Recent Issue Headlines
Vol. 4, No. 4 (Feb. 28, 2018)
Print This Issue
-
Identifying and Preparing for Ransomware Threats (Part One of Two)
With easy-to-use ransomware toolkits hitting the cybercrime market and more sophisticated hackers using novel attack strategies, companies should have a firm grasp of the current risks of ransomware and the measures they can take to proactively mitigate those risks. They also need to create an effective, comprehensive response plan if attacked. In this two-part article series, legal and technical experts share their insights on how to prepare for ransomware threats with effective cyber hygiene and planning. This first part covers the current methods of attack and their risks as well as prevention techniques and how to be prepared for the inevitability of one of these attacks. Part two will address effective response measures including bringing in the experts to understand what happened and why, and whether to pay a ransom. It will also look at how cryptocurrency is changing the landscape. See “Defending Against the Rising Threat of Ransomware in the Wake of WannaCry” (May 31, 2017).
Read full article … -
The GDPR’s Data Subject Rights and Why They Matter
Privacy rights, once more obscure, are now common topics both within and beyond legal circles. The European “right to be forgotten” is at the forefront of these discussions and it raises certain questions. What are the individual “data subject” rights under the E.U. General Data Protection Regulation? And why should U.S. organizations care? In this guest article, Frankfurt Kurnit partner Tanya Forsheit reviews the GDPR’s application to U.S. organizations, explains “data subjects” and “data subject rights” under the GDPR, and addresses how requests by E.U. data subjects to exercise some of their new rights might surface here in the U.S. and impact the daily lives of corporate lawyers and customer service departments. See also “Five Months Until GDPR Enforcement: Addressing Tricky Questions and Answers” (Dec. 20, 2017).
Read full article … -
How South Korea Regulates Cryptocurrency and Why U.S. Lawyers and Investors Should Take Notice
The Republic of Korea has recently required investors to have bank accounts under their real names in cryptocurrency transactions and imposed anti-money laundering requirements on banks with those exchanges. According to South Korea’s Financial Services Commission, which issued the regulation, the law aims to “curb cryptocurrency speculation and prevent cryptocurrencies from being exploited for illegal activities.” The Cybersecurity Law Report spoke with Nicolas Morgan, a partner at Paul Hastings, about why this fairly straightforward development in the often complicated world of cryptocurrency is noteworthy. See “Virtual Currencies Present Significant Risk and Opportunity, Demanding Focus From Regulators, According to CFTC Chair” (Feb. 14, 2018).
Read full article … -
SEC Confirms Cyber Disclosure Expectations in New Guidance
The SEC’s latest guidance emphasizes proper and full disclosures related to cybersecurity risks and incidents throughout relevant filings. In its “Statement and Guidance on Public Company Cybersecurity Disclosures,” the SEC stated that “informing investors about material cybersecurity risks and incidents in a timely fashion” even if they have “not yet have been the target of a cyber attack,” is critical. Some say that this guidance is repetitive of the SEC’s 2011 guidance on the topic, but the new guidance adds discussions related to cybersecurity policies and procedures as well as preventing insider trading tied to cybersecurity information. In this article, we analyze this guidance with advice on risk disclosures from EXL Chief Compliance Officer Nancy Saltzman. See also “Meeting Expectations for SEC Disclosures of Cybersecurity Risks and Incidents (Part One of Two)” (Aug. 12, 2015); Part Two (Aug. 26, 2015).
Read full article … -
FCA Head of Technology Outlines Regulator’s Cybersecurity Expectations and Three Key Lessons
The U.K. Financial Conduct Authority, like its U.S. counterpart the SEC, wants to ensure that financial firms are taking the necessary proactive steps to keep up with the growing and shifting cyber threats. In a recent speech, Robin Jones, FCA’s Head of Technology, Resilience & Cyber outlined ways for organizations to build effective cyber capability and accountability, protect critical information, detect cyber attacks and respond to them quickly and effectively. He also emphasized key lessons from recent high-profile attacks. For more on the FCA’s views on cybersecurity, see “FCA Director Lays Out Cybersecurity Expectations for Financial Services Firms” (Oct. 5, 2016).
Read full article … -
Financial Firms Must Supervise Their IT Providers to Avoid CFTC Enforcement Action
The CFTC recently announced a settlement with futures firm AMP Global Clearing LLC (AMP), which had tens of thousands of client records compromised after its IT vendor unknowingly installed a backup drive on AMP’s network that included an unsecured port. The settlement order requires AMP to cease and desist from future violations, pay a civil penalty of $100,000 and report to the CFTC for the next year on its efforts to improve its digital security. “As this case shows, the CFTC will work hard to ensure regulated entities live up to that responsibility, which has taken on increasing importance as cyber threats extend across our financial system,” said CFTC Director of Enforcement James McDonald. In particular, it is a reminder of the importance of monitoring third-party service providers. In this article, we analyze the case and relevant remedial steps AMP agreed to take. For more from the CFTC, see “Virtual Currencies Present Significant Risk and Opportunity, Demanding Focus From Regulators, According to CFTC Chair” (Feb. 14, 2018).
Read full article … -
Dykema Welcomes New Director of Global Data Privacy and Information Security Practice
Cinthia Granados Motley has joined Dykema as a member and director of its global data privacy and information security practice group in Chicago, the firm recently announced. For more from Dykema, see “Ten Steps to Minimize Data Privacy and Security Risk and Maximize Compliance” (Apr. 13, 2016).
Read full article … -
Former Federal Prosecutor Joins Murphy & McGonigle’s White Collar Practice in New York
Joseph Facciponti, a former prosecutor at the U.S. Attorney’s Office for the Southern District of New York, has joined the firm of Murphy & McGonigle as a shareholder in its New York office. For more from Murphy & McGonigle, see “Attorney-Consultant Privilege? Key Considerations for Invoking the Kovel Doctrine (Part One of Two)” (Nov. 16, 2016); Part Two (Nov. 30, 2016).
Read full article … -
CSLR to Moderate Panel at Skytop Strategies Cyber Risk Governance Conference
On March 13, 2018, CSLR Senior Editor Jill Abitbol will be moderating a panel on incident response: “Detection, Response and Remediation: The Pillars of Effective Cyber Breach Response,” at the Cyber Risk Governance conference hosted by Skytop Strategies in New York at the Time Warner Center, 10 On the Park, 60 Columbus Circle. The full-day discussion will focus on the ways that companies can proactively reduce the risk of a cyber breach, and all of the costs that follow (legal, reputational, fiduciary), in addition to addressing the growing likelihood of class action litigation for failure to upgrade cyber defenses. CSLR readers can receive a 25 percent discount using a code inside this article. For our coverage of the 2017 Cyber Risk Governance conference see “Preparing For Ransomware Attacks As Part of the Board’s Fiduciary Duty” (Mar. 8, 2017); “Goodbye to the Blame Game: Forging the Connection Between Companies and Law Enforcement in Incident Response” (Apr. 19, 2017).
Read full article …