Earlier this year, there was a report on a new spear-phishing attack seeking to steal people’s sensitive data. The spear-phishing email message, apparently drafted to look like it came from FedEx, included a link that took the recipient of the email to a Google Docs page and then used a script to download malware to the employee’s computer. What was notable about this spear-phishing attempt was that the email “bait” actually included employee sensitive data, such as his or her … Read More
U.S. privacy law is based on the principles of notice and consent – for instance, under FTC and state consumer protection laws, consumers given fair notice and the opportunity to consent generally cannot complain about the use of their data.
But as we have noted in prior posts, the E.U.’s General Data Protection Regulation (“GDPR”), which will become effective May 25 of this year, is more comprehensive than any U.S. privacy law in most respects. It treats personal data (defined … Read More
Every year, the culprit that tops the list of information security risk is the same one from the previous year, and the year before that: your employees. Sure, hackers and technical failures get a lot of attention, but time and again it is the low-tech failures of employees that lead to security incidents and data breaches. To be clear, it is rarely the disgruntled employee, but more often the apathetic or unaware employee that clicks the phishing link or lets … Read More
Beginning in April 2018, the General Services Administration (GSA) will publish for 60 days of public comment updates to its cybersecurity requirements for eventual integration into the GSA Acquisition Regulation (GSAR). [GSAR Case 2016-G511, Information and Information Systems Security, 83 Fed. Reg. 1941 (Jan. 12, 2018).] Then, beginning in August 2018, the GSA will publish for 60 days of public comments updates to its cyber incident reporting requirements for GSA contractors. [GSAR Case 2016-515, Cyber Incident Reporting, 83 F.R. 1941 … Read More
There are several helpful resources for contractors looking to comply with the National Institute of Standards and Technologies Special Publication 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.” To help contractors meet the requirements, NIST recently issued NIST Handbook 162, entitled “NIST MEP Cybersecurity Self-Assessment Handbook For Assessing NIST SP 800-171 Security Requirements in Response to DFARS Cybersecurity Requirements.” The Handbook provides a step-by-step guide to assessing a manufacturer’s information systems against the security requirements in … Read More
It seems like I get this question once every couple of months.
Hey Bill, my company just got sued. After paying premiums for years, I finally had to make a claim. My insurance company wrote me a “reservation of rights” letter. They offered to have one of their “panel counsel” defend my company, but then they listed 15 reasons why they don’t need to cover the lawsuit, including that there is no “covered claim,” the event was not an “occurrence” … Read More
Join Taft and Sikich for an informational session on Feb. 21 as two of our professionals share their experiences before and during a data breach and share their insights in the hopes of helping you better prepare for and survive a data breach. Register here.
3:30 – 4:00pm Registration & Networking
4:00 – 5:00pm Presentation
5:00 – 6:00pm Networking, drinks & hors d’oeuvres
Scot Ganow, Senior Counsel – Taft Stettinius & Hollister LLP
Scot is co-chair of … Read More
Well, if Star Wars (May 4) and doughnuts (first Friday in June) can have their own day, you would hope a day might be dedicated to reminding us all about the importance of privacy and increasing awareness of ways we can empower ourselves and our clients to better use and protect personal information. Data Privacy Day began as Data Protection Day in Europe. The day commemorates the signing of Convention 108, the first legally binding international treaty dealing with privacy … Read More
Income tax season is arriving, and your company will soon be issuing W-2 forms to all of its employees. Now is a good time to remind all payroll and human resources personnel that a W-2 phishing scam, which has been around for a couple of years, is likely to arise again this year.
This phishing variation is known as a “spoofing” e-mail. It will contain, for example, the actual name of the company chief executive officer. In this variation, the … Read More
A recent GAO decision denying a contractor’s protest because of cybersecurity concerns offers contractors four lessons on how to avoid making the same mistakes.
I. Background Facts and Decision
Syneren Technologies Corporation was one of 20 contractors who responded to a Navy RFP to award an ID/IQ contract for IT systems and software to support human resource operations involving a variety of business enterprise services. The work was to be performed at a government facility and involved DoD and Navy … Read More