SEC Recommendations to Protect Against Cybersecurity Threats
March 09, 2020 —
Shaia Araghi and Jeffrey Dennis – Newmeyer DillionWhat Happened?
The Securities and Exchange Commission's Office of Compliance Inspections and Examinations ("OCIE") issued a detailed
report on January 27, 2020 regarding various ways for organizations to safeguard data and protect against security and data breaches. Cyber threat actors are now invading data in a more sophisticated manner than ever before, and implementation of the SEC's recommended practices are essential in order to protect from outside vulnerabilities.
What is at Risk?
If market participants fail to implement these recommended policies, they will become more vulnerable to external attacks and data breaches. This can weaken an organization or firm if all employees are not properly trained and informed of the increasing dangers of cybersecurity breaches.
What Can You Do to Protect Yourself from a Cybersecurity Threat?
1.
Governance and Risk Management. Senior leaders should make efforts to improve the cyber safety at their organization. Some of these efforts may include:
- Devote attention to overseeing the organization's cybersecurity and resilience programs;
- Develop a risk assessment process to identify and mitigate cybersecurity risks to the organization;
- Adopt and implement policies and procedures regarding these risks;
- Promptly respond and adapt to changes by updating policies and procedures when necessary; and
- Establish communication policies and procedures to provide timely information to customers, employees, and others when needed.
2.
Access Rights and Controls. Implement updated controls to determine appropriate users for organization systems, limit access as appropriate to authorized users (including the set-up of multi-factor authentication) and monitor user access.
3.
Data Loss Prevention. OCIE has recommended various important data loss prevention measures for organizations:
- Establish a vulnerability management program;
- Implement capabilities that can monitor network traffic and detect threats on endpoints;
- Establish a patch management program covering all software and hardware;
- Maintain an inventory of hardware and software assets;
- Encrypt data and implement network segmentation;
- Create an insider threat program to monitor any suspicious behaviors; and
- Secure legacy systems and equipment through disposal of sensitive information from hardware and software and by reassessing vulnerability and risk assessments.
4.
Mobile Security. Establish policies and procedures for mobile device use, manage use of mobile devices through a mobile device management application, implement security measures for internal and external users, and train employees on mobile device policies and effective practices.
5.
Incident Response and Resiliency. Detect and disclose material information regarding incidents in a timely manner and assess appropriateness of corrective actions taken in response to incidents. Organizations should develop a plan if an incident occurs, address applicable reporting requirements, assign staff to execute specific areas of the plan, and test and assess the plan. In the event that a data breach occurs, an organization should improve its resiliency by maintaining an inventory of core business services and prioritizing business operations based on an assessment of risks.
6.
Vendor Management. Establish a vendor management program to ensure that vendors meet your organization's security requirements. Organizations should aim to understand all contract terms with vendors to ensure that all parties are in agreement regarding risk and security. Organizations should also monitor third-party vendors and ensure that the vendor continues to meet the organization's security requirements.
7.
Training and Awareness. Train staff to implement cybersecurity policies of the organization. Organizations should provide cybersecurity and resiliency training and re-evaluate the effectiveness of training procedures.
A Final Reminder for Organizations
Organizations should strive to implement as many of the SEC's recommended protection measures as possible. Ensuring that senior members of an organization are leading the initiative in increased awareness about cybersecurity threats through training of employees will lead to greater cyber safety for the overall organization. Although prevention of all breaches cannot be guaranteed, developing data loss prevention plans to keep the organization and its core businesses safe from attack will benefit the entire organization.
How We Can Help
If you feel that your business falls below the SEC's recommended security measures, our firm can assist with compliance. Contact us for a free initial consultation to determine a reasonable and practical way for your business to become compliant with these guidelines.
Shaia Araghi is an associate in the firm's Privacy & Data Security, and supports the team in advising clients on cyber-related matters, including compliance and prevention that can protect their day-to-day operations. For more information on how Shaia can help, contact her at shaia.araghi@ndlf.com.
Jeff Dennis (CIPP/US) is the Head of the firm's Privacy & Data Security practice. Jeff works with the firm's clients on cyber-related issues, including contractual and insurance opportunities to lessen their risk. For more information on how Jeff can help, contact him at jeff.dennis@ndlf.com.
