SEC Recommendations to Protect Against Cybersecurity Threats
March 09, 2020 —
Shaia Araghi and Jeffrey Dennis – Newmeyer DillionWhat Happened?
The Securities and Exchange Commission's Office of Compliance Inspections and Examinations ("OCIE") issued a detailed
report on January 27, 2020 regarding various ways for organizations to safeguard data and protect against security and data breaches. Cyber threat actors are now invading data in a more sophisticated manner than ever before, and implementation of the SEC's recommended practices are essential in order to protect from outside vulnerabilities.
What is at Risk?
If market participants fail to implement these recommended policies, they will become more vulnerable to external attacks and data breaches. This can weaken an organization or firm if all employees are not properly trained and informed of the increasing dangers of cybersecurity breaches.
What Can You Do to Protect Yourself from a Cybersecurity Threat?
1.
Governance and Risk Management. Senior leaders should make efforts to improve the cyber safety at their organization. Some of these efforts may include:
- Devote attention to overseeing the organization's cybersecurity and resilience programs;
- Develop a risk assessment process to identify and mitigate cybersecurity risks to the organization;
- Adopt and implement policies and procedures regarding these risks;
- Promptly respond and adapt to changes by updating policies and procedures when necessary; and
- Establish communication policies and procedures to provide timely information to customers, employees, and others when needed.
2.
Access Rights and Controls. Implement updated controls to determine appropriate users for organization systems, limit access as appropriate to authorized users (including the set-up of multi-factor authentication) and monitor user access.
3.
Data Loss Prevention. OCIE has recommended various important data loss prevention measures for organizations:
- Establish a vulnerability management program;
- Implement capabilities that can monitor network traffic and detect threats on endpoints;
- Establish a patch management program covering all software and hardware;
- Maintain an inventory of hardware and software assets;
- Encrypt data and implement network segmentation;
- Create an insider threat program to monitor any suspicious behaviors; and
- Secure legacy systems and equipment through disposal of sensitive information from hardware and software and by reassessing vulnerability and risk assessments.
4.
Mobile Security. Establish policies and procedures for mobile device use, manage use of mobile devices through a mobile device management application, implement security measures for internal and external users, and train employees on mobile device policies and effective practices.
5.
Incident Response and Resiliency. Detect and disclose material information regarding incidents in a timely manner and assess appropriateness of corrective actions taken in response to incidents. Organizations should develop a plan if an incident occurs, address applicable reporting requirements, assign staff to execute specific areas of the plan, and test and assess the plan. In the event that a data breach occurs, an organization should improve its resiliency by maintaining an inventory of core business services and prioritizing business operations based on an assessment of risks.
6.
Vendor Management. Establish a vendor management program to ensure that vendors meet your organization's security requirements. Organizations should aim to understand all contract terms with vendors to ensure that all parties are in agreement regarding risk and security. Organizations should also monitor third-party vendors and ensure that the vendor continues to meet the organization's security requirements.
7.
Training and Awareness. Train staff to implement cybersecurity policies of the organization. Organizations should provide cybersecurity and resiliency training and re-evaluate the effectiveness of training procedures.
A Final Reminder for Organizations
Organizations should strive to implement as many of the SEC's recommended protection measures as possible. Ensuring that senior members of an organization are leading the initiative in increased awareness about cybersecurity threats through training of employees will lead to greater cyber safety for the overall organization. Although prevention of all breaches cannot be guaranteed, developing data loss prevention plans to keep the organization and its core businesses safe from attack will benefit the entire organization.
How We Can Help
If you feel that your business falls below the SEC's recommended security measures, our firm can assist with compliance. Contact us for a free initial consultation to determine a reasonable and practical way for your business to become compliant with these guidelines.
Shaia Araghi is an associate in the firm's Privacy & Data Security, and supports the team in advising clients on cyber-related matters, including compliance and prevention that can protect their day-to-day operations. For more information on how Shaia can help, contact her at shaia.araghi@ndlf.com.
Jeff Dennis (CIPP/US) is the Head of the firm's Privacy & Data Security practice. Jeff works with the firm's clients on cyber-related issues, including contractual and insurance opportunities to lessen their risk. For more information on how Jeff can help, contact him at jeff.dennis@ndlf.com.
About Newmeyer Dillion
For 35 years, Newmeyer Dillion has delivered creative and outstanding legal solutions and trial results that achieve client objectives in diverse industries. With over 70 attorneys working as a cohesive team to represent clients in all aspects of business, employment, real estate, environmental/land use, privacy & data security and insurance law, Newmeyer Dillion delivers holistic and integrated legal services tailored to propel each client's success and bottom line. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California and Nevada, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.newmeyerdillion.com.
