Latest Posts
Search for:
Tag

Cybersecurity

Browsing
In Financial Institutions

SEC Ramping Up Examination and Enforcement Scrutiny of Cybersecurity at Financial Institutions

by , , , and 3 Mins Read

As predicted in our Connect on Tech discussion in March, the U.S. Securities and Exchange Commission (“SEC”) is ramping up its examination and enforcement focus on cybersecurity at financial institutions, including scrutiny on actual implementation and deployment of published procedures in response to discovery of cyber breach incidents. Furthermore, the SEC appears to signal its expectation that multi-factor authentication (“MFA”) for email accounts containing sensitive client and customer information should be in place. Email Account…

In Data Privacy

SEC Charges Real Estate Settlement Services Provider with Cybersecurity Disclosure Controls Failures

by , and 4 Mins Read

The Securities and Exchange Commission fined a real estate services company for inadequate disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed hundreds of thousands of sensitive customer records. Background In 2019, a cybersecurity journalist discovered and notified the real estate services company about a vulnerability with its document and images sharing app that exposed over 800 million images dating back to 2003, including documents that contained sensitive personal information such as…

In FinTech

FInsight Episode 12: Singapore – MAS Revises Technology Risk Management Guidelines

by , and 1 Min Read

The Monetary Authority of Singapore (MAS) recently revised its Technology Risk Management Guidelines 2021 after feedback from a 2019 public consultation and engaging with cyber security experts. In this episode, Stephanie Magnus, Ken Chia, and Ying Yi Liew take a closer look at compliance, regulator expectations, cyber threats, and other important considerations — taking into account that financial institutions encompass large multinational banks, insurance companies and small fintech startups. https://soundcloud.com/user-879185301-820444966/ep12-singapore-mas-revises-technology-risk-management-guidelines

In Podcast

Podcast Episode 30 — Cybersecurity and the SEC: Looking Forward Following Market Turmoil

by , and 1 Min Read

Partners Peter Chan and Valerie Mirko join Brian Hengesbaugh to discuss the SEC and cybersecurity, leveraging their own experiences with the agency to give an overview of the past, present and future. Listen to learn about: The evolution of the SEC’s focus on cybersecurity, particularly with regard to financial institutionsAn insider’s take on what may trigger SEC investigationWhat’s in store with the Biden administration and how companies should prepare https://open.spotify.com/episode/5Z4nHbjxtrntljyEBMRRqF?si=J3ucfdTRQF6lArxRf540FA Related Resources: SEC Announces 2021…

In Data Privacy

Protecting Privilege over Forensic Incident Reports in Data Breach Cases

by , , , and 6 Mins Read

Adding to an emerging trend of federal cases addressing privilege in the context of forensic reports, the DC District Court ruled last month that forensic reports created in response to a cybersecurity incident were not subject to attorney-client privilege nor attorney work product protection because the reports were created in the ordinary course of business. This decision has significant implications for organizations preparing to respond to cybersecurity incidents and continues a pattern of increased scrutiny…

In Podcast

Podcast Episode 27 – Breaking Down the UK ICO’s Guidance on the Solar Winds Cyber Attack

by and 1 Min Read

Brian Hengesbaugh and Partner Paul Glass dissect the recent guidance issued by the ICO in response to the SoldWinds cyber attack. Listen to hear: an overview of what the guidance sayswhy the ICO decided to release guidance in regards to this incidenthow companies should best approach the 72-hour notification rule https://open.spotify.com/episode/5ufO2qYMt4rPOQiVOKHo4n?si=ZMqpxKVpRvKsT8G7jo6o-A

In Data Privacy

ICO issues statement on SolarWinds Orion compromise

by and 3 Mins Read

The ICO has issued a statement confirming that organisations should immediately check to see whether they are potentially a victim of the cyber-attack carried out through the SolarWinds Orion IT management platform (see ICO statement). Initial technical research indicates that while the majority of potentially compromised users of Orion are based in the United States of America, there are significant numbers of users in the United Kingdom and EU. The versions of the software that…

In Data Privacy

SolarWinds Fallout Warrants Vendor Pulse Check

by , , , and 4 Mins Read

Disruptive cyber-attacks aimed at supply chains are on the rise, as the recent SolarWinds security breach has so prominently brought to light. While your immediate IT infrastructure may not have been directly impacted by that breach, now may be a good time to check-in with you key service providers. If they host or in any way process digital assets on your behalf, there is reason for concern in light of the devastating SolarWinds security breach.…

In Data Privacy

Podcast Episode 25 — SEC Cyber Enforcement Actions: Lessons Learned and Future Trends

by and 1 Min Read

Brian Hengesbaugh is joined by Jessica Nall, partner in Baker McKenzie’s San Francisco/Palo Alto office. Jessica and Brian discuss the series of cybersecurity incidents former giant Yahoo experienced in 2013 and 2014, and Jessica’s lessons learned as a lead attorney representing individuals in those cases in the following government investigations in 2016. Listen in to hear: What went wrong in the case, and why those failures remain relevant todayHow companies can avoid becoming a target…

Load More