Cybersecurity Legal Trends & Topics

Patch early, patch often!

Latest from Cybersecurity Legal Trends & Topics

Wipro, one of the world’s largest outsourcing companies, has confirmed that it was the subject of a cyberattack and that its attackers used – and may be continuing to use – access to Wipro’s systems to launch phishing campaigns against the company’s customers. The investigation is ongoing, but if you or your clients use Wipro, please be wary of any communications that appear to come from the company. Training for personnel is the first line…
Cybersecurity and data privacy remain at the top of the corporate agenda, and it is critical that executives stay ahead of the curve with the latest best practices in order to effectively respond when – not if – an data incident occurs. To that end, I am pleased to offer a Lorman Education Service’s webinar, “Data Security Breach Response,” which I co-presented alongside my friend and colleague, Brett Harris of Wilentz, Goldman & Spitzer. The…
The time for businesses to wait until they are breached to respond to data vulnerabilities is coming to an end.  While 50 states have breach notification statutes (reactive legislation), more than 25 states have now adopted some form of proactive legislation requiring companies to take “some” measures to protect the personally identifiable information they collect, store, process and share.  The New Jersey legislature is now considering three competing bills.  While it is yet to be…
From a cybersecurity and data protection perspective, traveling safely on business or pleasure is not an easy task.  But if you are mindful of what you do, and where you do it, you and your information can travel more securely. Here are ten practical cybersecurity and data protection tips to keep in mind: Devices that you will be working on should be encrypted and up to date with security patches.  Even if your device is…
On November 21, 2018, the Pennsylvania Supreme Court, the highest ranking state court in Pennsylvania, ruled that an employer had a common law duty to exercise reasonable care to protect employees’ personal data where, as a condition to employment, the employer (i) required employees to provide sensitive data, (ii) the employer chose to store such data, and (iii) the collection and storage of that information by the employer could foreseeably expose the employees to “unreasonable…
In the wake of GDPR and California’s new data privacy law, website privacy policies continue to be a hot topic for the business community. These pieces of legislation, the FTC Act, and various other sectoral and state laws and regulations set forth a myriad of complex rules and guidelines for website privacy policies.  At a minimum: Privacy policies should clearly and concisely state: What information is being collected when a person visits your site…
One of the most common misconceptions surrounding cybersecurity and data protection measures is that they are too expensive to deploy and maintain – so much so that they become prohibitive for small and middle market businesses. Another one I hear often is that the implementation process can seem daunting for business owners who may be unsure about where exactly to begin. While top-of-the-line cybersecurity programs and managed IT service packages can certainly be expensive and…
Cybersecurity is a hot button for all businesses these days. However, in the flurry of new privacy regulations and the focus on protection of consumer data, many businesses are not paying enough attention to how they could – and should – be using cybersecurity protocols to protect valuable trade secrets. Trade secret protections apply broadly to business, financial and technical information, so long as: (1) the information is not generally known or ascertainable outside the…
One of my husband’s goodhearted employees nearly fell victim to a scam that has been rampant throughout the country. The employee received an email from a senior staff member (or so it seemed) asking if he was in the office. It was early on a Friday morning, before many people had arrived. The employee, never wanting to disappoint, responded yes. The alleged senior staff member then asked the employee for help – asking if he…
As the target of a corporate cyber breach, are you a victim – along with your customers and personnel – or are you a “willing” accomplice to the crime? This week, a U.K. bank was fined in excess of $21 million dollars for failing to protect its systems and customers against a “foreseeable” cyber-attack that occurred in 2016. The bad actors exploited deficiencies in the design of the bank’s debit cards. In the year preceding the attack,…