SEC Recommendations to Protect Against Cybersecurity Threats
March 09, 2020 —
Shaia Araghi and Jeffrey Dennis – Newmeyer DillionWhat Happened?
The Securities and Exchange Commission's Office of Compliance Inspections and Examinations ("OCIE") issued a detailed
report on January 27, 2020 regarding various ways for organizations to safeguard data and protect against security and data breaches. Cyber threat actors are now invading data in a more sophisticated manner than ever before, and implementation of the SEC's recommended practices are essential in order to protect from outside vulnerabilities.
What is at Risk?
If market participants fail to implement these recommended policies, they will become more vulnerable to external attacks and data breaches. This can weaken an organization or firm if all employees are not properly trained and informed of the increasing dangers of cybersecurity breaches.
What Can You Do to Protect Yourself from a Cybersecurity Threat?
1.
Governance and Risk Management. Senior leaders should make efforts to improve the cyber safety at their organization. Some of these efforts may include:
- Devote attention to overseeing the organization's cybersecurity and resilience programs;
- Develop a risk assessment process to identify and mitigate cybersecurity risks to the organization;
- Adopt and implement policies and procedures regarding these risks;
- Promptly respond and adapt to changes by updating policies and procedures when necessary; and
- Establish communication policies and procedures to provide timely information to customers, employees, and others when needed.
2.
Access Rights and Controls. Implement updated controls to determine appropriate users for organization systems, limit access as appropriate to authorized users (including the set-up of multi-factor authentication) and monitor user access.
3.
Data Loss Prevention. OCIE has recommended various important data loss prevention measures for organizations:
- Establish a vulnerability management program;
- Implement capabilities that can monitor network traffic and detect threats on endpoints;
- Establish a patch management program covering all software and hardware;
- Maintain an inventory of hardware and software assets;
- Encrypt data and implement network segmentation;
- Create an insider threat program to monitor any suspicious behaviors; and
- Secure legacy systems and equipment through disposal of sensitive information from hardware and software and by reassessing vulnerability and risk assessments.
4.
Mobile Security. Establish policies and procedures for mobile device use, manage use of mobile devices through a mobile device management application, implement security measures for internal and external users, and train employees on mobile device policies and effective practices.
5.
Incident Response and Resiliency. Detect and disclose material information regarding incidents in a timely manner and assess appropriateness of corrective actions taken in response to incidents. Organizations should develop a plan if an incident occurs, address applicable reporting requirements, assign staff to execute specific areas of the plan, and test and assess the plan. In the event that a data breach occurs, an organization should improve its resiliency by maintaining an inventory of core business services and prioritizing business operations based on an assessment of risks.
6.
Vendor Management. Establish a vendor management program to ensure that vendors meet your organization's security requirements. Organizations should aim to understand all contract terms with vendors to ensure that all parties are in agreement regarding risk and security. Organizations should also monitor third-party vendors and ensure that the vendor continues to meet the organization's security requirements.
7.
Training and Awareness. Train staff to implement cybersecurity policies of the organization. Organizations should provide cybersecurity and resiliency training and re-evaluate the effectiveness of training procedures.
A Final Reminder for Organizations
Organizations should strive to implement as many of the SEC's recommended protection measures as possible. Ensuring that senior members of an organization are leading the initiative in increased awareness about cybersecurity threats through training of employees will lead to greater cyber safety for the overall organization. Although prevention of all breaches cannot be guaranteed, developing data loss prevention plans to keep the organization and its core businesses safe from attack will benefit the entire organization.
How We Can Help
If you feel that your business falls below the SEC's recommended security measures, our firm can assist with compliance. Contact us for a free initial consultation to determine a reasonable and practical way for your business to become compliant with these guidelines.
Shaia Araghi is an associate in the firm's Privacy & Data Security, and supports the team in advising clients on cyber-related matters, including compliance and prevention that can protect their day-to-day operations. For more information on how Shaia can help, contact her at shaia.araghi@ndlf.com.
Jeff Dennis (CIPP/US) is the Head of the firm's Privacy & Data Security practice. Jeff works with the firm's clients on cyber-related issues, including contractual and insurance opportunities to lessen their risk. For more information on how Jeff can help, contact him at jeff.dennis@ndlf.com.
About Newmeyer Dillion
For 35 years, Newmeyer Dillion has delivered creative and outstanding legal solutions and trial results that achieve client objectives in diverse industries. With over 70 attorneys working as a cohesive team to represent clients in all aspects of business, employment, real estate, environmental/land use, privacy & data security and insurance law, Newmeyer Dillion delivers holistic and integrated legal services tailored to propel each client's success and bottom line. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California and Nevada, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.newmeyerdillion.com.
