Archives: Cyber Security

Subscribe to Cyber Security RSS Feed

Data security: The bad guys are stepping up their game. Are you?

Jocelyn ConeyBy Jocelyn Coney on Posted in Cyber Security, Phishing attack

Earlier this year, there was a report on a new spear-phishing attack seeking to steal people’s sensitive data.  The spear-phishing email message, apparently drafted to look like it came from FedEx, included a link that took the recipient of the email to a Google Docs page and then used a script to download malware to the employee’s computer. What was notable about this spear-phishing attempt was that the email “bait” actually included employee sensitive data, such as his or her … Read More

The Enemy Within: Why Employees Top the List of Security Risks Each Year (and what you can do to make sure yours don’t)

Scot GanowBy Scot Ganow on Posted in Cyber Security

Every year, the culprit that tops the list of information security risk is the same one from the previous year, and the year before that: your employees. Sure, hackers and technical failures get a lot of attention, but time and again it is the low-tech failures of employees that lead to security incidents and data breaches. To be clear, it is rarely the disgruntled employee, but more often the apathetic or unaware employee that clicks the phishing link or lets … Read More

Selling Software to the Government: Four Cybersecurity Lessons from a Failed DoD Bid Protest

William C. WagnerBarbara DuncombeBy William C. Wagner and Barbara Duncombe on Posted in Cyber Security, Department of Defense

A recent GAO decision denying a contractor’s protest because of cybersecurity concerns offers contractors four lessons on how to avoid making the same mistakes.

I.  Background Facts and Decision

Syneren Technologies Corporation was one of 20 contractors who responded to a Navy RFP to award an ID/IQ contract for IT systems and software to support human resource operations involving a variety of business enterprise services. The work was to be performed at a government facility and involved DoD and Navy … Read More

Cybersecurity: An Affirmative Defense to Ohio Data Breach Negligence Claims

William C. WagnerScot GanowBy William C. Wagner and Scot Ganow on Posted in Cyber Security, Data Breach, NIST Guide, Uncategorized

Ohio is poised to lead the nation by incentivizing businesses to implement certain cybersecurity controls, which can be an affirmative defense to a data breach claim based on negligence. Under the proposed legislation, if a business is sued for negligently failing to implement reasonable information security controls resulting in a data breach, the business can assert its compliance with the cybersecurity control as an affirmative defense at trial.

For years we have counseled our clients to implement a comprehensive data … Read More

Upcoming Seminar: Cybersecurity for Defense Contractors and Manufacturers

Taft LawBy Taft Law on Posted in Cyber Security, Department of Defense

Join Taft attorneys Barbara Duncombe and Bill Wagner for a complimentary seminar on the DoD cybersecurity regulations on Oct. 18 at Taft’s Indianapolis office. They will participate in an informal, interactive discussion with Richard Banta and Alex Carroll from Lifeline Data Centers and Josh Griswold and Joe Turek from Chubb concerning recent developments (including cyber breaches), evolving standards of compliance and practical, effective risk mitigation strategies. Click here to register.

Topics will include:

  • Final preparations to ensure compliance with DoD’s
Read More

Three Takeaways for Your Business from President Trump’s Executive Order on Cybersecurity

William C. WagnerBy William C. Wagner on Posted in Cyber Security

Here are three takeaways for your business from the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure signed on May 11, 2017.

1. Incorporate the NIST Cybersecurity Framework into your business.

The Executive Order requires federal agencies to use the well-established NIST Cybersecurity Framework to fulfill their mission to protect federal networks and critical infrastructure and to appropriately plan for and procure cybersecurity training, products, and services for the future.

As background, the Framework was … Read More

Q&A: Ransomware Attack

Brian EatonWilliam C. WagnerBy Brian Eaton and William C. Wagner on Posted in Cyber Security

A new cyberattack, that is very similar to the WannaCry ransomware virus, is spreading across Europe. Taft’s Technology group is closely monitoring the situation and has prepared the following short summary of questions and answers about ransomware attacks, which in effect locks out users from accessing their files unless a ransom is paid via bitcoin.

Q: I have been hit with a ransomware attack, what are my options?

A: You can pay the ransom with the hopes of getting your … Read More

5 Cybersecurity Tips for In-House Counsel

Brian EatonBy Brian Eaton on Posted in Cyber Security

Cybersecurity is not an aspect of your business that can be tackled once and then forgotten. The threats are constantly evolving. They require attention and resources. Here are 5 tips to make sure your company is prepared in case of an attack.

  1. Disaster Recovery Plan– Data is the lifeblood of most organizations. Where is your data stored? What would happen to your business if a natural disaster like a fire, flood or other catastrophe struck the location where your
Read More

10 Tips for Presenting Complex Cases In Arbitration

Taft LawBy Taft Law on Posted in Cyber Security, Department of Defense, Government Contractors

The American Arbitration Association (AAA) and its International Centre for Dispute Resolution (ICDR) recently created an aerospace, aviation and national security panel of arbitrators to handle complex, high-value aerospace, aviation, defense, cyber and security-related disputes. Similarly, AAA has a special panel of arbitrators to handle technology-related disputes. But what should companies involved in these types of arbitration cases expect?

