SEC Recommendations to Protect Against Cybersecurity Threats
March 09, 2020 —
Shaia Araghi and Jeffrey Dennis – Newmeyer DillionWhat Happened?
The Securities and Exchange Commission's Office of Compliance Inspections and Examinations ("OCIE") issued a detailed
report on January 27, 2020 regarding various ways for organizations to safeguard data and protect against security and data breaches. Cyber threat actors are now invading data in a more sophisticated manner than ever before, and implementation of the SEC's recommended practices are essential in order to protect from outside vulnerabilities.
What is at Risk?
If market participants fail to implement these recommended policies, they will become more vulnerable to external attacks and data breaches. This can weaken an organization or firm if all employees are not properly trained and informed of the increasing dangers of cybersecurity breaches.
What Can You Do to Protect Yourself from a Cybersecurity Threat?
1.
Governance and Risk Management. Senior leaders should make efforts to improve the cyber safety at their organization. Some of these efforts may include:
- Devote attention to overseeing the organization's cybersecurity and resilience programs;
- Develop a risk assessment process to identify and mitigate cybersecurity risks to the organization;
- Adopt and implement policies and procedures regarding these risks;
- Promptly respond and adapt to changes by updating policies and procedures when necessary; and
- Establish communication policies and procedures to provide timely information to customers, employees, and others when needed.
2.
Access Rights and Controls. Implement updated controls to determine appropriate users for organization systems, limit access as appropriate to authorized users (including the set-up of multi-factor authentication) and monitor user access.
3.
Data Loss Prevention. OCIE has recommended various important data loss prevention measures for organizations:
- Establish a vulnerability management program;
- Implement capabilities that can monitor network traffic and detect threats on endpoints;
- Establish a patch management program covering all software and hardware;
- Maintain an inventory of hardware and software assets;
- Encrypt data and implement network segmentation;
- Create an insider threat program to monitor any suspicious behaviors; and
- Secure legacy systems and equipment through disposal of sensitive information from hardware and software and by reassessing vulnerability and risk assessments.
4.
Mobile Security. Establish policies and procedures for mobile device use, manage use of mobile devices through a mobile device management application, implement security measures for internal and external users, and train employees on mobile device policies and effective practices.
5.
Incident Response and Resiliency. Detect and disclose material information regarding incidents in a timely manner and assess appropriateness of corrective actions taken in response to incidents. Organizations should develop a plan if an incident occurs, address applicable reporting requirements, assign staff to execute specific areas of the plan, and test and assess the plan. In the event that a data breach occurs, an organization should improve its resiliency by maintaining an inventory of core business services and prioritizing business operations based on an assessment of risks.
6.
Vendor Management. Establish a vendor management program to ensure that vendors meet your organization's security requirements. Organizations should aim to understand all contract terms with vendors to ensure that all parties are in agreement regarding risk and security. Organizations should also monitor third-party vendors and ensure that the vendor continues to meet the organization's security requirements.
7.
Training and Awareness. Train staff to implement cybersecurity policies of the organization. Organizations should provide cybersecurity and resiliency training and re-evaluate the effectiveness of training procedures.
A Final Reminder for Organizations
Organizations should strive to implement as many of the SEC's recommended protection measures as possible. Ensuring that senior members of an organization are leading the initiative in increased awareness about cybersecurity threats through training of employees will lead to greater cyber safety for the overall organization. Although prevention of all breaches cannot be guaranteed, developing data loss prevention plans to keep the organization and its core businesses safe from attack will benefit the entire organization.
How We Can Help
If you feel that your business falls below the SEC's recommended security measures, our firm can assist with compliance. Contact us for a free initial consultation to determine a reasonable and practical way for your business to become compliant with these guidelines.
Shaia Araghi is an associate in the firm's Privacy & Data Security, and supports the team in advising clients on cyber-related matters, including compliance and prevention that can protect their day-to-day operations. For more information on how Shaia can help, contact her at shaia.araghi@ndlf.com.
