Archives: New + Now

Subscribe to New + Now RSS Feed

CCPA Amendment Details to Consider

In delving deeply into the California Consumer Privacy Act (CCPA), the Amendments recently signed by the California Governor, and the proposed Regulations issued by the California Attorney General, we thought it would be helpful to point out some details that are important to consider for compliance which are not obvious in the CCPA discussions we … Continue Reading

FBI Warns of E-Skimming Threats

For those of you that have websites that process online payments (such as retail, hospitality, health care, entertainment and utilities), the Federal Bureau of Investigation (FBI) recently issued a warning about e-skimming threats to those websites. E-skimming occurs when an attacker introduces malicious code on the website to obtain in real time debit and credit … Continue Reading

NSA Warns of Hackers Attacking VPN Service Applications

The National Security Agency issued an advisory last week to warn companies and users that nation-state actors are actively exploiting vulnerabilities in several virtual private network (VPN) service applications to obtain access to users’ devices. The hackers are leveraging vulnerabilities in older versions of VPN applications, and if successful, the attackers can then remotely execute … Continue Reading

Department of Defense Subcontractors: Cybersecurity Compliance is Top Priority

The Office of the Under Secretary of Defense for Acquisition and Sustainment has been on a fast track mission to shore up the cybersecurity measures of defense contractors and the supply chain to the Department of Defense (DOD). It is in the process of developing a Cybersecurity Maturity Model Certification (CMMC) requirement for those vendors. … Continue Reading

Important Tool in Your Box: Spam Filter

I have been hanging out a lot with Chief Information Officers (CIO) and Chief Information Security Officers (CISO) these days at speaking engagements and conferences, as October – National Cybersecurity month – is always busy. The topic that keeps coming up in these conversations is phishing and how most ransomware attacks are started because an … Continue Reading

Survey Shows Fewer than 1/3 of Employees Receive Annual Cyber Training

Despite the fact that security experts have emphasized the importance of cyber education and training as a preventive measure to protect against a devastating data breach, Chubb’s Third Annual Cyber Risk Survey finds that only 31 percent of employees in the businesses surveyed receive cyber training and education on an annual basis. According to the … Continue Reading

Keep Privacy Shield Certification on the Radar Screen

After all of the GDPR compliance assessments, implementation and hullaballoo in the last year or so, many companies chose to certify that they are compliant with the EU-U.S. Privacy Shield framework rather than implementing a full-blown GDPR compliance program. To attain Privacy Shield certification, companies must submit an application and certify that when consumer data … Continue Reading

Initial Coin Offerings (ICOs) on SEC’s Radar

This month, the Securities and Exchange Commission (SEC) announced that it has entered into a settlement with SimplyVital Health, Inc., a blockchain company that offered and sold approximately $6.3 million worth of securities to the public. The SEC alleged that the plan to conduct an initial coin offering (ICO) to raise money to develop a … Continue Reading

Can You Really Protect Against Ransomware?

We’ve written a few times recently about municipalities, companies, and government agencies hit with ransomware attacks this year. In early July, it was reported that a court system in Georgia was attacked with ransomware, causing lawyers, court employees and the public to have to rely on “old school” paper to file pleadings and keep the … Continue Reading

Clever Call Center Concept

My husband was recently booking some travel for us and had an interesting experience that he thought was worth sharing. While he was providing his credit card number to the person who was assisting with the booking, that person told him before he gave the credit card number and CVV number to wait a moment, … Continue Reading

Pay Attention to Your Firewalls

After the Capital One data breach, which was reportedly caused by an improperly configured firewall, every company should be paying attention to its firewalls. This is not the first data breach that has occurred because a firewall was not properly in place for data stored in the Cloud. I’m a lawyer, and I know very … Continue Reading

Business Email Compromises Bilking U.S. Companies Out of $301M Per Month

The United States Treasury Department came out with a report last week that concludes that business email compromises (BEC) are costing U.S. companies more than $301 million per month. The report confirms that the two industries hit the hardest by these scams are manufacturing and construction. The report, issued by the Treasury Department’s Financial Crimes … Continue Reading

Cities Consider Banning the Use of Facial Recognition Technology

In the footsteps of San Francisco’s ban of the use of facial recognition technology, the cities of Somerville, Massachusetts, Oakland, California, and Berkeley, California are considering banning the use of facial recognition technology by municipal agencies. The proposed ban is in the midst of more and more cameras and smart technology being used for traffic … Continue Reading

A Value Add to Employee Security Education: Mobile Apps

While we have been talking about the very important message of educating employees about data security, I find that giving employees tips about their personal data security keeps them interested and engaged during education sessions. It is surprising how little people in general, and employees specifically, know about their personal devices and the security of … Continue Reading

Employers and Wellness Plans: Questions about Quest Breach?

Last week, we wrote that Quest Diagnostics reported in a security filing that a collection agency performing collections for the company had suffered an intrusion that exposed almost 12 million individuals’ personal and financial information [view related post]. Another lab company reported days later that it was notified that the information of 8 million of … Continue Reading

CCPA Update

We have been watching all of the activity around the proposed amendments to the California Consumer Privacy Act (CCPA) to see where the law settles to assist with compliance. Not surprisingly, but nonetheless important to know, is the fact that the California Assembly on May 29, 2019, unanimously passed an amendment to CCPA that excludes … Continue Reading

Questions to Consider Asking Your Broker About Cyberliability Coverage

One of the first questions we ask our clients when they call about a security incident is whether they have insurance that may cover the costs associated with investigating the incident, potential forensic analysis, and coverage for a data breach. Sometimes the client will say “Yes, we have cyber coverage.” However, when reviewing the coverage … Continue Reading
LexBlog