Read the court decisionRead the full story...Reprinted courtesy of
Chinese Billionaire Sues Local Governments Over Project Payment
January 28, 2015 —
Bloomberg NewsThe billionaire founder of closely held China Pacific Construction Group sued six local governments in a bid to force payment of 900 million yuan ($144 million) his company is owed for infrastructure projects.
Yan Jiehe said today he was trying to prove a point and winning the lawsuits wasn’t his main goal. Courts in Hebei, Yunnan, Guizhou, Hunan and Shandong provinces accepted the cases, he said in an interview.
“We cannot let the governments work without any supervision anymore,” Yan said. “The results of the lawsuits are not that important to me and I care more about rule of law.”
Read the court decisionRead the full story...Reprinted courtesy of
Bloomberg News
Strict Liability or Negligence? The Proper Legal Standard for Inverse Condemnation caused by Water Damage to Property
March 30, 2016 —
Charles S. Krolikowski – Newmeyer & Dillion, LLPFiling a lawsuit against a government entity can be a daunting task given the complexities of tort claims requirements and governmental immunities. A recent decision by the Court of Appeal in Pacific Shores Property Owners Association v. Department of Fish & Wildlife, Case No. C07020 (Jan. 20, 2016), provided welcome clarification as to the proper legal standard for an inverse condemnation action based upon activities of a government entity which cause water damage to private property.
Read the court decisionRead the full story...Reprinted courtesy of
Charles S. Krolikowski, Newmeyer & Dillion, LLPMr. Krolikowski may be contacted at
charles.krolikowski@ndlf.com
'Right to Repair' and Fixing Equipment in a Digital Age
August 30, 2021 —
Jeff Rubenstone - Engineering News-RecordWhen a piece of equipment breaks down on site, rental agreements, subcontractor contracts and other arrangements generally make it clear who gets to open the hood and start tinkering. But heavy equipment made in the last two decades increasingly relies on digital components for many basic functions. Embedded computer systems oversee electronically controlled hydraulics and regulate engine behavior and emissions-control systems. The tools to access these firmware and software systems are not always easy to come by, and in some cases repairs can’t be done without working directly with a manufacturer-approved dealer or technician. Some repairs may require a digital handshake to take effect.
Reprinted courtesy of
Jeff Rubenstone, Engineering News-Record
Mr. Rubenstone may be contacted at rubenstonej@enr.com
Read the full story... Read the court decisionRead the full story...Reprinted courtesy of
Construction Group Seeks Defense Coverage for Hard Rock Stadium Claims
December 09, 2019 —
Sergio F. Oehninger & Daniel Hentschel - Hunton Insurance Recovery BlogIn an insurance coverage action pending in the S.D.N.Y., Hunt Construction Group (Hunt) contends that Berkley Assurance Company wrongfully denied defense coverage for claims arising out of the renovation of Hard Rock Stadium (home to the Miami Dolphins and Miami Hurricanes football teams).
The stadium owner, South Florida Stadium LLC (SFS), hired Hunt to serve as the construction manager for the renovation project. Hunt subcontracted with Alberici Constructors Inc. (Alberici) to design and fabricate roof structures for the stadium.
Hunt and SFS sued Alberici over its work on the project. In March 2017, Alberici asserted counterclaims against Hunt and SFS. In May 2018, SFS sought defense and indemnification from Hunt with respect to Alberici’s coverage claims.
Hunt is insured under claims made and reported professional liability insurance policies issued by Berkley with policy periods from June 15, 2016 to June 15, 2017 (with an automatic extended reporting period through August 14, 2017) and from July 15, 2017 to June 15, 2018. Hunt notified Berkley of Alberici’s counterclaim on July 20, 2017 (within the extended reporting period of the 2016-2017 policy) and of SFS’s indemnity claim on June 5, 2018 (within the 2017-2018 policy period).
Reprinted courtesy of
Sergio F. Oehninger, Hunton Andrews Kurth and
Daniel Hentschel, Hunton Andrews Kurth
Mr. Oehninger may be contacted at soehninger@HuntonAK.com
Mr. Hentschel may be contacted at dhentschel@HuntonAK.com
Read the court decisionRead the full story...Reprinted courtesy of
Enhanced Geothermal Energy Could Be the Next Zero-Carbon Hero
June 10, 2024 —
Sidney L. Fowler, Robert A. James & Clarence H. Tolliver - Gravel2Gavel Construction & Real Estate Law BlogHydrogen, solar, wind—and even microwave beams from outer space—are a few of the alternative energies being explored as the world strives to cut the cord on carbon emissions. Recently, advancements in geothermal energy technologies appear poised to significantly expand geothermal’s reach. These new methods, varyingly referred to as enhanced, engineered or advanced geothermal systems (collectively referred to here as EGS), have recently made strides in scalability and grabbed the attention of changemakers. If successful, EGS may play a major role in the clean energy transition. The technique creates no emissions and is virtually limitless (it pulls from heat generated by the Earth’s core), and can provide constant baseload power, making it appealing to green-minded investors. This article calls attention to the progress and variety of EGS projects and proposals that Pillsbury sees as part of the ongoing energy transition.
