SEC Recommendations to Protect Against Cybersecurity Threats
March 09, 2020 —
Shaia Araghi and Jeffrey Dennis – Newmeyer DillionWhat Happened?
The Securities and Exchange Commission's Office of Compliance Inspections and Examinations ("OCIE") issued a detailed
report on January 27, 2020 regarding various ways for organizations to safeguard data and protect against security and data breaches. Cyber threat actors are now invading data in a more sophisticated manner than ever before, and implementation of the SEC's recommended practices are essential in order to protect from outside vulnerabilities.
What is at Risk?
If market participants fail to implement these recommended policies, they will become more vulnerable to external attacks and data breaches. This can weaken an organization or firm if all employees are not properly trained and informed of the increasing dangers of cybersecurity breaches.
What Can You Do to Protect Yourself from a Cybersecurity Threat?
1.
Governance and Risk Management. Senior leaders should make efforts to improve the cyber safety at their organization. Some of these efforts may include:
- Devote attention to overseeing the organization's cybersecurity and resilience programs;
- Develop a risk assessment process to identify and mitigate cybersecurity risks to the organization;
- Adopt and implement policies and procedures regarding these risks;
- Promptly respond and adapt to changes by updating policies and procedures when necessary; and
- Establish communication policies and procedures to provide timely information to customers, employees, and others when needed.
2.
Access Rights and Controls. Implement updated controls to determine appropriate users for organization systems, limit access as appropriate to authorized users (including the set-up of multi-factor authentication) and monitor user access.
3.
Data Loss Prevention. OCIE has recommended various important data loss prevention measures for organizations:
- Establish a vulnerability management program;
- Implement capabilities that can monitor network traffic and detect threats on endpoints;
- Establish a patch management program covering all software and hardware;
- Maintain an inventory of hardware and software assets;
- Encrypt data and implement network segmentation;
- Create an insider threat program to monitor any suspicious behaviors; and
- Secure legacy systems and equipment through disposal of sensitive information from hardware and software and by reassessing vulnerability and risk assessments.
4.
Mobile Security. Establish policies and procedures for mobile device use, manage use of mobile devices through a mobile device management application, implement security measures for internal and external users, and train employees on mobile device policies and effective practices.
5.
Incident Response and Resiliency. Detect and disclose material information regarding incidents in a timely manner and assess appropriateness of corrective actions taken in response to incidents. Organizations should develop a plan if an incident occurs, address applicable reporting requirements, assign staff to execute specific areas of the plan, and test and assess the plan. In the event that a data breach occurs, an organization should improve its resiliency by maintaining an inventory of core business services and prioritizing business operations based on an assessment of risks.
6.
Vendor Management. Establish a vendor management program to ensure that vendors meet your organization's security requirements. Organizations should aim to understand all contract terms with vendors to ensure that all parties are in agreement regarding risk and security. Organizations should also monitor third-party vendors and ensure that the vendor continues to meet the organization's security requirements.
7.
Training and Awareness. Train staff to implement cybersecurity policies of the organization. Organizations should provide cybersecurity and resiliency training and re-evaluate the effectiveness of training procedures.
A Final Reminder for Organizations
Organizations should strive to implement as many of the SEC's recommended protection measures as possible. Ensuring that senior members of an organization are leading the initiative in increased awareness about cybersecurity threats through training of employees will lead to greater cyber safety for the overall organization. Although prevention of all breaches cannot be guaranteed, developing data loss prevention plans to keep the organization and its core businesses safe from attack will benefit the entire organization.
How We Can Help
If you feel that your business falls below the SEC's recommended security measures, our firm can assist with compliance. Contact us for a free initial consultation to determine a reasonable and practical way for your business to become compliant with these guidelines.
Shaia Araghi is an associate in the firm's Privacy & Data Security, and supports the team in advising clients on cyber-related matters, including compliance and prevention that can protect their day-to-day operations. For more information on how Shaia can help, contact her at shaia.araghi@ndlf.com.
Jeff Dennis (CIPP/US) is the Head of the firm's Privacy & Data Security practice. Jeff works with the firm's clients on cyber-related issues, including contractual and insurance opportunities to lessen their risk. For more information on how Jeff can help, contact him at jeff.dennis@ndlf.com.
