SEC Recommendations to Protect Against Cybersecurity Threats
March 09, 2020 —
Shaia Araghi and Jeffrey Dennis – Newmeyer DillionWhat Happened?
The Securities and Exchange Commission's Office of Compliance Inspections and Examinations ("OCIE") issued a detailed
report on January 27, 2020 regarding various ways for organizations to safeguard data and protect against security and data breaches. Cyber threat actors are now invading data in a more sophisticated manner than ever before, and implementation of the SEC's recommended practices are essential in order to protect from outside vulnerabilities.
What is at Risk?
If market participants fail to implement these recommended policies, they will become more vulnerable to external attacks and data breaches. This can weaken an organization or firm if all employees are not properly trained and informed of the increasing dangers of cybersecurity breaches.
What Can You Do to Protect Yourself from a Cybersecurity Threat?
1.
Governance and Risk Management. Senior leaders should make efforts to improve the cyber safety at their organization. Some of these efforts may include:
- Devote attention to overseeing the organization's cybersecurity and resilience programs;
- Develop a risk assessment process to identify and mitigate cybersecurity risks to the organization;
- Adopt and implement policies and procedures regarding these risks;
- Promptly respond and adapt to changes by updating policies and procedures when necessary; and
- Establish communication policies and procedures to provide timely information to customers, employees, and others when needed.
2.
Access Rights and Controls. Implement updated controls to determine appropriate users for organization systems, limit access as appropriate to authorized users (including the set-up of multi-factor authentication) and monitor user access.
3.
Data Loss Prevention. OCIE has recommended various important data loss prevention measures for organizations:
- Establish a vulnerability management program;
- Implement capabilities that can monitor network traffic and detect threats on endpoints;
- Establish a patch management program covering all software and hardware;
- Maintain an inventory of hardware and software assets;
- Encrypt data and implement network segmentation;
- Create an insider threat program to monitor any suspicious behaviors; and
- Secure legacy systems and equipment through disposal of sensitive information from hardware and software and by reassessing vulnerability and risk assessments.
4.
Mobile Security. Establish policies and procedures for mobile device use, manage use of mobile devices through a mobile device management application, implement security measures for internal and external users, and train employees on mobile device policies and effective practices.
5.
Incident Response and Resiliency. Detect and disclose material information regarding incidents in a timely manner and assess appropriateness of corrective actions taken in response to incidents. Organizations should develop a plan if an incident occurs, address applicable reporting requirements, assign staff to execute specific areas of the plan, and test and assess the plan. In the event that a data breach occurs, an organization should improve its resiliency by maintaining an inventory of core business services and prioritizing business operations based on an assessment of risks.
6.
Vendor Management. Establish a vendor management program to ensure that vendors meet your organization's security requirements. Organizations should aim to understand all contract terms with vendors to ensure that all parties are in agreement regarding risk and security. Organizations should also monitor third-party vendors and ensure that the vendor continues to meet the organization's security requirements.
7.
Training and Awareness. Train staff to implement cybersecurity policies of the organization. Organizations should provide cybersecurity and resiliency training and re-evaluate the effectiveness of training procedures.
A Final Reminder for Organizations
Organizations should strive to implement as many of the SEC's recommended protection measures as possible. Ensuring that senior members of an organization are leading the initiative in increased awareness about cybersecurity threats through training of employees will lead to greater cyber safety for the overall organization. Although prevention of all breaches cannot be guaranteed, developing data loss prevention plans to keep the organization and its core businesses safe from attack will benefit the entire organization.
How We Can Help
If you feel that your business falls below the SEC's recommended security measures, our firm can assist with compliance. Contact us for a free initial consultation to determine a reasonable and practical way for your business to become compliant with these guidelines.
Shaia Araghi is an associate in the firm's Privacy & Data Security, and supports the team in advising clients on cyber-related matters, including compliance and prevention that can protect their day-to-day operations. For more information on how Shaia can help, contact her at shaia.araghi@ndlf.com.
Jeff Dennis (CIPP/US) is the Head of the firm's Privacy & Data Security practice. Jeff works with the firm's clients on cyber-related issues, including contractual and insurance opportunities to lessen their risk. For more information on how Jeff can help, contact him at jeff.dennis@ndlf.com.
About Newmeyer Dillion
For 35 years, Newmeyer Dillion has delivered creative and outstanding legal solutions and trial results that achieve client objectives in diverse industries. With over 70 attorneys working as a cohesive team to represent clients in all aspects of business, employment, real estate, environmental/land use, privacy & data security and insurance law, Newmeyer Dillion delivers holistic and integrated legal services tailored to propel each client's success and bottom line. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California and Nevada, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.newmeyerdillion.com.
Read the court decisionRead the full story...Reprinted courtesy of
Bad Welds Doom Art Installation at Central Park
October 30, 2013 —
CDJ STAFFLast year, the sculpture “How I Roll” was supposed to be doing its rolling at Central Park from June through August of last year, but the exhibit was taken down a month early, over concerns that the welding had rendered the moving piece “structurally unsound and unsafe.” Now the Public Art Fund is suing the company hired to do the welding.
Titon Builders of Lake Park, Florida was supposed to do the welding, but they subcontracted the work to Tru-Steel Corp. of Fort Pierce, Florida. The Public Art Fund is claiming that Titon’s contract obligated them to do the fabrication, not subcontract it. Jeffrey Klein, a lawyer for the Public Art Fund, said, “it’s sad that it had to be taken down because of shoddy workmanship.”
