SEC Recommendations to Protect Against Cybersecurity Threats
March 09, 2020 —
Shaia Araghi and Jeffrey Dennis – Newmeyer DillionWhat Happened?
The Securities and Exchange Commission's Office of Compliance Inspections and Examinations ("OCIE") issued a detailed
report on January 27, 2020 regarding various ways for organizations to safeguard data and protect against security and data breaches. Cyber threat actors are now invading data in a more sophisticated manner than ever before, and implementation of the SEC's recommended practices are essential in order to protect from outside vulnerabilities.
What is at Risk?
If market participants fail to implement these recommended policies, they will become more vulnerable to external attacks and data breaches. This can weaken an organization or firm if all employees are not properly trained and informed of the increasing dangers of cybersecurity breaches.
What Can You Do to Protect Yourself from a Cybersecurity Threat?
1.
Governance and Risk Management. Senior leaders should make efforts to improve the cyber safety at their organization. Some of these efforts may include:
- Devote attention to overseeing the organization's cybersecurity and resilience programs;
- Develop a risk assessment process to identify and mitigate cybersecurity risks to the organization;
- Adopt and implement policies and procedures regarding these risks;
- Promptly respond and adapt to changes by updating policies and procedures when necessary; and
- Establish communication policies and procedures to provide timely information to customers, employees, and others when needed.
2.
Access Rights and Controls. Implement updated controls to determine appropriate users for organization systems, limit access as appropriate to authorized users (including the set-up of multi-factor authentication) and monitor user access.
3.
Data Loss Prevention. OCIE has recommended various important data loss prevention measures for organizations:
- Establish a vulnerability management program;
- Implement capabilities that can monitor network traffic and detect threats on endpoints;
- Establish a patch management program covering all software and hardware;
- Maintain an inventory of hardware and software assets;
- Encrypt data and implement network segmentation;
- Create an insider threat program to monitor any suspicious behaviors; and
- Secure legacy systems and equipment through disposal of sensitive information from hardware and software and by reassessing vulnerability and risk assessments.
4.
Mobile Security. Establish policies and procedures for mobile device use, manage use of mobile devices through a mobile device management application, implement security measures for internal and external users, and train employees on mobile device policies and effective practices.
5.
Incident Response and Resiliency. Detect and disclose material information regarding incidents in a timely manner and assess appropriateness of corrective actions taken in response to incidents. Organizations should develop a plan if an incident occurs, address applicable reporting requirements, assign staff to execute specific areas of the plan, and test and assess the plan. In the event that a data breach occurs, an organization should improve its resiliency by maintaining an inventory of core business services and prioritizing business operations based on an assessment of risks.
6.
Vendor Management. Establish a vendor management program to ensure that vendors meet your organization's security requirements. Organizations should aim to understand all contract terms with vendors to ensure that all parties are in agreement regarding risk and security. Organizations should also monitor third-party vendors and ensure that the vendor continues to meet the organization's security requirements.
7.
Training and Awareness. Train staff to implement cybersecurity policies of the organization. Organizations should provide cybersecurity and resiliency training and re-evaluate the effectiveness of training procedures.
A Final Reminder for Organizations
Organizations should strive to implement as many of the SEC's recommended protection measures as possible. Ensuring that senior members of an organization are leading the initiative in increased awareness about cybersecurity threats through training of employees will lead to greater cyber safety for the overall organization. Although prevention of all breaches cannot be guaranteed, developing data loss prevention plans to keep the organization and its core businesses safe from attack will benefit the entire organization.
How We Can Help
If you feel that your business falls below the SEC's recommended security measures, our firm can assist with compliance. Contact us for a free initial consultation to determine a reasonable and practical way for your business to become compliant with these guidelines.
Shaia Araghi is an associate in the firm's Privacy & Data Security, and supports the team in advising clients on cyber-related matters, including compliance and prevention that can protect their day-to-day operations. For more information on how Shaia can help, contact her at shaia.araghi@ndlf.com.
Jeff Dennis (CIPP/US) is the Head of the firm's Privacy & Data Security practice. Jeff works with the firm's clients on cyber-related issues, including contractual and insurance opportunities to lessen their risk. For more information on how Jeff can help, contact him at jeff.dennis@ndlf.com.
