SEC Recommendations to Protect Against Cybersecurity Threats
March 09, 2020 —
Shaia Araghi and Jeffrey Dennis – Newmeyer DillionWhat Happened?
The Securities and Exchange Commission's Office of Compliance Inspections and Examinations ("OCIE") issued a detailed
report on January 27, 2020 regarding various ways for organizations to safeguard data and protect against security and data breaches. Cyber threat actors are now invading data in a more sophisticated manner than ever before, and implementation of the SEC's recommended practices are essential in order to protect from outside vulnerabilities.
What is at Risk?
If market participants fail to implement these recommended policies, they will become more vulnerable to external attacks and data breaches. This can weaken an organization or firm if all employees are not properly trained and informed of the increasing dangers of cybersecurity breaches.
What Can You Do to Protect Yourself from a Cybersecurity Threat?
1.
Governance and Risk Management. Senior leaders should make efforts to improve the cyber safety at their organization. Some of these efforts may include:
- Devote attention to overseeing the organization's cybersecurity and resilience programs;
- Develop a risk assessment process to identify and mitigate cybersecurity risks to the organization;
- Adopt and implement policies and procedures regarding these risks;
- Promptly respond and adapt to changes by updating policies and procedures when necessary; and
- Establish communication policies and procedures to provide timely information to customers, employees, and others when needed.
2.
Access Rights and Controls. Implement updated controls to determine appropriate users for organization systems, limit access as appropriate to authorized users (including the set-up of multi-factor authentication) and monitor user access.
3.
Data Loss Prevention. OCIE has recommended various important data loss prevention measures for organizations:
- Establish a vulnerability management program;
- Implement capabilities that can monitor network traffic and detect threats on endpoints;
- Establish a patch management program covering all software and hardware;
- Maintain an inventory of hardware and software assets;
- Encrypt data and implement network segmentation;
- Create an insider threat program to monitor any suspicious behaviors; and
- Secure legacy systems and equipment through disposal of sensitive information from hardware and software and by reassessing vulnerability and risk assessments.
4.
Mobile Security. Establish policies and procedures for mobile device use, manage use of mobile devices through a mobile device management application, implement security measures for internal and external users, and train employees on mobile device policies and effective practices.
5.
Incident Response and Resiliency. Detect and disclose material information regarding incidents in a timely manner and assess appropriateness of corrective actions taken in response to incidents. Organizations should develop a plan if an incident occurs, address applicable reporting requirements, assign staff to execute specific areas of the plan, and test and assess the plan. In the event that a data breach occurs, an organization should improve its resiliency by maintaining an inventory of core business services and prioritizing business operations based on an assessment of risks.
6.
Vendor Management. Establish a vendor management program to ensure that vendors meet your organization's security requirements. Organizations should aim to understand all contract terms with vendors to ensure that all parties are in agreement regarding risk and security. Organizations should also monitor third-party vendors and ensure that the vendor continues to meet the organization's security requirements.
7.
Training and Awareness. Train staff to implement cybersecurity policies of the organization. Organizations should provide cybersecurity and resiliency training and re-evaluate the effectiveness of training procedures.
A Final Reminder for Organizations
Organizations should strive to implement as many of the SEC's recommended protection measures as possible. Ensuring that senior members of an organization are leading the initiative in increased awareness about cybersecurity threats through training of employees will lead to greater cyber safety for the overall organization. Although prevention of all breaches cannot be guaranteed, developing data loss prevention plans to keep the organization and its core businesses safe from attack will benefit the entire organization.
How We Can Help
If you feel that your business falls below the SEC's recommended security measures, our firm can assist with compliance. Contact us for a free initial consultation to determine a reasonable and practical way for your business to become compliant with these guidelines.
Shaia Araghi is an associate in the firm's Privacy & Data Security, and supports the team in advising clients on cyber-related matters, including compliance and prevention that can protect their day-to-day operations. For more information on how Shaia can help, contact her at shaia.araghi@ndlf.com.
Jeff Dennis (CIPP/US) is the Head of the firm's Privacy & Data Security practice. Jeff works with the firm's clients on cyber-related issues, including contractual and insurance opportunities to lessen their risk. For more information on how Jeff can help, contact him at jeff.dennis@ndlf.com.
