Dec 06, 2018

Tackling the NYDFS Cybersecurity Regulation's Ongoing Challenges

With many of the provisions of the New York Department of Financial Services Cybersecurity Regulation now in effect, firms are looking ahead to the March 2019 deadline for meeting the law’s third-party requirements. The Cybersecurity Law Report hosted a complimentary webinar on best practices for compliance with the law. James Shreve, a partner at Thompson Coburn, and Shawn Malone, CEO of Security Diligence, joined The Cybersecurity Law Report’s Rebecca Hughes Parker to discuss, among other topics: regulatory expectations, third-party management challenges, how the regulation’s provisions lay a groundwork for various aspects of a cybersecurity program – such as records management systems and business continuation programs – and strategies for ensuring ongoing compliance.

    Jun 04, 2018

How to Maintain Effective and Secure Long-Term Vendor Relationships

Amy Terry Sheehan discussed how to effectively monitor, manage, update and maintain long-term third-party relationships with Kristina Bergman, CEO and founder of Integris Software, Karen Hornbeck, a senior manager at Consilio, and Aaron Tantleff, a partner at Foley & Lardner. They explored from both legal and technical perspectives how to identify potential gaps and overcome challenges with vendors due to changed circumstances, cyber incidents and new requirements and regulations, including the GDPR.

    Dec 12, 2017

Cyber Crisis Communication Plans: What Works and What to Avoid

As demonstrated by recent breaches, the publicity surrounding a cyber incident can cause more damage than just the technical problem itself, raising the stakes on a company’s response.  Jill Abitbol delved into cyber crisis communications plans with Siobhan Gorman, director at Brunswick Group, Brian Lapidus, the practice leader of Kroll’s identity theft and breach notification practice, and Seth Harrington, a partner at Ropes & Gray.

    Oct 16, 2017

Effective and Compliant Employee Monitoring

Monitoring data systems and employee digital activity is critical to reducing the significant cybersecurity risks that employees pose, but companies do need to make sure they comply with legal requirements when implementing surveillance programs.  Amy Terry Sheehan discussed effective notice, legal considerations, specific policies regarding BYOD, termination and remote employees, how to navigate contrasting rules and approaches in Europe, and more with Mike Pappacena, a managing director at ACA Aponix, Mary Dollarhide, a partner at DLA Piper, and Jennifer Rubin, a member of Mintz Levin.

    Sep 18, 2017

Multi-Factor Authentication for the Financial Sector

Rebecca Hughes Parker discussed balancing convenience with security, innovations in multi-factor authentication, using regulation and guidance, and best practices for implementing and improving online authentication systems with Cassio Goldschmidt, vice president at Stroz Friedberg, Jeremy Grant, managing director at Venable, and Chris Pierson, general counsel and chief security officer at Viewpost.