About Newmeyer Dillion
For 35 years, Newmeyer Dillion has delivered creative and outstanding legal solutions and trial results that achieve client objectives in diverse industries. With over 70 attorneys working as a cohesive team to represent clients in all aspects of business, employment, real estate, environmental/land use, privacy & data security and insurance law, Newmeyer Dillion delivers holistic and integrated legal services tailored to propel each client's success and bottom line. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California and Nevada, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.newmeyerdillion.com.
Read the court decisionRead the full story...Reprinted courtesy of
2017 Construction Outlook: Slow, Mature Growth, but No Decline, Expected
December 21, 2016 —
Garret Murai – California Construction Law BlogAs we count down the remaining days of 2016 (thank God) it’s time to think about what the new year will bring (I’m good with pretty much anything at this point).
The economists at Dodge Data & Analytics have a few predictions. According to their 2017 Dodge Construction Outlook, they predict that U.S. construction starts will increase modestly in 2017, up 5% to $713 billion, after rather anemic growth in 2016 following several years of steady growth.
According to Robert Murray, chief economist for Dodge Data & Analytics, while the first half of 2016 lagged behind construction activity in 2015, that shortfall grew smaller as the year progressed, easing concern that the construction industry might be in the early stage of a cyclical decline. Rather, according to Murray, it appears that the construction industry has now entered a more mature phase of expansion, one characterized by slower rates of growth than during the 2012-2015 period and that construction spending can be expected to see moderate gains through 2017 and beyond[.]
Read the court decisionRead the full story...Reprinted courtesy of
Garret Murai, Wendel Rosen Black & Dean LLPMr. Murai may be contacted at
gmurai@wendel.com
Slow Down?
December 03, 2024 —
Daniel Lund III - LexologyAbsolutely not, said the Louisiana Fifth Circuit Court of Appeal to a masonry subcontractor being sued for allegedly improperly refusing to honor a subcontract bid.
A general contractor preparing its overall bid for a public project in Jefferson Parish relied in the process on the defendant masonry subcontractor’s bid. After a public bid process and receiving the award of the project, the general contractor was informed by the subcontractor that it believed that the unit price form that had been supplied to the sub “contained inaccuracies.” Notwithstanding offers by the GC to endeavor to address the purported “inaccuracies” during the project, most likely by a change order, the subcontractor refused to execute its subcontract. The general contractor then awarded the masonry work to another subcontractor for $368,222 more than the original sub’s bid.
The GC filed suit – for recovery of $368,222 – against the defendant subcontractor during the course of the public project. The defendant sub objected, arguing to the court that the lawsuit was “premature.” At the heart of the prematurity argument: the sub urging that the general contractor filed suit before its right to recover damages had accrued.
Read the court decisionRead the full story...Reprinted courtesy of
Daniel Lund III, PhelpsMr. Lund may be contacted at
daniel.lund@phelps.com
Florida “get to” costs do not constitute damages because of “property damage”
August 11, 2011 —
CDCoverage.comIn Palm Beach Grading, Inc. v. Nautilus Ins. Co., No. 10-12821 (11th Cir. July 14, 2011), claimant general contractor Palm Beach Grading (?PBG?) subcontracted with insured A-1 for construction of a sewer line for the project.  A-1 abandoned its work and PBG hired another subcontractor to complete construction of the sewer line.  The new subcontractor discovered that A-1?s work was defective requiring repair and replacement of portions of the sewer line which also required the destruction and replacement of surrounding work.�
Read the full story…
Reprinted courtesy of CDCoverage.com
Read the court decisionRead the full story...Reprinted courtesy of
Reaffirming the Importance of Appeal Deadlines Under the Contract Disputes Act
January 26, 2017 —
Chadd Reynolds – Autry, Hanrahan, Hall & Cook, LLPA recent United States Court of Federal Claims (“COFC”) decision emphasizes the importance of deadlines for appealing a contracting officer’s (“CO”) decision under the Contract Disputes Act (“CDA”). On July 22, 2016, the COFC granted the consolidation of two naval contract dispute appeals totaling nearly $12.4 million in response to Nova Group/Tutor-Saliba’s (“NTS”) motion to resolve two Requests for Equitable Adjustment (“REA”) in the same forum. See Nova Group/Tutor-Saliba v. United States, No. 15-885C, 2016 WL 4009886, at *5 (Fed. Cl. July 22, 2016). NTS’s motion before the COFC sought to transfer an appeal of a REA before the COFC to the Armed Services Board of Contract Appeals (“ASBCA”), where another appeal of a REA arising under the same contract was presently on appeal. The COFC rejected NTS’s appeal to transfer the REA to the ASBCA because NTS did not appeal the REA within the 90-day limit under the CDA. Instead, the COFC allowed NTS to transfer the REA before the ASBCA to the COFC because timeliness was not an issue.
