Micaela McMurrough

Micaela McMurrough

Subscribe to all posts by Micaela McMurrough

IoT Update: Congress Passes IoT Cybersecurity Improvement Act of 2020

The bipartisan Internet of Things (“IoT”) Cybersecurity Improvement Act of 2020 (S. 734, H.R. 1668) has passed the House and the Senate and is headed to the President’s desk for signature.  The bill was sponsored in the House by Representatives Hurd (R-TX) and Kelly (D-IL), and in the Senate by Senators Warner (D-VA) and Gardner … Continue Reading

COVID-19 Cybersecurity Advice: FTC and FBI Provide Guidance on Cybersecurity Scam Trends and Preventive Measures

In response to the COVID-19 outbreak, several U.S. government entities have released warnings about a rise in scams and fraudulent activity connected to the outbreak.  In a recent bulletin, the FBI warned of a rise in phishing emails, counterfeit treatments or equipment for COVID-19 preparedness, and fake emails from the Centers for Disease Control and … Continue Reading

New York SHIELD Act’s Reasonable Safeguard Requirements Became Effective on March 21st —Is Your Company Ready?

On March 21, 2020, the data security requirements of the New York SHIELD Act became effective.  The Act, which amends New York’s General Business Law, represents an expansion of New York’s existing cybersecurity and data breach notification laws.  Its two main impacts on businesses are: expanding data breach notification requirements under New York law; and … Continue Reading

IoT Update: NIST Seeks Public Comment on Security Review of Smart Home IoT Devices

Earlier this month the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released its Draft NISTIR 8267, Security Review of Consumer Home Internet of Things (IoT) Products, for public comment. NIST will accept public comments on the report through November 1, 2019.… Continue Reading

New York DFS Publishes FAQs on New Cybersecurity Regulations

As our readers know, New York’s Department of Financial Services (“NY DFS”) released a draft of its new Cybersecurity Regulations on September 13, 2016, and the final version of the regulations went into effect on March 1, 2017 (23 NYCRR 500).  Among other things, the regulations require regulated entities to conduct cyber risk assessments and … Continue Reading

The Securities and Exchange Commission and Financial Industry Regulatory Authority Release Examination Priorities for 2017

The Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) and the Financial Industry Regulatory Authority, Inc. (“FINRA”) (a private self-regulatory organization overseen by OCIE), recently released their 2017 examination priorities.  It is no surprise to find cybersecurity listed as an examination priority again this year. OCIE and FINRA have repeatedly recognized … Continue Reading

Extension of Time for Comments on the Federal ANPR on Cyber Risk Management Standards

For those considering submitting comments on the federal advance notice of proposed rulemaking (ANPR) on enhanced cyber risk management standards, you’ve been granted an extension.  The agencies involved—the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, and the Federal Deposit Insurance Corporation—announced that they will extend the comment period … Continue Reading

Reports Suggest New York DFS to Revise Proposed Cyber Regulations and Delay Implementation

Based on reports citing New York Department of Financial Services (“DFS”) sources (see here and here), DFS may propose a revised version of its first-in-the-nation cybersecurity regulations on December 28, 2016.  That revision would be followed by a new 30-day comment period, with the revised regulations scheduled to take effect on March 1, 2017. This … Continue Reading

Industry Reacts to New York’s Proposed Cybersecurity Regulation for Financial Services Institutions

On December 19, 2016, the New York State Assembly Standing Committee on Banks heard testimony about a proposed regulation introduced by the New York State Department of Financial Services that would require financial services companies to develop and implement cybersecurity programs to defend against cyber-attacks.  As we covered when Governor Andrew Cuomo announced this first-in-the-nation … Continue Reading

New York State Proposes Cybersecurity Regulation for Financial Services Institutions

On September 13, 2016, New York Governor Andrew Cuomo announced a proposed regulation that would require financial service institutions to develop and implement cybersecurity programs to prevent and mitigate cyber-attacks.  The proposed regulation will be subject to a 45-day comment period once it is published in the New York State Register. The regulation will become … Continue Reading
LexBlog