In response to the COVID-19 outbreak, several U.S. government entities have released warnings about a rise in scams and fraudulent activity connected to the outbreak. In a recent bulletin, the FBI warned of a rise in phishing emails, counterfeit treatments or equipment for COVID-19 preparedness, and fake emails from the Centers for Disease Control and Prevention (CDC) purporting to provide information about the outbreak. The FTC, meanwhile, has released not only a general overview of the steps that it is taking to combat scams related to COVID-19, but has also provided a specific list of seven types of COVID-19 scams that it has observed targeting businesses. More information about these scams, and guidance from the FBI and FTC on how to protect against and respond to some of the most common risks, is below.
Continue Reading COVID-19 Cybersecurity Advice: FTC and FBI Provide Guidance on Cybersecurity Scam Trends and Preventive Measures
New York SHIELD Act’s Reasonable Safeguard Requirements Became Effective on March 21st —Is Your Company Ready?
On March 21, 2020, the data security requirements of the New York SHIELD Act became effective. The Act, which amends New York’s General Business Law, represents an expansion of New York’s existing cybersecurity and data breach notification laws. Its two main impacts on businesses are:
- expanding data breach notification requirements under New York law; and
IoT Update: NIST Seeks Public Comment on Security Review of Smart Home IoT Devices
Earlier this month the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released its Draft NISTIR 8267, Security Review of Consumer Home Internet of Things (IoT) Products, for public comment. NIST will accept public comments on the report through November 1, 2019.
Continue Reading IoT Update: NIST Seeks Public Comment on Security Review of Smart Home IoT Devices
New York DFS Publishes FAQs on New Cybersecurity Regulations
As our readers know, New York’s Department of Financial Services (“NY DFS”) released a draft of its new Cybersecurity Regulations on September 13, 2016, and the final version of the regulations went into effect on March 1, 2017 (23 NYCRR 500). Among other things, the regulations require regulated entities to conduct cyber risk assessments and to develop and implement cybersecurity programs to manage their cyber risk.
Notwithstanding the fanfare surrounding the announcement of these “first-in-the-nation” regulations, there has been significant uncertainty about precisely how the regulations will be interpreted and enforced. That uncertainty has been increasing with the approach of the August 28 deadline for compliance with the first round of requirements (Section 500.22(a)).
On June 29, 2017, NY DFS took steps to reduce that uncertainty by posting a “Frequently Asked Questions” section about the regulations on its website. The FAQs seek to clarify some key provisions of these regulations, including provisions regarding reporting requirements and consumer notification triggers. Some highlights below:
Continue Reading New York DFS Publishes FAQs on New Cybersecurity Regulations
The Securities and Exchange Commission and Financial Industry Regulatory Authority Release Examination Priorities for 2017
The Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) and the Financial Industry Regulatory Authority, Inc. (“FINRA”) (a private self-regulatory organization overseen by OCIE), recently released their 2017 examination priorities. It is no surprise to find cybersecurity listed as an examination priority again this year.
OCIE and FINRA have repeatedly recognized
Extension of Time for Comments on the Federal ANPR on Cyber Risk Management Standards
For those considering submitting comments on the federal advance notice of proposed rulemaking (ANPR) on enhanced cyber risk management standards, you’ve been granted an extension. The agencies involved—the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, and the Federal Deposit Insurance Corporation—announced that they will extend the
Reports Suggest New York DFS to Revise Proposed Cyber Regulations and Delay Implementation
Based on reports citing New York Department of Financial Services (“DFS”) sources (see here and here), DFS may propose a revised version of its first-in-the-nation cybersecurity regulations on December 28, 2016. That revision would be followed by a new 30-day comment period, with the revised regulations scheduled to take effect on March 1, 2017.
Industry Reacts to New York’s Proposed Cybersecurity Regulation for Financial Services Institutions
On December 19, 2016, the New York State Assembly Standing Committee on Banks heard testimony about a proposed regulation introduced by the New York State Department of Financial Services that would require financial services companies to develop and implement cybersecurity programs to defend against cyber-attacks. As we covered when Governor Andrew Cuomo announced this first-in-the-nation
New York State Proposes Cybersecurity Regulation for Financial Services Institutions
On September 13, 2016, New York Governor Andrew Cuomo announced a proposed regulation that would require financial service institutions to develop and implement cybersecurity programs to prevent and mitigate cyber-attacks. The proposed regulation will be subject to a 45-day comment period once it is published in the New York State Register. The regulation will