About Newmeyer Dillion
For 35 years, Newmeyer Dillion has delivered creative and outstanding legal solutions and trial results that achieve client objectives in diverse industries. With over 70 attorneys working as a cohesive team to represent clients in all aspects of business, employment, real estate, environmental/land use, privacy & data security and insurance law, Newmeyer Dillion delivers holistic and integrated legal services tailored to propel each client's success and bottom line. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California and Nevada, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.newmeyerdillion.com.
Read the court decisionRead the full story...Reprinted courtesy of
Be Careful When Requiring Fitness for Duty Examinations
October 21, 2015 —
Craig Martin – Construction Contractor AdvisorFitness for Duty examinations can be an important part of an employer’s hiring and retention protocol. The Nebraska Supreme Court recently clarified when an employer may require applicants and employees to undergo fitness for duty examinations. In Arens v. Nebco, Inc., the court ruled that an employer must have a legitimate, nondiscriminatory reason for its demand that a current employee submit to a fitness for duty examination.
In this case, Lenard Arens suffered two significant injuries over the course of his 25 years of employment with Nebco. The second injury, a closed head injury, limited the type of work he could do and required written instructions due to short term memory loss. Arens was assigned to drive tractor-trailer trucks. Several years after returning to work, Arens had two minor accidents with his truck within a matter of days. Arens supervisor required him to undergo fitness for duty examination. Arens failed the fitness for duty examination and was terminated. Arens filed suit, claiming that Nebco discriminated against him by making him take a fitness for duty test.
Read the court decisionRead the full story...Reprinted courtesy of
Craig Martin, Lamson, Dugan and Murray, LLPMr. Martin may be contacted at
cmartin@ldmlaw.com
Manhattan to Get Tall, Skinny Tower
October 21, 2013 —
CDJ STAFFAt its narrowest, it’s going to be only sixty feet wide. And that will run 1,350 feet into the air. A new apartment tower is going up in New York, and one of its amenities will be that residents in the top floors will be able to look down on the Empire State Building. “It may be the skinniest building ever,” said Gregg Pasquarelli, the principal of SHoP Architects, the firm that designed the building. He estimates its ratio of height to width as “something like 25-to-1.”
For all its height, the building will be divided into about 100 units. As part of the development deal, the tower will incorporate and preserve the landmark Steinway Hall. The chair of the Landmarks Preservation Commission, Robert Tierney, described it as “the best of both worlds of new construction and design and historic preservation.”
Read the court decisionRead the full story...Reprinted courtesy of
AEM Pursuing ISO Standard for Earthmoving Grade-Control Data
March 09, 2020 —
Jeff Rubenstone - Engineering News-RecordCiting the growing and increasingly crowded field of grade-control systems and site-layout technology, the Association of Equipment Manufacturers (AEM) announced on Feb. 18 that it is working with the International Organization for Standardization (ISO) on a common standard for grade-control data sharing.
Jeff Rubenstone, Engineering News-Record
Mr. Rubenstone may be contacted at rubenstonej@enr.com
Read the full story... Read the court decisionRead the full story...Reprinted courtesy of
The Hidden Dangers of Construction Defect Litigation: A Redux
January 17, 2013 —
David McLain, Higgings, Hopkins, McLain & Roswell, LLCI previously wrote an article entitled “The Hidden Dangers of Construction Defect Litigation” for the Common Interests magazine, the monthly periodical of the Rocky Mountain Chapter of the Community Associations Institute. In that article, I discussed the potential negative effects of homeowners associations bringing construction defect suits as anything other than a last resort. The purpose of this post is to bring to light, by way of a real life example, the problems discussed in my previous article.
I have recently seen a lawsuit filed by an individual homeowner within a common interest community against the homeowners association, its management company, and the attorneys retained by the association to represent it in a construction defect lawsuit against the original developer, general contractor, and one of the design professionals. In his suit, the homeowner complains that the association’s construction defect attorneys “neglected to amend [their] complaint to include only and specifically the claims for damages for those properties, those buildings or condominium units, either by owner or specific locations, which had sustained damages or had faulty construction for which damages were being sought.” As a result of claiming damages throughout the entire community, the homeowner alleged that the entire community was tarred “with the black brush of litigation.”