About Newmeyer Dillion
For 35 years, Newmeyer Dillion has delivered creative and outstanding legal solutions and trial results that achieve client objectives in diverse industries. With over 70 attorneys working as a cohesive team to represent clients in all aspects of business, employment, real estate, environmental/land use, privacy & data security and insurance law, Newmeyer Dillion delivers holistic and integrated legal services tailored to propel each client's success and bottom line. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California and Nevada, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.newmeyerdillion.com.
Read the court decisionRead the full story...Reprinted courtesy of
Breach Of Duty of Good Faith And Fair Dealing Packaged With Contract Disputes Act Claim
March 27, 2023 —
David Adelstein - Florida Construction Legal UpdatesAn interesting opinion on a motion to dismiss came out of the United States Court of Federal Claims dealing with the claim that the government breached its duty of good faith and fair dealing in administering the prime contract. The contractor’s argument was that the government breached its duty of good faith and fair dealing by denying the contractor’s claim under the Contract Disputes Act (CDA). This was a creative claim and argument that deserves consideration because it tied in the contracting officer’s denial of the CDA claim for additional money with a breach of the duty of good faith and fair dealing.
In this case, Aries Construction Corp. v. U.S., 2023 WL 2146598 (Fed. Cl. 2023), a prime contractor was hired for a water pipeline construction project. The contractor encountered unexpected difficult site conditions that required additional equipment and labor. The contractor informed the contracting officer and alleged it was instructed to proceed with the additional equipment and labor. The contractor submitted a claim under the CDA but the contracting officer denied the claim. The contractor pursued the claim in the United States Court of Federal Claims arguing the government breached the contract and, of interest, breached its duty of good faith and fair dealing.
The government moved to dismiss the breach of good faith and fair dealing claim arguing that besides failing to state a cause of action the Court of Federal Claims had no jurisdiction because the breach of the duty of good faith and fair dealing was not properly presented to the contracting officer under the CDA. The Court of Federal Claims denied the government’s motion.
Read the court decisionRead the full story...Reprinted courtesy of
David Adelstein, Kirwin Norris, P.A.Mr. Adelstein may be contacted at
dma@kirwinnorris.com
Patriarch Partners Decision Confirms Government Subpoenas May Constitute a “Claim” Under D&O Policy; Warns Policyholders to Think Broadly When Representing Facts and Circumstances to Insurers
January 08, 2019 —
Michael S. Levine, Sergio F. Oehninger, & Joshua S. Paster - Hunton Andrews KurthThe Second Circuit recently confirmed in Patriarch Partners, LLC v. Axis Insurance Co. that a warranty letter accompanying the policyholder’s insurance application barred coverage for a lengthy SEC investigation, which ripened into a “Claim” prior to the policy’s inception date. The opinion left intact the lower court’s finding that the SEC subpoena constituted a “demand for non-monetary relief” and thus qualified as a “Claim” under the directors and officers (D&O) insurance policy.
Reprinted courtesy of Hunton Andrews Kurth attorneys
Michael S. Levine,
Sergio F. Oehninger and
Joshua S. Paster
Mr. Levine may be contacted at mlevine@HuntonAK.com
Mr. Oehninger may be contacted at soehninger@HuntonAK.com
Mr. Paster may be contacted at jpaster@HuntonAK.com
Read the court decisionRead the full story...Reprinted courtesy of
Lumber Liquidators’ Home-Testing Methods Get EPA Scrutiny
June 10, 2015 —
Matthew Townsend – BloombergThe home testing method Lumber Liquidators Holdings Inc. is using to reassure customers that their floors are safe is being questioned by the U.S. Environmental Protection Agency.
In response to allegations that its Chinese-made laminate flooring emitted excessive levels of formaldehyde, a known carcinogen, Lumber Liquidators sent thousands of do-it-yourself tests to people who’d purchased the products. Customers use a device in the kit to measure the air in their homes for 24 hours, then send the package back to have the results evaluated.
While the EPA didn’t take a position on the specifics of Lumber Liquidators’ test program, the agency said on its website that home air testing “may not provide useful information due to the uncertainties” of the method. Air tests don’t pinpoint the specific source of a contaminant, and there are no widely accepted standards for indoor formaldehyde levels, the agency said.