Jeff Dennis (CIPP/US) is the Head of the firm's Privacy & Data Security practice. Jeff works with the firm's clients on cyber-related issues, including contractual and insurance opportunities to lessen their risk. For more information on how Jeff can help, contact him at jeff.dennis@ndlf.com.
About Newmeyer Dillion
For 35 years, Newmeyer Dillion has delivered creative and outstanding legal solutions and trial results that achieve client objectives in diverse industries. With over 70 attorneys working as a cohesive team to represent clients in all aspects of business, employment, real estate, environmental/land use, privacy & data security and insurance law, Newmeyer Dillion delivers holistic and integrated legal services tailored to propel each client's success and bottom line. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California and Nevada, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.newmeyerdillion.com.
Read the court decisionRead the full story...Reprinted courtesy of
The Biggest Change to the Mechanics Lien Law Since 1963
December 08, 2016 —
Wally Zimolong – Supplemental ConditionsThe New Year will bring with it the biggest change to Pennsylvania’s Mechanics Lien Law since the current law was passed in 1963. These changes will impact owner, contractors, and subcontractors equally. However, the biggest benefits will probably be for real estate developers and other project owners.
On December 31, 2016, Pennsylvania will go live with a website known as the State Construction Notices Directory. On that date, owners will have the option of making projects costing $1,500,000 or more “searchable projects.” An owner makes a project a searchable project by filing with the Notices Directory a “Notice of Commencement” before works begins. The Notice of Commencement must include the name, address, and email address of the contractor, full name and location of the searchable project, the county where the project is located, a legal description of the searchable property, and the name address, and email address of the searchable project owner. Importantly, the owner must also post a copy of this Notice of Commencement at the project site.
Read the court decisionRead the full story...Reprinted courtesy of
Wally Zimolong, Zimolong LLCMr. Zimolong may be contacted at
wally@zimolonglaw.com
Contractor Removed from Site for Lack of Insurance
October 28, 2011 —
CDJ STAFFThe MetroWest Daily News reports that a demolition firm was told to leave the construction site at Natick High School since their failure to have workers compensation insurance makes them unable to work on the project. The contractor, Atlantic Dismantling and Site Construction, Inc. may have been working illegally since September.
The equipment that Atlantic had rented for the job was repossessed in August. Brait Builders Corp, the general contractor for the site had rented equipment so Atlantic could continue their work.
Their lack of insurance was discovered when a worker had a minor job-related injury. The state had issued a stop-work order for the firm and they could not legally bid on public projects. The school system did not receive any notice of this, and the school’s facilities director said of the general contractor, “chances are Brait never heard of anything either.”
Read the full story...
Read the court decisionRead the full story...Reprinted courtesy of
Florida trigger
August 04, 2011 —
CDCoverage.comIn Mid-Continent Casualty Co. v. Siena Home Corp., No. 5:08-CV-385-Oc-10GJK (M.D. Fla. July 8, 2011), insured residential real estate developer Siena was sued by homeowners seeking damages for moisture penetration property damage resulting from exterior wall construction defects. Siena’s CGL insurer Mid-Continent filed suit seeking a declaratory judgment of no duty to defend or indemnify in part on the basis that the alleged “property damage” did not manifest during the Mid-Continent policy period.
�Read the full story…
�Reprinted courtesy of CDCoverage.com
Read the court decisionRead the full story...Reprinted courtesy of
Does the New Jersey Right-To-Repair Law Omit Too Many Construction Defects?
January 06, 2012 —
CDJ STAFFA post on the blog of Liberty Building Forensics Group find fault with the New Jersey Home Warranty and Builders’ Registration Act for not being stringent enough. The poster notes the coverage given under the bill. In the first year, builders are responsible to remedy faulty workmanship and materials and major structural defects. While other protections expire in the first or second year, there is a ten year coverage of major construction defects.
