in increased awareness about cybersecurity threats through training of employees will lead to greater cyber safety for the overall organization. Although prevention of all breaches cannot be guaranteed, developing data loss prevention plans to keep the organization and its core businesses safe from attack will benefit the entire organization.
How We Can Help
If you feel that your business falls below the SEC's recommended security measures, our firm can assist with compliance. Contact us for a free initial consultation to determine a reasonable and practical way for your business to become compliant with these guidelines.
Shaia Araghi is an associate in the firm's Privacy & Data Security, and supports the team in advising clients on cyber-related matters, including compliance and prevention that can protect their day-to-day operations. For more information on how Shaia can help, contact her at shaia.araghi@ndlf.com.
Jeff Dennis (CIPP/US) is the Head of the firm's Privacy & Data Security practice. Jeff works with the firm's clients on cyber-related issues, including contractual and insurance opportunities to lessen their risk. For more information on how Jeff can help, contact him at jeff.dennis@ndlf.com.
About Newmeyer Dillion
For 35 years, Newmeyer Dillion has delivered creative and outstanding legal solutions and trial results that achieve client objectives in diverse industries. With over 70 attorneys working as a cohesive team to represent clients in all aspects of business, employment, real estate, environmental/land use, privacy & data security and insurance law, Newmeyer Dillion delivers holistic and integrated legal services tailored to propel each client's success and bottom line. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California and Nevada, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.newmeyerdillion.com.
Read the court decisionRead the full story...Reprinted courtesy of
Cal/OSHA-Approved Changes to ETS Will Take Effect May 6, 2022
May 16, 2022 —
Matthew C. Lewis & Nicole R. Kardassakis - Payne & FearsA new, third revised version of the Cal/OSHA COVID-19 Prevention Emergency Temporary Standards (“ETS”) has been approved by Cal/OSHA, and is expected to go into effect on May 6, 2022. This updated ETS will likely be in effect through Dec. 31, 2022.
The language still needs to be reviewed, finalized, and filed with the Secretary of State by the Office of Administrative Law, but a redline of the proposed changes that Cal/OSHA has approved is available here. Much of the previous ETS (which took effect in January 2022, and we discussed here) will remain in effect. But the new version includes some key changes, including the following:
- Employers will now have similar obligations toward employees who are fully vaccinated and employees who are not fully vaccinated with respect to testing and face coverings. Employers must make COVID-19 testing available at no cost to all symptomatic employees during the employee’s paid time, regardless of the employee’s vaccination status. Employers also must make respirators available to all employees upon request, again regardless of the employee’s vaccination status.
Reprinted courtesy of
Matthew C. Lewis, Payne & Fears and
Nicole R. Kardassakis, Payne & Fears
Mr. Lewis may be contacted at mcl@paynefears.com
Ms. Kardassakis may be contacted at nrk@paynefears.com
Read the court decisionRead the full story...Reprinted courtesy of
Illinois Appellate Court Address the Scope of the Term “Resident” in Homeowners Policy
April 11, 2022 —
James M. Eastham - Traub LiebermanIn Farmers Ins. Exch. v. Cheekati, 2022 IL App (4th) 210023, the 4th District Court of Appeals for the State of Illinois addressed whether the term “resident” in a homeowners policy included a tenant leasing the insured premises. The Insureds owned property which was insured through Farmers under a homeowner’s policy. Unable to sell the property, the Insureds entered into a two-year lease agreement with a tenant. Several months after entering into the lease agreement, the tenant allegedly sustained physical injuries inside of the rented premises when a staircase collapsed. The tenant sued the Insureds and the matter was tendered to Farmers. Thereafter, Farmers denied coverage based on an exclusionary provision in the homeowner’s policy. Specifically, the policy contained a "Liability Exclusions" section, which provided:
"Coverage E (Personal Liability) *** and personal injury coverage, if covered under this policy, do not apply to: Any insured or other residents of the residence premises. We do not cover bodily injury or personal injury to: (a) any insured; or (b) any resident of the residence premises, whether resident in the dwelling or a separate structure." (Emphases in original.)
Read the court decisionRead the full story...Reprinted courtesy of
James M. Eastham, Traub LiebermanMr. Eastham may be contacted at
jeastham@tlsslaw.com
Trio of White and Williams Attorneys Named Top Lawyers by Delaware Today
January 06, 2020 —
John Balaguer, FACTL, Stephen Milewski, & Dana Monzo - White and WilliamsWhite and Williams is pleased to announce that John Balaguer, Managing Partner of the Wilmington office, Partner Stephen Milewski, and Counsel Dana Spring Monzo have been chosen by their peers as Delaware Today's 2019 "Top Lawyers." The annual list recognizes John, Steve and Dana in the practice area of Medical Malpractice, Defense.
Delaware Today conducts an annual survey of the 4,900 members of the Delaware State Bar Association to identify top lawyers in specific practice areas. The magazine’s editors compile the results to create the annual Top Lawyers list, which is published in the November issue.