Read the court decisionRead the full story...Reprinted courtesy of
Benefits and Pitfalls of Partnerships Between Companies
December 21, 2016 —
Aarni Heiskanen – AEC BusinessTo bring innovations to the market, companies almost always need partnerships. Partnerships can offer scalability, productivity, and open up new markets. However, partnerships are not easy to establish and manage.
The benefits of partnering
Construction companies have always done joint ventures. The reason has been to simply be able to bid for and deliver a project that would be too big for one company at that specific moment. Partnering allows you to become larger than you are and to get work that would otherwise be out of your reach. It also lets you spread the risk in a demanding project among the members.
Read the court decisionRead the full story...Reprinted courtesy of
Aarni Heiskanen, AEC BusinessMr. Heiskanen may be contacted at
aarni@aepartners.fi
Rights Afforded to Employees and Employers During Strikes
October 16, 2018 —
Wally Zimolong - Supplemental ConditionsOne of the most powerful weapons in labor’s arsenal is a strike. Like most powerful weapons there is a dichotomy in a strike. On one hand, it can bring about concessions from management that labor seeks. On the other hand, it can permanently change the relationship between management and labor. However, one thing is certain, strike are – to put it mildly – chaotic.
During this chaotic period, employees and employers may wonder what rights they have during union-initiated strikes. We provide some brief explanations below, along with how union litigation can help enforce your rights.
Read the court decisionRead the full story...Reprinted courtesy of
Wally Zimolong, Zimolong LLCMr. Zimolong may be contacted at
wally@zimolonglaw.com
Big Changes and Trends in the Real Estate Industry
February 06, 2023 —
Rachel Mihai - Bremer Whyte Brown & O'Meara LLPIn my practice, I am fortunate enough to attend a real estate conferences on a regular basis. And, without exception, we always get a run down on hot trends/cases from industry leaders. Some issues that are being attacked in hot cases/trends are:
- Are the typical commission structures – e.g., the typical 5% to 6% divided in half – fair or creating an antitrust issue?
- Is MLS commission anti-competitive and artificially inflates commission rates?
- Can a buyer’s agent advertise/represent that it is working for its client for free, as generally happens and has been allowed?
- What is the impact of agent only showing their clients houses with higher typical commissions, like 6%? And how is this being advertised, pushed for and manipulated contrary to the interests of consumers?
There are currently some big, national cases that will likely bring about big changes in the entire national real estate community with regard to how real estate brokers’/agents’ commissions are determined, explained and advertised. These cases revolve around antitrust and alleged conspiracy claims – asserting that the use of commissions in today real estate markets are creating an overcharging to consumers and artificially manipulation of the market.
Read the court decisionRead the full story...Reprinted courtesy of
Rachel Mihai, Bremer Whyte Brown & O'Meara LLPMs. Mihai may be contacted at
rmihai@bremerwhyte.com
Court Finds No Occurrence for Installation of Defective flooring and Explains Coverage for Attorney Fee Awards
January 05, 2017 —
Christopher Kendrick & Valerie A. Moore – Haight Brown & Bonesteel LLPIn Navigators Specialty Ins. Co. v. Moorefield Const. (No.G050759, filed 12/27/16), a California appeals court held that the knowing installation of flooring over a vapor-emitting slab was not an accident or occurrence, entitling the insurer to reimbursement of money paid as damages to settle a construction defect suit. But the court further held that there was no right of reimbursement for the portion of money payable under the policy’s supplementary payments coverage as costs for contractual prevailing party attorney’s fees.
Navigators insured Moorefield, the general contractor for a Best Buy store. Testing in construction revealed a vapor emission rate from the concrete slab above the approved standard for the flooring. The contractor’s personnel testified that it was normal to install the flooring regardless. Notwithstanding, the contractor’s personnel testified that they consulted the owner and were directed to proceed. In doing so, the contractor also expressly released the flooring subcontractor from any warranty claims.
Reprinted courtesy of
Christopher Kendrick, Haight Brown & Bonesteel LLP and
Valerie A. Moore, Haight Brown & Bonesteel LLP
Mr. Kendrick may be contacted at ckendrick@hbblaw.com
Ms. Moore may be contacted at vmoore@hbblaw.com
Read the court decisionRead the full story...Reprinted courtesy of
Construction Contract Provisions that Should Pique Your Interest
September 30, 2019 —
Christopher G. Hill - Construction Law MusingsConstruction contracts are a big part of my legal practice and the drumbeat here at Construction Law Musings. Why? Because not only does your construction contract set the expectations and “rules of the game” for a construction project, it will be read strictly and literally by the Virginia courts should there be a dispute. For these reasons, construction professionals need to be alert for the language in certain key clauses in a construction contract to assure that these clauses are as balanced as possible and also well understood. Here are my “Top Five”:
- “Pay if Paid”- These clauses are almost always in the subcontracts between a general contractor and a subcontractor and are enforceable in Virginia if drafted correctly and under the proper circumstances.
