Richard Borden

Subscribe to all posts by Richard Borden

Connecticut Town Struck by Cyber Fraud

On January 17, 2017, officials in Farmington, Connecticut disclosed that the town was recently the victim of a multi-million dollar theft likely perpetrated by sophisticated cybercriminals operating in China. The thieves intercepted a $2 million dollar Automated Clearing House (ACH) transfer that was intended as payment to a local company for work on a large … Continue Reading

Employer Has No Legal Duty To Protect Employee Electronic Information

A court in Pennsylvania recently held that an employer does not have a legal duty to act reasonably in managing its computer systems to safeguard sensitive personal information collected from its employees, when the employer elects, for purposes of its own business efficiencies, to store and manage such sensitive employee data on its internet-accessible computer … Continue Reading

The State of Cybersecurity in 2016 and the (potential) Great Cyber Fire

Cybersecurity hit the news hard in 2016. The number of high profile, and troubling, cyber incidents increased significantly. The Democratic National Committee and one of Clinton’s top advisor’s being hacked, with leaked emails by Russia, according to intelligence reports, may have influenced the U.S. election. Theft of document from the Mossack Fonseca law firm in … Continue Reading

New York Cybersecurity Regulation Delayed

The New York Department of Financial Services (NYDFS) will delay the effective date of their proposed cybersecurity regulation until March 1, 2017. A new draft of the proposed regulation will be published on December 28, 2016, with an anticipated 30 day comment period. The original proposed regulation met with significant resistance, including reportedly more than … Continue Reading

FTC Complaint Made Against Genesis Toys and Nuance Communications

On December 6, 2016, The Electronic Privacy Information Center, The Campaign for a Commercial Free Childhood, The Center for Digital Democracy and Consumers Union filed a Complaint and Request for Investigation, Injunction and Other Relief (Complaint) with the Federal Trade Commission (FTC) against Genesis Toys (Genesis) and Nuance Communications (Nuance) regarding alleged violations of the … Continue Reading

Phishing as a Service

A recent report from Imperva, Inc. has identified a Phishing as a Service (PhaaS) being offered on a Russian website. The United States Computer Emergency Readiness Team defines phishing as “an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear … Continue Reading

The Cyber Regulation Drops

On September 13, 2016, Governor Andrew Cuomo announced the first proposed broadly applicable cyber regulation in the U.S. (the “Regulation”). The Regulation covers banks, insurance companies and other financial institutions (Covered Entities) regulated by the New York Department of Financial Services (the “DFS”). The Regulation is tightly focused, but with broad reach. It appears to … Continue Reading

The (Regulated) Rise of the CISO

The proposed New York Department of Financial Services Cybersecurity Requirements for Financial Institutions (the “Regulation”) has many different aspects that are designed to bring about overall improvement in cybersecurity programs. One that has yet to be explored is how the Regulation elevates the role of the Chief Information Security Officer (the “CISO”) beyond the traditional … Continue Reading

Authors’ Events

In addition to their legal practice and involvement with the blog, our Data Privacy + Security Team members regularly serve as presenters at topic-related seminars, and participate on panels that discuss developments in the area. Following, are several upcoming speaking engagements: October 11 & 12 – InfoGovCon in Providence, RI (Linn F. Freedman) October 24 … Continue Reading

NIST Recommends against SMS as Second Authentication Factor

On July 29, Paul Grassi, the Senior Standards and Technology Advisor at the National Institute of Standards and Technology (NIST) posted an unusual blog regarding the new draft NIST Special Publication 800-63-3: Digital Authentication Guideline. The main issue that has created significant commentary by the press and businesses is NIST’s “deprecation” of using SMS (text messages) … Continue Reading

Auto-ISAC announces automotive cybersecurity best practices

Members of the Automotive Information Sharing and Analysis Center (Auto-ISAC) recently released an overview of comprehensive Automotive Cybersecurity Best Practices developed as a proactive measure to further enhance vehicle cybersecurity throughout the industry. Cybersecurity has been a significant concern in the automotive industry, especially since the Wired article in July, 2015 that described hackers remotely … Continue Reading

Black Hat reports increase in cybersecurity concerns

The 2016 Black Hat Attendee Survey was published in advance of the 2016 Black Hat Conference.  Not surprisingly, the respondents to the survey conveyed an increased concern regarding security breaches versus 2015. An alarming 72% of respondents believe it likely that their organizations will have to deal with a major data breach in the year … Continue Reading

Wells Fargo Unveils Plan to Better Protect Small Business Customer Account Information

On June 7, Wells Fargo announced a partnership with software firm, Xero, that is intended to allow small businesses to share bank information without sharing their bank passwords with third parties, such as Quicken, who provide services to the business customers.  The small business customers will log into Xero’s website using a different account designation … Continue Reading

SWIFT CEO announces customer security programme

Following a series of thefts from international banks utilizing the Society for World Interbank Financial Telecommunication (SWIFT) communication system, the Chief Executive Officer of SWIFT announced a sweeping five part plan to “reinforce the security of our shared global financial system.” The five part plan includes: Improve information sharing among the global financial community; Harden … Continue Reading

Is CaaS the solution for privacy and security in the SaaS world?

Companies are under tremendous pressure to reduce IT costs. Cloud and Software as a Service (SaaS) offer significant potential cost reductions through the use of shared infrastructure and standardized software offerings. However, there are often significant concerns if the service or application stores or processes Personally Identifiable Information, important intellectual property, other sensitive information, the … Continue Reading

PCI DSS version 3.2 contains substantial changes for payment card processors and their service providers

In April, 2016, the Payment Card Industry Security Standards Council published a new version of the PCI Data Security Standard (PCI DSS). PCI DSS Version 3.2 is intended to emphasize the importance of validating the existence and testing effectiveness of security controls for parties in the payment card collection and processing chain. The changes are … Continue Reading
LexBlog