Read the court decisionRead the full story...Reprinted courtesy of
Chadd Reynolds, Autry, Hanrahan, Hall & Cook, LLPMr. Reynolds may be contacted at
reynolds@ahclaw.com
Never, Ever, Ever Assume! (Or, How a Stuck Shoe is Like a Construction Project Assumption)
October 21, 2019 —
Melissa Dewey Brumback - Construction Law in North CarolinaThis summer, I had the fortune of taking a trip to Europe. The first place I visited was Amsterdam. A lovely town with a lot of culture and more canals than you can shake a stick at. I was meeting family there, but had hours to kill ahead of time. So, I decided to take the train from the airport into the City Centre, leave my bags at the train station luggage locker, and begin exploring.
My plan took its first misstep when I attempted to board the train. Not being in a hurry, I let the other passengers get on first. Sure, I noticed the train conductor blowing his whistle while I stepped onto the train, but figured I was fine since I was already on the steps up. Until, that is, the door began to close, with me in the doorway, suitcase in the train, one foot inside, and one foot mid step up to the cabin. The door closed on my backpack (which was still on my back), but I managed to force it into the train compartment. My shoe, however, was not quite as lucky. Part of my shoe made it inside, and part was outside the door.
No worry– just look for the door release mechanism, right? Wrong! There was none. The train started up, with my shoe still halfway in and halfway out of the train. (Luckily my foot itself made it inside all in one piece). The conductor came along to scold me, and told me that he could *probably* rescue my shoe once we got to Central Station. In the meantime, I sat on a nearby jump seat, keeping tabs on my shoe and fuming that this was *not* the way I planned to start my vacation. Long story short– the train conductor was able to salvage my shoe, but not without a lot of commentary on how I should never have boarded the train after the whistle blew. Lesson learned.
Read the court decisionRead the full story...Reprinted courtesy of
Melissa Dewey Brumback, Ragsdale Liggett PLLCMs. Brumback may be contacted at
mbrumback@rl-law.com
Spearin Doctrine as an Affirmative Defense
November 30, 2016 —
David Adelstein – Florida Construction Legal UpdatesThe Spearin doctrine, referred to as the implied warranty of constructability doctrine, is oftentimes utilized as an affirmative defense by a contractor being sued for construction defects. Under the Spearin doctrine (recognized in the government contract setting), a contractor is NOT liable for defects in the plans and specifications furnished by the owner if the contractor constructs the project pursuant to the plans and specifications. This is because the owner impliedly warrants the constructability of the plans and specifications it furnishes to the contractor. Hence, the contractor should not be liable for defective construction caused by the owner furnishing defective plans and specifications.
Read the court decisionRead the full story...Reprinted courtesy of
David Adelstein, Katz, Barron, Squitero, Faust, Friedberg, English & Allen, P.A.Mr. Adelstein may be contacted at
dma@katzbarron.com
What Buyers Want in a Green Home—and What They Don’t
March 19, 2014 —
Beverley BevenFlorez-CDJ STAFFJennifer Goodman interviewed researcher Suzanne Shelton to find out what buyers want in a green home and what they do not. The questions and answers were published in Big Builder. Shelton has studied “Americans’ thoughts on environmental and energy issues” for the last ten years.
Goodman wrote that while the term “high-performance” is often used by “builders and their advisors,” the term doesn’t resonate with buyers. In fact, in last fall’s Energy Pulse study, eighty-four percent of Americans said no when asked “if they could confidently and correctly explain the term ‘high-performance home’ to a friend.”
Goodman and Shelton also discussed the best way to market green features. Shelton pointed out that in surveys “energy-efficient home… clobbered ‘green home’ year over year.” Furthermore, she found that “80 percent of prospective home buyers tell us…all other things being equal, energy efficiency would impact their home selection.”
Read the court decisionRead the full story...Reprinted courtesy of
