NIST SP 800-171 Resources for Government Contractors

There are several helpful resources for contractors looking to comply with the National Institute of Standards and Technologies Special Publication 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.” To help contractors meet the requirements, NIST recently issued NIST Handbook 162, entitled “NIST MEP Cybersecurity Self-Assessment Handbook For Assessing NIST SP 800-171 Security Requirements in Response to DFARS Cybersecurity Requirements.”  The Handbook provides a step-by-step guide to assessing a manufacturer’s information systems against the security requirements in … Read More

When can a policyholder select defense counsel in Indiana?

It seems like I get this question once every couple of months.

Hey Bill, my company just got sued. After paying premiums for years, I finally had to make a claim. My insurance company wrote me a “reservation of rights” letter. They offered to have one of their “panel counsel” defend my company, but then they listed 15 reasons why they don’t need to cover the lawsuit, including that there is no “covered claim,” the event was not an “occurrence” … Read More

Join us for a Data Breach Response Event in Indianapolis on Feb. 21

Join Taft and Sikich for an informational session on Feb. 21 as two of our professionals share their experiences before and during a data breach and share their insights in the hopes of helping you better prepare for and survive a data breach. Register here.

Schedule:
3:30 – 4:00pm Registration & Networking
4:00 – 5:00pm Presentation
5:00 – 6:00pm Networking, drinks & hors d’oeuvres

Presenters:

Scot Ganow, Senior Counsel – Taft Stettinius & Hollister LLP
Scot is co-chair of … Read More

Data Privacy Day is January 28. Who knew, right?

Well, if Star Wars (May 4) and doughnuts (first Friday in June) can have their own day, you would hope a day might be dedicated to reminding us all about the importance of privacy and increasing awareness of ways we can empower ourselves and our clients to better use and protect personal information. Data Privacy Day began as Data Protection Day in Europe. The day commemorates the signing of Convention 108, the first legally binding international treaty dealing with privacy … Read More

Don’t Fall for the W-2 Phishing Scam This Year!

Income tax season is arriving, and your company will soon be issuing W-2 forms to all of its employees. Now is a good time to remind all payroll and human resources personnel that a W-2 phishing scam, which has been around for a couple of years, is likely to arise again this year.

This phishing variation is known as a “spoofing” e-mail. It will contain, for example, the actual name of the company chief executive officer. In this variation, the … Read More

Selling Software to the Government: Four Cybersecurity Lessons from a Failed DoD Bid Protest

A recent GAO decision denying a contractor’s protest because of cybersecurity concerns offers contractors four lessons on how to avoid making the same mistakes.

I.  Background Facts and Decision

Syneren Technologies Corporation was one of 20 contractors who responded to a Navy RFP to award an ID/IQ contract for IT systems and software to support human resource operations involving a variety of business enterprise services. The work was to be performed at a government facility and involved DoD and Navy … Read More

Happy New Year! Tick. Tock. Let the countdown to GDPR begin!

As you put together your resolutions and plans for the new business year, it is important to remember that the European Union’s (“E.U.”) General Data Protection Regulation (“GDPR”) will go into effect on May 25, 2018. The impact that it could have on U.S. companies will depend on whether a company processes the personal data of E.U. citizens (note: the definition of “personal data” under the GDPR is quite broad). If you think this doesn’t apply to your company, think … Read More

Just Chill: Why the Credit Security Freeze May be Your Best Defense in the Data Breach Era

With this year’s high profile breach at a large consumer reporting agency and credit cards ringing up balances during this holiday season, I have been fielding numerous calls from people in both a professional and personal capacity on what they should be doing to “truly” protect their identity and their credit accounts. I often find myself reiterating some of the basics of the laws in place to protect you and to empower you to safeguard your credit information. So, I … Read More

Addressing Data Breaches During Due Diligence – What is a Buyer (and Seller) to do?

Taft Business & Finance attorneys Jim Butz and Caroline Thee recently published an article on data breaches becoming increasingly problematic during the due diligence stage of transactions. The article addresses what a buyer (and a seller) should do when investigating a target’s exposure to unauthorized access to data or other proprietary information. Read the article here.… Read More

What should I be doing to better manage the risk of a data breach?

As we gather at this time of year to express our gratitude for those people and things most important in our lives, perhaps one of the things on that list at work is that you have not suffered through a security incident or breach this past year, or ever. Indeed, this is reason to be thankful! However, when it comes to privacy and security incidents, it is not a matter of IF but WHEN. So be grateful for your good … Read More

LexBlog