Taft attorneys Bill Wagner and Michael Diamant recently published an article in Law360 with 10 tips for presenting complex cases in … Read More

Taft Co-Hosts Upcoming Panel Discussion: Cybersecurity: Recent Developments and Risk Mitigation Strategies

Taft LawBy Taft Law on Posted in Cyber Security

Please join us at Taft Indianapolis on March 21 for a breakfast event featuring an informal, interactive panel discussion covering recent developments (including cyber breaches), evolving standards of compliance and practical, effective risk mitigation strategies.

Agenda:

Registration and Continental Breakfast: 7:30-8:00 a.m.
Discussion: 8:00-9:30 a.m.

Panelists:

  • Richard L. Banta and Alex J. Carroll from Lifeline Data Centers, LLC
  • Frederick W. McClaine from Shepherd Insurance
  • James A. Butz and William C. Wagner from Taft Law

Click here for the PDF invitation … Read More

Wagner Article “Takeaways From NASA Cloud Security Audit” Published by Law360

Taft LawBy Taft Law on Posted in Cyber Security

Bill Wagner authored the article “Takeaways From NASA Cloud Security Audit,” which was published by Law360 on March 1. The article discusses the Office of Inspector General’s audit report on the security of NASA’s cloud computing services and offers discussion points for corporate management and directors to consider in their own cybersecurity efforts.

In the article, Bill also provides some discussion points for a tabletop review of NASA’s audit findings with your management and board.

Bill is co-chair … Read More

St. Louis Cardinals Hacking Scandal: A Real-World Example of the Importance of Password Management

Brian EatonBy Brian Eaton on Posted in Cyber Security, Data Breach

The saga surrounding the St. Louis Cardinals hacking scandal concluded with the issuance of a final punishment from MLB. The scandal stemmed from the actions of the former Cardinals scouting director Chris Correa, after he illegally accessed the e-mail accounts of members of the Houston Astros front office as well as their scouting database. The Cardinals were ordered to forfeit their top two selections in the upcoming 2017 amateur draft to the Astros and pay them two million dollars within … Read More

5 Tips for Training Employees in Effective Cybersecurity Practices

Brian EatonBy Brian Eaton on Posted in Cyber Security

One overlooked aspect of cybersecurity is training for the employees at your company in proper data management practices. All of the technical measures that a company employs to guard against intrusions do not matter when an employee knowingly or unknowingly circumvents those measures. Proper training can help to reduce the number of incidents and lower your chances of suffering from a data breach.

  1. Password Management  Proper password management is key to any cybersecurity program. The technical barriers to entry
Read More

Can You Prevent Cyber Attacks to Industrial Control Systems for Advanced Robotic-Based and Chemical Manufacturers with Off-the-Shelf Software and NIST Guidelines?

William C. WagnerBy William C. Wagner on Posted in Cyber Security

Guides and best practices against cyber-attacks often provide only the illusion of security. In an attempt to turn that illusion into reality, the National Cybersecurity Center of Excellence at the National Institute of Standards and Technologies (NIST) intends to create a lab environment to simulate, test, and address cybersecurity problems for robotic-based and chemical manufacturing processes through standards-based solutions using commercially available software.

The intent is to produce a series of NIST Cybersecurity Practice Guides for four cybersecurity capabilities for … Read More

DoD’s New Cybersecurity Regulations: How to protect yourself when a Government support services contractor wants to inspect your data and devices

William C. WagnerBarbara DuncombeBy William C. Wagner and Barbara Duncombe on Posted in Cyber Security, Department of Defense, Uncategorized

DOD New Cybersecurity regulationsThe US Department of Defense’s (DoD) new cybersecurity regulations require defense contractors to cooperate with Government support services contractors investigating a “cyber incident that affects a covered contractor information system or the covered defense information residing therein or that affects the contractor’s ability to provide operationally critical support.”  DoD’s Defense Industrial Base Cybersecurity Activities Final Rule, 32 CFR 236.4(b), (m)(5) (effective Nov. 3, 2016); Response to Public Comments, 81 FR 68312 (Oct. 4, 2016).

It doesn’t take much imagination to … Read More

Real-Life Attacks On Business & What You Can Do To Deter A Cybercriminal – Event September 7

Caryn KaufmanBy Caryn Kaufman on Posted in Breach Detection, Cyber Security, Data Breach, data privacy, Phishing attack, Privacy Policy

To effectively guard against an enemy of any kind it’s important to know your enemy. This strategy is just as effective when fighting an online battle to protect your company’s data.