The blogger finds fault with the exclusion New Jersey law places on these claims, arguing that “due to the stringent definition of ‘major construction defects,” the warranty affords no coverage unless the house is practically collapsing.” The bill excludes leaks, cracks, and mold, and further limits claims if the homeowner has failed to inform the builder or insurer of defects, failure to maintain the home, and alterations made by the homeowner.
The intent of the New Jersey law is given as “requiring that newly constructed homes conform to certain construction and quality standards as well as to provide buyers of new homes with insurance-backed warranty protection in the event such standards are not met.” It’s argued in the piece that it instead serves to “strip homeowners of any meaningful means of recovery for discovered construction defects.”
Read the full story…
Read the court decisionRead the full story...Reprinted courtesy of
When is a Residential Subcontractor not Subject to the VCPA? Read to Find Out
December 01, 2017 —
Christopher G. Hill - Construction Law MusingsThe Virginia Consumer Protection Act (VCPA) can and often does apply to residential construction. The transaction between a residential contractor and an homeowner has been held to fall under the consumer transaction language of the VCPA and on occasion been used to avoid the issues with the economic loss doctrine in Virginia. However, there are limits to how far down the contractual chain the VCPA applies, particularly in the case where a supplier or subcontractor does not provide the services or materials for a personal, consumer purpose.
An example of this fact is found in the case of Johnston v. Stephan. In that case, a couple hired a general contractor to build a home and the general contractor hired Cole Roofing System, Inc. to provide the roof of the home. The first couple subsequently sold the home and the second homeowners sought further work on the roof from Cole Roofing. After Cole Roofing refused further work, the homeowners brought an action seeking to enforce a warranty and for a violation of the VCPA. For the warranty claim, the homeowners relied on the contract between them and the prior homeowners that referenced a 10 year warranty on the roof and the subcontract between the homebuilder and Cole Roofing. Cole Roofing sought dismissal of the VCPA and warranty claims by demurrer and further sought by demurrer to have the matter dismissed as being filed after the running of the statute of limitations.
Read the court decisionRead the full story...Reprinted courtesy of
Christopher G. Hill, The Law Office of Christopher G. HillMr. Hill may be contacted at
chrisghill@constructionlawva.com
Saudi Arabia Awards Contracts for Megacity Neom’s Worker Housing
September 16, 2019 —
Vivian Nereim - BloombergSaudi Arabia has awarded to two Saudi firms contracts to build worker housing for its futuristic mega-city called Neom, as plans for the $500 billion project move forward despite skepticism from investors.
Tamimi Group and Saudi Arabian Trading & Construction Co. won contracts to finance, build and operate three residential areas with capacity to house 30,000 people, Neom said in a statement on Sunday. The areas will be part of a so-called “Construction Village,” which Neom later plans to expand to accommodate more than 100,000 residents, it said. Neom did not say how much the contracts were worth.
Read the court decisionRead the full story...Reprinted courtesy of
Vivian Nereim, Bloomberg
Macron Visits Notre Dame 2 Years After Devastating Fire
April 26, 2021 —
The Associated Press (Thomas Adamson & Jeffrey Schaeffer) - BloombergParis (AP) -- Two years after a fire tore through Paris’ most famous cathedral and shocked the world, French President Emmanuel Macron on Thursday visited the building site that Notre Dame has become to show that French heritage has not been forgotten despite the pandemic.
Flanked by ministers, architects and the retired French army general who is overseeing the restoration of the 12th-century monument, Macron viewed the progress of the ambitious rebuilding project. He offered the pandemic-weary French public hope that a completion date will arrive one day, if not in the near future.
“We're seeing here how, in two years, a huge job has been accomplished,” Macron said, recalling the “emotion” throughout France at the images of flames devouring Notre Dame on April 15, 2019. “We also see what remains to be done.”
Read the court decisionRead the full story...Reprinted courtesy of
Bloomberg