People have long been drawn to geothermal energy, with Paleo-Americans settling at hot springs some 10,000 years ago. In 1892, Boise, Idaho, became the first town to establish a district heating system that piped naturally occurring hot water from underground and into homes. It would take another 70 years for other cities to replicate the feat, but now 17 U.S. districts use such systems, along with dozens more worldwide.
Reprinted courtesy of
Sidney L. Fowler, Pillsbury,
Robert A. James, Pillsbury and
Clarence H. Tolliver, Pillsbury
Mr. Fowler may be contacted at sidney.fowler@pillsburylaw.com
Mr. James may be contacted at rob.james@pillsburylaw.com
Mr. Tolliver may be contacted at clarence.tolliver@pillsburylaw.com
Read the court decisionRead the full story...Reprinted courtesy of
A Win for Policyholders: Court Finds Flood Exclusion Inapplicable to Plumbing Leaks Caused by Hurricane Rainfall
October 21, 2024 —
Kelly A. Johnson & Damian S. Barquin - Saxe Doernberger & Vita, P.C. A recent decision by a federal court helps clear the path to coverage for property owners this hurricane season. The Court deemed one property policy’s flood exclusion inapplicable to bar coverage for water damage from backed-up drainage and overflow caused by excessive rainfall. The case, styled G.E.M.S. Partners LLC v. AmGUARD Ins. Co., — F.Supp. 3d —, No. CV 22-1664, 2024 WL 3568932 (D.N.J. July 29, 2024)), involved a familiar dispute between the insured and insurer following damage to covered property after a named storm’s heavy rainfall.
Here, G.E.M.S. Partners LLC (“Insured”) obtained a commercial property policy from AmGUARD Insurance Company (“AmGUARD”) to cover three neighboring buildings in Union, New Jersey. In September 2021, intense rainfall from Hurricane Ida overwhelmed the local infrastructure and sewer system, leading to water leakage from plumbing fixtures at the insured property. To secure coverage under its AmGUARD policy, the Insured wisely relied on its “Water Back-Up and Sump Overflow Endorsement” (“Back-Up/Overflow Endorsement”). Under this endorsement, AmGUARD promised to “pay for ... damage ... caused by ... water ... which backs up through or overflows or is otherwise discharged from a sewer.”1 Indeed, a plumber that inspected the buildings following Hurricane Ida described the root cause of the water damage as a “back up” of “sewer ... water.”2
Reprinted courtesy of
Kelly A. Johnson, Saxe Doernberger & Vita, P.C. and
Damian S. Barquin, Saxe Doernberger & Vita, P.C.
Ms. Johnson may be contacted at KJohnson@sdvlaw.com
Mr. Barquin may be contacted at DBarquin@sdvlaw.com
Read the court decisionRead the full story...Reprinted courtesy of
Providing “Labor” Under the Miller Act
January 28, 2019 —
David Adelstein - Florida Construction Legal UpdatesA recent opinion out of the Northern District of California discusses the “labor” required to support a Miller Act payment bond claim on a federal construction project. It is a good case that discusses the type of labor required to support a Miller Act payment bond claim.
In Prime Mechanical Service, Inc. v. Federal Solutions Group, Inc., 2018 WL 619930 (N.D.Cal. 2018), a prime contractor was awarded a contract to design and install a new HVAC system. The prime contractor subcontracted the work to a mechanical contractor. The mechanical contractor with its sub-designer prepared and submitted a new HVAC design to the prime contractor and provided 4-5 onsite services to determine the location and layout for the new HVAC equipment, perform field measurements, obtain security passes, and plan site access and crane locations. The mechanical contractor submitted an invoice to the prime contractor and the invoice remained unpaid for more than 90 days, which the prime contractor refused to pay. The mechanical contractor than filed a Miller Act payment bond lawsuit.
Read the court decisionRead the full story...Reprinted courtesy of
David Adelstein, Kirwin NorrisMr. Adelstein may be contacted at
dma@kirwinnorris.com