About Newmeyer Dillion
For 35 years, Newmeyer Dillion has delivered creative and outstanding legal solutions and trial results that achieve client objectives in diverse industries. With over 70 attorneys working as a cohesive team to represent clients in all aspects of business, employment, real estate, environmental/land use, privacy & data security and insurance law, Newmeyer Dillion delivers holistic and integrated legal services tailored to propel each client's success and bottom line. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California and Nevada, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.newmeyerdillion.com.
Read the court decisionRead the full story...Reprinted courtesy of
Lewis Brisbois Ranks 11th in Law360’s Glass Ceiling Report on Gender Parity in Law Firms
October 11, 2021 —
Lewis BrisboisLewis Brisbois has ranked 11th in Law360’s 2021 Glass Ceiling report, moving up from 37th place in 2020. The report measures female presence and gender parity in law firms, this year evaluating 269 organizations.
As described in the Law360 Pulse article titled "Glass Ceiling Report: How Does Your Firm Stack Up?," the publication redesigned its report this year to evaluate female attorneys’ industry standing from a new angle by showing how the percentage of women across three levels within law firms compared with the potential marketplace of hires. This evaluation resulted in the firms’ "pipeline scores," which measure a firm’s percentage points above or below a set of benchmarks assembled with data from the American Bar Association and previous Law360 submissions.
Lewis Brisbois’ Los Angeles Co-Managing Partner Jana Lubert and Chief Strategy Officer Janet Eskow, the co-chairs of Lewis Brisbois' Women's Initiative, each expressed excitement about the report, along with resolve to further promote gender diversity. "We are proud that Lewis Brisbois has moved up in these rankings because we have focused diligently on hiring and retaining the best legal talent from a diverse pool of candidates nationwide," Ms. Lubert said. "At the same time, we recognize that there is more to be done to further improve gender equity and inclusion. We remain committed to this important goal, both as it pertains to Lewis Brisbois and to the entire legal industry," she added.
Read the court decisionRead the full story...Reprinted courtesy of
Lewis Brisbois
Suffolk Stands Down After Consecutive Serious Boston Site Injuries
May 23, 2022 —
Scott Van Voorhis - Engineering News-RecordAfter two serious safety incidents in consecutive days, the Boston-area’s largest contractor voluntarily issued a safety stand down on all projects in Boston through May 6.
Reprinted courtesy of
Scott Van Voorhis, Engineering News-Record
ENR may be contacted at enr@enr.com
Read the full story... Read the court decisionRead the full story...Reprinted courtesy of
Close Enough Only Counts in Horseshoes and Hand Grenades
March 08, 2021 —
Garret Murai - California Construction Law BlogIn
State Farm General Insurance Company v. Oetiker, Inc., Case No. B302348 (December 18, 2020), a manufacturer sued in subrogation action under the Right to Repair Act almost got away. Almost.
The Oetiker Case
James and Jennifer Philson’s home was substantially completed, and a notice of completion was recorded, in 2004. In 2016, the Philsons tendered a claim to their homeowner’s insurance carrier, State Farm General Insurance Company, after their home experienced significant water damage due to a defective stainless steel ear clamp.
In 2018, after paying the Philson’s claim, State Farm filed a subrogation action against the manufacturer of the ear clamp, Oetiker, Inc. State Farm’s complaint, which included causes of action for negligence, strict products liability and breach of implied warranty, alleged that the home was “damaged by a water leak from the failure of a defective stainless steel ear claim on a water PEX fitting” and that the ear clamp was “defective when it left the control of [Oetiker].”
Read the court decisionRead the full story...Reprinted courtesy of
Garret Murai, Nomos LLPMr. Murai may be contacted at
gmurai@nomosllp.com
New York Labor Laws and Action Over Exclusions
February 01, 2021 —
Theresa A. Guertin & Ashley McWilliams - Saxe Doernberger & Vita, P.C.One of the most important methods for shifting risk in the construction context is insurance coverage. Upstream parties such as owner/developers and general contractors typically require that their downstream subcontractors who perform work on their properties or projects bring specific insurance to the table. These insurance requirements have a twofold purpose: protect the upstream parties, through additional insured coverage, from liabilities caused by the subcontractor; and protect the downstream parties by ensuring that they have adequate insurance for their own potential liabilities.
