Every year, the culprit that tops the list of information security risk is the same one from the previous year, and the year before that: your employees. Sure, hackers and technical failures get a lot of attention, but time and again it is the low-tech failures of employees that lead to security incidents and data breaches. To be clear, it is rarely the disgruntled employee, but more often the apathetic or unaware employee that clicks the phishing link or lets the bad guy into the building. And, unlike the technological safeguards that can cost you thousands of dollars, remedying the issues with employees doesn’t have to cost a lot time or money. However, it can still have the biggest payoff. Here are three easy things you can do to immediately reduce the risk to your sensitive information, and in doing so, truly make “security everyone’s business.”

Continue Reading The Enemy Within: Why Employees Top the List of Security Risks Each Year (and what you can do to make sure yours don’t)

A recent GAO decision denying a contractor’s protest because of cybersecurity concerns offers contractors four lessons on how to avoid making the same mistakes.

I.  Background Facts and Decision

Syneren Technologies Corporation was one of 20 contractors who responded to a Navy RFP to award an ID/IQ contract for IT systems and software to support human resource operations involving a variety of business enterprise services. The work was to be performed at a government facility and involved DoD and Navy


Continue Reading Selling Software to the Government: Four Cybersecurity Lessons from a Failed DoD Bid Protest

Ohio is poised to lead the nation by incentivizing businesses to implement certain cybersecurity controls, which can be an affirmative defense to a data breach claim based on negligence. Under the proposed legislation, if a business is sued for negligently failing to implement reasonable information security controls resulting in a data breach, the business can assert its compliance with the cybersecurity control as an affirmative defense at trial.

For years we have counseled our clients to implement a comprehensive data
Continue Reading Cybersecurity: An Affirmative Defense to Ohio Data Breach Negligence Claims

Join Taft attorneys Barbara Duncombe and Bill Wagner for a complimentary seminar on the DoD cybersecurity regulations on Oct. 18 at Taft’s Indianapolis office. They will participate in an informal, interactive discussion with Richard Banta and Alex Carroll from Lifeline Data Centers and Josh Griswold and Joe Turek from Chubb concerning recent developments (including cyber breaches), evolving standards of compliance and practical, effective risk mitigation strategies. Click here to register.

Topics will include:

  • Final preparations to ensure compliance with DoD’s


Continue Reading Upcoming Seminar: Cybersecurity for Defense Contractors and Manufacturers

Here are three takeaways for your business from the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure signed on May 11, 2017.

1. Incorporate the NIST Cybersecurity Framework into your business.

The Executive Order requires federal agencies to use the well-established NIST Cybersecurity Framework to fulfill their mission to protect federal networks and critical infrastructure and to appropriately plan for and procure cybersecurity training, products, and services for the future.

As background, the Framework was


Continue Reading Three Takeaways for Your Business from President Trump’s Executive Order on Cybersecurity

A new cyberattack, that is very similar to the WannaCry ransomware virus, is spreading across Europe. Taft’s Technology group is closely monitoring the situation and has prepared the following short summary of questions and answers about ransomware attacks, which in effect locks out users from accessing their files unless a ransom is paid via bitcoin.

Q: I have been hit with a ransomware attack, what are my options?

A: You can pay the ransom with the hopes of getting your
Continue Reading Q&A: Ransomware Attack

Cybersecurity is not an aspect of your business that can be tackled once and then forgotten. The threats are constantly evolving. They require attention and resources. Here are 5 tips to make sure your company is prepared in case of an attack.

  1. Disaster Recovery Plan– Data is the lifeblood of most organizations. Where is your data stored? What would happen to your business if a natural disaster like a fire, flood or other catastrophe struck the location where your


Continue Reading 5 Cybersecurity Tips for In-House Counsel

The American Arbitration Association (AAA) and its International Centre for Dispute Resolution (ICDR) recently created an aerospace, aviation and national security panel of arbitrators to handle complex, high-value aerospace, aviation, defense, cyber and security-related disputes. Similarly, AAA has a special panel of arbitrators to handle technology-related disputes. But what should companies involved in these types of arbitration cases expect?

Taft attorneys Bill Wagner and Michael Diamant recently published an article in Law360 with 10 tips for presenting complex cases in
Continue Reading 10 Tips for Presenting Complex Cases In Arbitration

Please join us at Taft Indianapolis on March 21 for a breakfast event featuring an informal, interactive panel discussion covering recent developments (including cyber breaches), evolving standards of compliance and practical, effective risk mitigation strategies.

Agenda:

Registration and Continental Breakfast: 7:30-8:00 a.m.
Discussion: 8:00-9:30 a.m.

Panelists:

  • Richard L. Banta and Alex J. Carroll from Lifeline Data Centers, LLC
  • Frederick W. McClaine from Shepherd Insurance
  • James A. Butz and William C. Wagner from Taft Law

Click here for the PDF invitation
Continue Reading Taft Co-Hosts Upcoming Panel Discussion: Cybersecurity: Recent Developments and Risk Mitigation Strategies

Bill Wagner authored the article “Takeaways From NASA Cloud Security Audit,” which was published by Law360 on March 1. The article discusses the Office of Inspector General’s audit report on the security of NASA’s cloud computing services and offers discussion points for corporate management and directors to consider in their own cybersecurity efforts.

In the article, Bill also provides some discussion points for a tabletop review of NASA’s audit findings with your management and board.

Bill is co-chair
Continue Reading Wagner Article “Takeaways From NASA Cloud Security Audit” Published by Law360