Read the court decisionRead the full story...Reprinted courtesy of
40 Year Anniversary – Congratulations Ed Doernberger
November 23, 2016 —
Tracy Alan Saxe - Saxe Doernberger & Vita, P.C.Forty years ago, on the Big Island of Hawaii,
Edwin L. Doernberger was sworn in as an attorney. Fifteen years ago, Ed rejoined two former partners to help build an exciting new boutique insurance policyholder practice. Today, Saxe Doernberger & Vita is pleased to celebrate the 40th anniversary of its most distinguished partner.
“Ed’s energy and enthusiasm are undiminished,” said co-founder and Managing Partner, Tracy Alan Saxe. “He’s still one of the firm’s most active litigators.” Ed has extensive appellate experience, having argued before the Connecticut and Hawaii Supreme and Appellate Courts, New York Appellate Courts, and the Second and Ninth Circuits.
Read the court decisionRead the full story...Reprinted courtesy of
Tracy Alan Saxe, Saxe Doernberger & Vita, P.C.Mr. Saxe may be contacted at
tas@sdvlaw.com
Netflix Plans $900M Facility At Former New Jersey Army Base
January 23, 2023 —
The Associated Press (Wayne Parry) - Bloomberg(AP) -- Netflix said Wednesday it plans to build a state-of-the-art production facility at a former Army base at the Jersey Shore that will cost more than $900 million, and create thousands of jobs.
The subscription video streaming company will pay $55 million for a 292-acre site on the former Fort Monmouth military base in Eatontown and Oceanport.
The California-based company plans an additional $848 million worth of investments in 12 sound stages and for other uses related to the film industry.
“We’re thrilled to continue and expand our significant investment in New Jersey and North America,” said Ted Sarandos, the company's co-CEO and chief content officer. “We believe a Netflix studio can boost the local and state economy with thousands of new jobs and billions in economic output, while sparking a vibrant production ecosystem in New Jersey.”
Read the court decisionRead the full story...Reprinted courtesy of
Bloomberg
New Homes in Palo Alto to Be Electric-Car Ready
October 01, 2013 —
CDJ STAFFElectric cars are still fairly rare, but if you buy a new home in Palo Alto, you’ll have a place to charge it. The Palo Alto City Council has been enthusiastic about a measure that would require new homes to come wired for car chargers. The hope of the council is that the measure will make owning an electric car “convenient, easy and economical.”
If added to the construction process, the wiring adds about $200 to the cost of the home, far less than the cost of adding it to an existing home. In addition to considering changes in the building code, the city also considered measures that would allow for the operation of public charging stations.
Read the court decisionRead the full story...Reprinted courtesy of
Finalists in San Diego’s Moving Parklet Design Competition Announced
September 03, 2014 —
Beverley BevenFlorez-CDJ STAFFThe city of San Diego together with the Downtown San Diego Partnership sponsored the Moving Parklet Design competition, and the winning design will be built and “used in public areas and legally permitted parking spaces throughout downtown San Diego to add a new and unique gathering space for the community,” according to the San Diego Source.
A mobile parklet “is a small, innovative park that can move from location to location.” The winning team is chosen by facebook voters and will receive $5,000.
Read the court decisionRead the full story...Reprinted courtesy of
New York’s Highest Court Reverses Lower Court Ruling That Imposed Erroneous Timeliness Requirement For Disclaimers of Coverage
June 18, 2014 —
Robert F. Walsh and Paul A. Briganti – White and Williams LLPOn June 10, 2014, the New York Court of Appeals (the state’s highest court) issued a unanimous decision in KeySpan Gas East Corp. v. Munich Reinsurance America, Inc. (No. 110, June 10, 2014), reversing a lower court decision which had erroneously imposed on insurers a duty to disclaim coverage for property damage claims as soon as possible or risk waiving their coverage defenses. White and Williams represented one of the insurance company defendants in the action.
The case involved an action against three excess insurers for insurance coverage for underlying environmental claims arising from Manufactured Gas Plant sites. Upon receiving notice of the underlying claims, the three insurers reserved their rights to deny coverage on various grounds, including late notice of an occurrence, pending an investigation. The insurers ultimately denied coverage on the basis of late notice several years later based on information developed in discovery in the litigation. The policyholder/plaintiff KeySpan argued that the insurers had unreasonably delayed in issuing their disclaimers and that there was a triable issue of fact on whether such a delay amounted to a waiver of the late notice defense.
Reprinted courtesy of
Robert F. Walsh, White and Williams LLP and
Paul A. Briganti, White and Williams LLP
Mr. Walsh may be contacted at walshr@whiteandwilliams.com; Mr. Briganti may be contacted at brigantip@whiteandwilliams.com
Read the court decisionRead the full story...Reprinted courtesy of
Your “Independent Contractor” Clause Just Got a Little Less Relevant
January 12, 2015 —
Garret Murai – California Construction Law BlogConstruction projects are complex, multi-partied, multi-disciplinary endeavors, in which subcontracting all or a portion of the work to be performed is not uncommon.
When subcontracting work, parties usually make it clear in their contracts that the party performing work is acting as an “independent contractor.” Here’s a fairly typical provision from the AIA A201 General Conditions:
The parties agree that the contractual relationship on Contractor to Owner is one solely of an independent contractor in all respects and that the Contract Documents do not in any way create a partnership, joint venture or any other relationship between Owner and Contractor other than the contractual relationship as specified in this Agreement.
These provisions are intended to shield the contracting party from claims that it is responsible for workers’ compensation premiums, retirement contributions, health care insurance, or other benefits provided for the benefit of employees of the company performing the work. Fair enough.
Read the court decisionRead the full story...Reprinted courtesy of
Garret Murai, Wendel Rosen Black & Dean LLPMr. Murai may be contacted at
gmurai@wendel.com