In New York, subcontractor insurance coverage can have some surprising terms which frustrate risk transfer. Numerous policies contain “Action Over” exclusions, which bar coverage for one of the most significant exposures faced by owner-developers and general contractors: bodily injury lawsuits brought by subcontractor employees. It is critical that upstream parties understand the unique impact of New York’s labor laws on the insurance market and be prepared to identify and request removal of Action Over exclusions on subcontractor insurance policies.
Reprinted courtesy of
Theresa A. Guertin, Saxe Doernberger & Vita, P.C. and
Ashley McWilliams, Saxe Doernberger & Vita, P.C.
Ms. Guertin may be contacted at TGuertin@sdvlaw.com
Ms. McWilliams may be contacted at AMcWilliams@sdvlaw.com
Read the court decisionRead the full story...Reprinted courtesy of
Subcontractors Essential to Home Building Industry
February 14, 2014 —
Beverley BevenFlorez-CDJ STAFFThe National Association of Home Builders (NAHB), Eye on Housing reports that subcontractors are essential to the home building industry—a point that is often overlooked by those outside of the industry. According to the NAHB, “71 percent of those employed in the home building industry are subcontractors.”
The average number of subcontractors used in single-family detached homes in 2012 was twenty-five, however larger builders used more subcontractors: “On average, builders who built more than 25 units used 32 subcontractors during 2012, compared to 23 for builders who built less than 25 units.”
Read the court decisionRead the full story...Reprinted courtesy of
Engineering Report Finds More Investigation Needed of Balconies at New Jersey Condo
March 20, 2023 —
Engineering News-RecordPress of Atlantic City
SEA ISLE CITY - An engineering report on the Spinnaker Condominiums' South Tower found that balconies directly beneath the one that collapsed last month, killing a worker, need further investigation before they are deemed safe for use.
Reprinted courtesy of
Engineering News-Record
ENR may be contacted at enr@enr.com
Read the full story... Read the court decisionRead the full story...Reprinted courtesy of
Illinois Appellate Court Addresses Professional Services Exclusion in Homeowners Policy
August 03, 2022 —
James M. Eastham - Traub LiebermanIn Stonegate Ins. Co. v. Smith, 2022 IL App (1st) 210931, the Insured was performing plumbing work at a multi-story townhouse when a fire ensued causing damage to the second story unit. Although a carpenter by trade, the Insured was performing plumbing work consisting of the replacement of a shower valve as a favor for a friend. To accomplish the task, the Insured utilized a small propane torch to attempt to remove the old water piping to the shower. In doing so, the insulation behind the bathroom wall caught fire and the flame spread upward to the neighboring unit. Stonegate had issued a homeowner’s policy to the Insured during the relevant time period. The homeowner's policy excluded coverage for property damage "[a]rising out of the rendering of or failure to render professional services." Subsequent to tender of the loss, Stonegate initiated a declaratory judgment action seeking a declaration that it owned no duty to defend or indemnity pursuant to the professional services exclusions.
In finding in favor of the Insured, the Court began its analysis by noting that the homeowner's policy did not define the term "professional services" such that it was the Court’s task to determine whether the Insured’s work qualified as a "professional service" for purposes of the exclusion. The Court further prefaced its holding by stating that for an exclusionary clause to effectively deny coverage, its applicability must be clear and free from doubt because any doubts as to coverage will be resolved in favor of the insured. Looking to Illinois case precedent, the Court found that the term "professional service" is not limited to services for which the person performing them must be licensed by a governmental authority. Rather, "professional services" encompass any business activity conducted by an insured that (1) involves specialized knowledge, labor, or skill, and (2) is predominantly mental or intellectual as opposed to physical or manual in nature.
Read the court decisionRead the full story...Reprinted courtesy of
James M. Eastham, Traub LiebermanMr. Eastham may be contacted at
jeastham@tlsslaw.com