Before you can effectively defend against cyberattacks, it is important to educate yourself on potential threats and how to handle them. We invite you to join us on September 7 for part two of the Columbus Cybersecurity Series featuring FBI agent David Fine returns. During this portion of the … Read More

Cyber Insurance: Travelers Required to Defend Healthcare Records Storage Company From Class Actions

William C. WagnerBy William C. Wagner on Posted in Cyber Insurance, Cyber Security, Data Breach

Savvy in-house counsel and business owners termsoften ask are whether the insurers selling cyber policies actually pay claims or whether the policyholders are just buying the right to later sue the insurers for coverage.  The initial wave of cyber insurance litigation involved policyholders trying to obtain coverage for data breaches under their standard commercial general liability policies.  This produced mixed results with some courts finding coverage, while others did not.  The next wave of cyber insurance litigation involved policyholders asserting … Read More

Will the New DoD Cybersecurity Regulations Cause a New Wave of Protest Disputes?

Barbara DuncombeWilliam C. WagnerBy Barbara Duncombe and William C. Wagner on Posted in Breach Detection, Cyber Security, Data Breach, data privacy, Department of Defense, Government Contractors, Government investigation, NIST Guide

The new DoD cybersecurity regulations require contractors to implement the security requirements specified by the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations,” not later than Dec. 31, 2017. DFARS, 252.204-7008(c)(1).

However, a contractor may propose to vary from the NIST SP 800-171 requirements under two circumstances. Under DFARS 252.204-7008(c)(2), a contractor may propose to vary from the security requirements specified by NIST SP 800-171 through a … Read More

Webinar Replay Now Available on the New Defense Department Cybersecurity Rules

William C. WagnerBarbara DuncombeBy William C. Wagner and Barbara Duncombe on Posted in Cyber Security, Data Breach, data privacy, Department of Defense, Government Contractors, Government investigation, NIST Guide

The U.S. Department of Defense published its Network Penetration Reporting and Cloud Computing Services regulations as an interim rule in August 2015 and updated them in December 2015.  Watch this new webinar replay at your convenience to learn about the regulations, how they may impact your business, and the concerns of industry groups. Click HERE to watch the webinar in its entirety.

 … Read More

Did China’s Agreement Not to Steal U.S. Intellectual Property Influence the Defense Department’s Decision to Grant a Two-Year Extension for Contractors to Comply with NIST SP 800-171’s Guidelines for Protecting Controlled Unclassified Information?

William C. WagnerBy William C. Wagner on Posted in Cyber Security, data privacy, Department of Defense, Government Contractors, Government investigation, NIST Guide

China

On June 4, 2015, the Office of Personnel Management announced that personally identifiable information for 4 million current and retired U.S. Government employees had been breached. China was suspected of having facilitated the breach.

Two weeks later, after the number of data breach victims had risen to 14 million, the National Institute of Standards and Technology (NIST) published its new Guidelines for Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, NIST Special Publication 800-171.

We published our … Read More

Please Add Internal Threat Monitoring to NYDFS’s Cyber Security Requirements for Banks and Insurers

William C. WagnerBy William C. Wagner on Posted in Cyber Security

One best practice missing from the New York State Department of Financial Services’ announcement of potentiabigstock-Stack-of-manilla-file-folders-30317660-1080x675l new cyber security regulation requirements for banks and insurers was the need to develop an approach to monitor internal threats, including the detection of anomalous conduct by employees.

The FBI, SEC, and others have identified dishonest acts by employees as one of the major causes of data security breaches.  In fact, it’s one of the areas audited under the FFIEC’s Cybersecurity Assessment ToolRead More

Answers to Frequently Asked Questions on DoD’s New Cyber Security Regulations

William C. WagnerBy William C. Wagner on Posted in Cyber Security, Department of Defense

faqDoD recently published answers to 43 frequently asked questions on the Department of Defense Network Penetration Reporting and Contracting for Cloud Services regulations.  The FAQs document is available here.  In addition, you can read our blogs posts on the new regulations below.

Read More

Financial Institutions Warned of Increased Cyber Attacks Involving Extortion

William C. WagnerBy William C. Wagner on Posted in Breach Detection, Cyber Security, Data Breach

bankThe Federal Financial Institutions Examination Council (FFIED) warned financial institutions of the increasing frequency and severity of cyber attacks involving extortion resulting from ransomeware, denial of service attacks, and theft of sensitive business and customer information to extort payment and other concessions from victims.

The FFIEC recommends that financial institutions develop and implement programs to ensure that the institutions are able to identify, protect, detect, respond to, and recover from these types of attacks, including:

  • Conducting ongoing information security risk
Read More

Privacy in the Cloud: Protecting Yourself

Taft LawBy Taft Law on Posted in Breach Detection, Cyber Security, Data Breach

cloud-computing-magnifiDemand for cloud computing is mounting swiftly, with double-digit annual growth rates expected through 2018.

Use of a remote, shared computer network to store, manage and process data can save time and money by eliminating the need for a local data center and an IT team to run it. Whether on a smart phone, a laptop or a desktop computer, cloud computing gives users immediate access to data anywhere there is an Internet connection.

Gartner, one of the world’s foremost … Read More

LexBlog