As the homeowner explained in his complaint, he purchased a condominium for his daughter-in-law when she moved to Colorado to care for him after the death of his wife.
Read the court decisionRead the full story...Reprinted courtesy of
David McLainMr. McLain can be contacted at
mclain@hhmrlaw.com
No Duty to Indemnify Where No Duty to Defend
February 08, 2021 —
Tred R. Eyerly - Insurance Law HawaiiThe Montana Supreme Court held that because there was no duty to defend the insureds' intentional acts, the insurer had no duty to defend. Farmers Ins. Exch. v. Wessel, 2020 Mont. LEXIS 2617 (Mont. Dec. 22, 2020).
The insureds' property was accessed by Turk Road. Turk Road was also used by the neighbors to access their land. The insureds asked for permission to snowmobile across the neighbors' property. Permission was denied because the property was in a conservation easement which prohibited motorised used. The insureds' thereafter retaliated by not allowing the neighbors to use Turk Road. The neighbors then purchased an easement from another landowners to construct a new driveway which did not traverse the insureds' property. The insureds built snow berms and gates, felled trees, and created other obstacles to prevent the neighbors from using the new driveway. Physical threats were also made by the insureds.
Read the court decisionRead the full story...Reprinted courtesy of
Tred R. Eyerly, Damon Key Leong Kupchak HastertMr. Eyerly may be contacted at
te@hawaiilawyer.com
Insurer's Motion for Summary Judgment on Faulty Workmanship Denied
June 04, 2024 —
Tred R. Eyerly - Insurance Law HawaiiThe court found that the insurer failed to meet its burden on summary judgment seeking a judgment that faulty workmanship precluded coverge. Auto-Owners Ins., Co. v. AAA Discount Homes, LLC, 2024 U.S. Dist. LEXIS 48463 (S.D. Ga. March 19, 2024).
Heather Way sued AAA Discount Homes, LLC and Delta Transport & Management, Inc. for manufacturing defects found in a manufactured home which was delivered and assembled by Delta. Way had contracted with AAA for the construction, delivery, assembly, setting, tie down with brick underpinning steps and construction of front and back porches. AAA, assisted by Delta, delivered the home and assembled it, including raising the roof, over the course of a few days.
Subsequently, Way discovered extensive water damage and mold in the home. Way alleged that AAA and its subcontractors made careless, unsafe, and unsuccessful attempts at removing the old and repairing the water damage. The presence of chemicals in the home made it uninhabitable. Way alleged the home was improperly assembled by Delta and its negligence resulted in damages.
Read the court decisionRead the full story...Reprinted courtesy of
Tred R. Eyerly, Damon Key Leong Kupchak HastertMr. Eyerly may be contacted at
te@hawaiilawyer.com
Hawaii Supreme Court Finds Excess Can Sue Primary for Equitable Subrogation
July 30, 2015 —
Tred R. Eyerly – Insurance Law HawaiiIn responding to a certified question from the U.S. Distric Court, the Hawaii Supreme Court determined that an excess carrier can sue the primary carrier for failure to settle a claim in bad faith within primary limits. St. Paul Fire & Marine Ins. Co. v. Libery Mut. Ins. Co., 2015 Haw. LEXIS 142 (Haw. June 29, 2015).
St. Paul, the excess carrier, and Liberty Mutual, the primary carrier, issued polices to Pleasant Travel Service, Inc. The primary policy covered up to $1 million.
Pleasant Travel was sued for damages resulting from an accidental death. St. Paul alleged that Liberty Mutual rejected multiple pretrial settlement offers within the $1 million primary policy limit. A trial resulted in a verdict of $4.1 million against Pleasant Travel. The action settled for a confidential amount in excess of the Liberty Mutual policy limit. St. Paul paid the amount in excess.
Read the court decisionRead the full story...Reprinted courtesy of
Tred R. Eyerly, Insurance Law HawaiiMr. Eyerly may be contacted at
te@hawaiilawyer.com