The U.S. Securities and Exchange Commission (“SEC”) recently identified cyberthreats as an enforcement priority (see 2021 Examination Priorities). Within months of the Commission’s announcement, the Commission brought three enforcement actions* which resulted in sanctions against eight investment advisory firms who failed to report cyber related attacks, failed to adopt, or failed to implement proper cybersecurity policies in
Continue Reading A Cybersecurity Wake Up Call: SEC Sanctions Eight Firms for Cybersecurity Deficiencies
Data Breach
The Invaluable Benefits of Multi-Factor Authentication
The need to input a username and password when logging into a computer is a “single factor” authentication. But, from a security perspective, that single factor authentication only goes so far. Consider, for example, the ramifications if a hacker steals or guesses your username and password. What information could be compromised?
For law firms, cybercrime and data breaches have become…
Continue Reading The Invaluable Benefits of Multi-Factor Authentication
Phishing Risks Associated with Social Media
With the ever evolving cyber threats, it is important to we understand our social media accounts and the way in which they make us vulnerable.
Social media (i.e., Facebook, Instagram, WhatsApp, Snapchat…) is free to members because the companies make money by selling targeted advertisements to their users. Ever wonder why, after “liking” a particular pair of shoes that advertisements…
Continue Reading Phishing Risks Associated with Social Media
What is New York’s Data Breach Notification Statute? And Does it Impact Me?
As mentioned in my last blog post, there are data breach notification laws on the books in 48 states, including New York. On July 25, Governor Cuomo signed into law Senate Bill 5575, the “Stop Hacks and Improve Electronic Data Security Act” (the SHIELD Act), which had passed the Legislature on June 17, 2019.
The SHIELD Act amends New…
Continue Reading What is New York’s Data Breach Notification Statute? And Does it Impact Me?
Some Cyber-Musts For Maximizing Security
Although there are data breach notification laws on the books in 48 States that require companies to inform consumers about potential breaches, companies are loathe to make such disclosures. In fact, a data breach disclosure opens the door to litigation, invites scrutiny from investors and the consuming public, and hardly bodes well for a company’s reputation. But, the harsh reality…
Continue Reading Some Cyber-Musts For Maximizing Security
Due Diligence When Selecting a Vendor
When faced with the task of collecting, processing, reviewing and producing digital data, law firms (and clients) often retain outside vendors to assist. Depending on the vendor, and the circumstances of the retention, there may be a single vendor retained to handle the entire spectrum of client needs (i.e., from collection to production). Or, there may be a series of…
Continue Reading Due Diligence When Selecting a Vendor