- Change Orders- Whether work is subject to a change order and the required payment for any changed work are often a key source of contention (read legal fees). A properly drafted and followed change order provision can help avoid much of this contention.
- Indemnity- Much has been made in recent years about indemnity provisions and their enforceability. All parties in the construction payment chain can and should be aware of how to best draft their indemnity provisions to make them enforceable. Failure to do so can be catastrophic.
Read the court decisionRead the full story...Reprinted courtesy of
The Law Office of Christopher G. HillMr. Hill may be contacted at
chrisghill@constructionlawva.com
New York Appellate Court Holds Insurer’s Failure to Defend Does Not Constitute a “Reasonable Excuse” Required to Overturn Judgment
January 21, 2019 —
Timothy Carroll & Anthony Miscioscia - White and WilliamsA recent opinion by the New York Supreme Court, Appellate Division (Second Department) highlights the potential risks for an insurer leaving an insured unrepresented while the insurer pursues other parties or insurers who may be primarily responsible for defending the insured. In refusing to overturn a default judgment entered against an insured while its insurer knew that a complaint had been filed but refused to defend, the New York court’s decision raises questions about how claims adjusters are to effectively manage new claims to prevent a default judgment being entered against the insured, while at the same time ensuring that the appropriate party or insurance company handles the insured’s defense.
In Kaung Hea Lee v. 354 Management Inc., 2018 N.Y. App. Div. LEXIS 7749 (N.Y. App. Div. Nov. 14, 2018) (354 Management) the underlying plaintiffs obtained a default judgment against the defendant insured due to its failure to answer the plaintiffs’ complaint. The plaintiffs then moved to determine the extent of damages to which they were entitled by virtue of the default judgment. The defendant opposed that motion, relying on an affidavit from a senior liability claims adjuster employed by the defendant’s insurer. “In the affidavit, the claim adjuster stated that she did not assign an attorney to answer the complaint because the codefendant . . . was contractually obligated to defend and indemnify the defendant [insured], and she had been attempting to have either [the codefendant] or its insurer provide an attorney” for the defendant. However, it was determined that the claims adjuster knew about the plaintiffs’ complaint two weeks after the plaintiffs served it on the defendant and months before the plaintiffs moved for default judgment. Despite this knowledge, the defendant’s insurer did not provide a defense or, apparently, obtain an extension of time to respond to the complaint, which led to the default judgment.
Reprinted courtesy of
Timothy Carroll, White and Williams and
Anthony Miscioscia, White and Williams
Mr. Carroll may be contacted at carrollt@whiteandwilliams.com
Mr. Miscioscia may be contacted at misciosciaa@whiteandwilliams.com
Read the court decisionRead the full story...Reprinted courtesy of
Why Federal and State Agencies are Considering Converting from a “Gallons Consumed” to a “Road Usage” Tax – And What are the Risks to the Consumer?
August 26, 2015 —
Roger Hughes – California Construction Law Blog“‘We’re going to have to find another way to finance the upkeep of the roads,’ Gov. Jerry Brown said earlier this year in rolling out his 2015 budget. Governor Brown gave no specifics, but last fall he signed a law that set up a commission to study a ‘road usage charge’ with a call to ‘establish a pilot program by Jan. 1, 2017…'” – San Jose Mercury News, January 27, 2015
This Change, It’s a Coming (Maybe)
Many states and the federal government are seriously considering converting from a “gallons consumed” tax levy to a “miles driven” program for determining gasoline tax. There are several compelling reasons for such a change. First, our roads are falling apart while revenue from current highway taxes fall woefully short of our current and projected needs. In the meantime, the number of miles driven by all-electric cars that pay no gas tax, is increasing rapidly; and by hybrids that pay substantially reduced tax; and worse for the taxing authorities, by increasingly efficient gas-powered cars. All of this means rapidly dropping gas tax revenues. Seeing this trend, local, state and the federal governments are making a major push to convert from a consumption based tax to a “miles driven” tax. This a good thing for those of us that believe increased investment in our transportation infrastructure is of high national concern.
Read the court decisionRead the full story...Reprinted courtesy of
Roger Hughes, Wendel Rosen Black & Dean LLPMr. Hughes may be contacted at
rhughes@wendel.com