Reprinted courtesy of White and Williams attorneys
John Balaguer,
Stephen Milewski and
Dana Monzo
Mr. Balaguer may be contacted at balaguerj@whiteandwilliams.com
Mr. Milewski may be contacted at milewskis@whiteandwilliams.com
Ms. Monzo may be contacted at monzod@whiteandwilliams.com
Read the court decisionRead the full story...Reprinted courtesy of
Coloradoans Deserve More Than Hyperbole and Rhetoric from Plaintiffs’ Attorneys; We Deserve Attainable Housing
January 09, 2015 —
David M. McLain – Colorado Construction LitigationAs the 2015 Colorado legislative session gets underway, the media attention and discussion regarding the lack of attainable housing, skyrocketing rental rates, and the ongoing state and local efforts to reverse these trends have risen to a dull roar. The hyperbole and rhetoric from those who would oppose any reforms has risen to cacophonous levels.
Among the most often quoted talking points from the opposition are that any changes to Colorado’s existing laws would strip homeowners of their right to seek redress for construction defects and that they would virtually insulate construction professionals from such claims. The long and the short of it is that if this year’s legislation looks anything like SB 220 from last year, nothing could be further from the truth. The two main provisions from SB 220 were: 1) protection of a construction professional’s ability to resolve construction defect claims through arbitration; and 2) requirement of informed consent of more than 50% of the owners within a common interest community before a construction defect action could begin. Neither of these changes would strip homeowners of any rights and they certainly would not insulate construction professionals from construction defect actions.
Read the court decisionRead the full story...Reprinted courtesy of
David M. McLain, Higgins, Hopkins, McLain & Roswell, LLCMr. McLain may be contacted at
mclain@hhmrlaw.com
Subcontract Should Flow Down Delay Caused by Subcontractors
December 21, 2020 —
David Adelstein - Florida Construction Legal UpdatesA general contractor’s subcontract with its subcontractor should include a provision that entitles it to flow down liquidated damages assessed by the owner stemming from delays caused by the subcontractor. Such a provision does not mean the general contractor does not have to prove delays caused by the subcontractor or can arbitrarily allocate the amount or days it claims the subcontractor is liable. The general contractor still will need to reasonably establish the delays the subcontractor caused the critical path of the schedule, i.e., delayed the job. In addition to the right to flow down liquidated damages, the subcontract should also entitle the general contractor to recover its actual extended general conditions caused by the subcontractor’s delays (regardless of whether the owner assesses liquidated damages). The objective is that if the subcontractor delays the job, the subcontractor is liable for liquidated damages the general contractor is liable to the owner for in addition to the general contractor’s own delay damages. This is an important subcontractual provision so that the risk of delay caused by subcontractors is clearly flowed down to them in the subcontract.
In a 1987 case, Hall Construction Co., Inc. v. Beynon, 507 So.2d 1225 (Fla. 5th DCA 1987), the subcontract at-issue contained language that stated, “The parties hereto agree that a supplier who delays performance beyond the time agreed upon in this Purchase Order shall have caused [general contractor] liquidated damages in the amount required of [general contractor] by their contract per day for each day such delay continues which sum the supplier hereby agrees to pay.”
Read the court decisionRead the full story...Reprinted courtesy of
David Adelstein, Kirwin Norris, P.A.Mr. Adelstein may be contacted at
dma@kirwinnorris.com
Convictions Obtained in Las Vegas HOA Fraud Case
March 19, 2015 —
Beverley BevenFlorez-CDJ STAFFThe Las Vegas Review-Journal reported that a jury “convicted four defendants charged in the massive scheme to take over and defraud homeowners associations.” Convicted defendants included former Benzer attorney Keith Gregory, Benzer’s half-sister Edith Gillespie, Salvatore Ruvolo, and David Ball.
According to the Las Vegas Review-Journal, “Prosecutors contended the multimillion-dollar scheme was carried out between 2003 and 2009 by former construction company boss Leon Benzer and the late construction defects lawyer Nancy Quon. Benzer has since pleaded guilty. Quon committed suicide in 2012 under the weight of the high-profile investigation.”
Read the court decisionRead the full story...Reprinted courtesy of
BOOK CLUB SERIES: Everything You Want to Know About Construction Arbitration But Were Afraid to Ask
October 30, 2023 —
Marissa L. Downs - The Dispute ResolverI recently had the pleasure of speaking with construction law notables John Foust and Andy Ness to discuss the release of their new book—
Construction Arbitration: The Advocate’s Practical Guide. The goal of their book: to teach attorneys what they need to know to maximize their effectiveness in the arbitration context. To that end, the book covers every aspect of the arbitration process including motion practice, conduct as an advocate, presentation of the case, and post-hearing submissions. Read on for Andy and John’s candid, behind-the-scenes take on how this book came to be and why you should get your copy now, while supplies last!
Q: Who is the target audience for this book?
Andy: In the editing process (and in writing my own chapter on Navigating an International Construction Arbitration) I pretended that I was speaking with a construction lawyer who was a few years out of law school, with some litigation experience, who was getting ready to take on a significant and complex construction arbitration for the first time. The book presupposes knowledge of the basics and tries to anticipate the questions that would be asked when you are trying to think through the whole arbitration process from start to finish. What should my pleadings look like? How much discovery am I likely to be able to obtain? How should my demeanor be different from what I would do in a courtroom? How much should I object during the hearing? In a nutshell, it’s “What do I need to know to maximize my chances of success in the arbitration setting?”
Read the court decisionRead the full story...Reprinted courtesy of
Marissa L. Downs, Laurie & Brennan, LLPMs. Downs may be contacted at
mdowns@lauriebrennan.com