Read the court decisionRead the full story...Reprinted courtesy of
Matthew Townsend, Bloomberg
Real Estate & Construction News Round-Up (03/01/23) – Mass Timber, IIJA Funding, and Distressed Real Estate
March 13, 2023 —
Pillsbury's Construction & Real Estate Law Team - Gravel2Gavel Construction & Real Estate Law BlogThis week’s round-up explores how Infrastructure Investment and Jobs Act (IIJA) funding is being deployed, mass timber is on the rise as decarbonization efforts continue, and commercial real estate remains distressed.
- With a flurry of high-profile projects, mass timber is gaining traction. (Jeffrey Steele, Commercial Property Executive)
- Commercial real estate is experiencing high levels of distress, with multiple owners defaulting on loans across the country. (Ted Glanzer, The Real Deal)
- Even with the recent downturn in cryptocurrency value, the metaverse real estate market is expected to continue to grow. (The Real Deal)
Read the court decisionRead the full story...Reprinted courtesy of
Pillsbury's Construction & Real Estate Law Team
2011 Worst Year Ever for Home Sales
September 09, 2011 —
CDJ STAFFSo few new single-family homes have sold in 2011 that expectations are that this will be the worst year for new homes sales since the Commerce Department started tracking this in 1963. The Harford Courant notes that previously builders created a new supply to which was added homes under foreclosure.
Ed Leamer, economist and director of UCLA’s Anderson Forecast, says that recovery would be driven by two sectors, manufacturing and construction. “It doesn’t look like there is going to be a big recovery in manufacturing,” he says. “It is going to have to come in housing.”
The soft housing market, however, is leading to a loss of construction jobs, as reported by the Associated General Contractors of America. As a result, stock prices for the twelve largest publicly-traded home builders have declined 22.7 percent in a market that has declined 4.2 percent overall.
Read the full story…
Read the court decisionRead the full story...Reprinted courtesy of
Anti-Concurrent Causation Clause Bars Coverage for Pool Damage
February 23, 2016 —
Tred R. Eyerly – Insurance Law HawaiiRelying upon the policy's anti-concurrent causation clause, the Illinois Court of Appeals affirmed the trial court's ruling that there was no coverage for a pool that popped out of the ground. Bozek v. Erie Ins. Group, 2015 Ill. App. LEXIS 940 (Ill. Ct. App. Dec. 17, 2015).
Following a rainstorm, the insureds reported damage to the swimming pool to Erie. An investigation determined that the heavy rain saturated soils around the pool. This created a significant uplift hydrostatic pressure. The weight of the water in the pool typically prevented the uplift forces, but the pool had been emptied to clean debris making it susceptible to uplift. The pool had a pressure relief valve to prevent uplift, but it was not working properly.
As a result, the pool was damaged to the point that it had to be replaced in its entirety. The heaving of the pool also damaged the concrete slab around the pool, which also had to be replaced.
Read the court decisionRead the full story...Reprinted courtesy of
Tred R. Eyerly, Insurance Law HawaiiMr. Eyerly may be contacted at
te@hawaiilawyer.com
Building Resiliency: Withstanding Wildfires and Other Natural Disasters
September 25, 2023 —
Bill Creedon - Construction ExecutiveAccording to the National Fire Protection Association, between 2016 and 2020 an estimated average of 4,300 fires per year plagued structures under construction, adding up to about $376 million in annual property damage. More recently, the National Centers for Environmental Information reported that wildfires accounted for more than $3.2 billion in damages across the United States. These figures alone point to the heightened awareness that all companies—particularly construction companies—should maintain surrounding the unique challenges and risks that wildfires can present and how they could potentially impact the integrity of projects and the associated safety of their workers.
As North America grapples with the increasing frequency and severity of wildfires, hurricanes and additional severe weather events, numerous industries have had to adapt and implement proactive measures to minimize their risks and associated exposures. The impact of these natural disasters on the construction industry is indisputable, necessitating proactive measures that construction companies should seriously consider adopting to effectively mitigate those risks, efficiently navigate insurance complexities and seamlessly integrate data-driven solutions alongside modern tools like AI and predictive modeling.
Reprinted courtesy of
Bill Creedon, Construction Executive, a publication of Associated Builders and Contractors. All rights reserved.
Read the court decisionRead the full story...Reprinted courtesy of
Mr. Creedon may be contacted at
bill.creedon@wtwco.com
