Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

The SEC’s New Cybersecurity Guidance Is More Significant Than You Might Think

In the wake of increasing major cyber security incidents—such as the recent Equifax data breach that affected about 140 million U.S. consumers— the Securities and Exchange Commission (SEC) issued its interpretive guidance on cybersecurity disclosures in late February. The guidance was highly anticipated within the business community, which had expected it to affirm and expand … Continue Reading

InfoLawGroup Launches CPO on Demand™ Service

InfoLawGroup announces the launch of CPO on Demand™, a service through which we serve as outside Chief Privacy Officers, Privacy Counsel, and DPOs as required under EU regulation. CPO on Demand™ brings the depth and breadth of our privacy and security focused attorneys to support your business’s legal, compliance, and privacy teams. Please click here … Continue Reading

HIPAA as a Standard of Care for Common Law Negligence Claims

Because the Health Insurance Portability and Accountability Act (“HIPAA”) does not provide a private right of action, plaintiff’s attorneys have sought a means to link HIPAA violations to other state or federal legal frameworks which do provide direct recourse for private individuals.  A recent ruling by the Connecticut Supreme Court may open new avenues of … Continue Reading

Information Security Strategy: A Lesson from the Target Breach

Over the past few weeks, new revelations have provided greater insight into the breach of Target Corp. over the holiday shopping season.  Notable among the recent news is the assertion that the cybercriminals behind the Target breach initiated their infiltration through HVAC vendor Fazio Mechanical (  It is believed that the cybercriminals staged a phishing … Continue Reading

The Internet of Things: FDA Releases Guidance on Securing Wireless Medical Devices — What Medical Device Manufacturers Should Know

FDA, responding to pressure to provide direction on wireless medical device security, has released guidance concerning the use of RF wireless technology in medical devices.  The Guidance contains FDA’s recommendations to wireless medical device manufacturers for securing these devices and complying with governing FDA regulations. Key takeaway:  FDA is now paying close attention to medical … Continue Reading

Discussing the FTC’s Proposed Settlement with TRENDnet on LXBN TV

Following up on Senior Counsel Rich Santalesa’s recent post on the FTC officially entering the “Internet of things” space by proposing a consent order settlement with TRENDnet, he spoke with Colin O’Keefe of LXBN TV on the subject. In the below concise video interview, he explains what TRENDnet did to draw the FTC’s ire and … Continue Reading

FTC Enters “Internet of Things” Arena With TRENDnet Proposed Settlement

With predictions that by 2020 more than 30 billion devices will be wirelessly connected to the “Internet of Things” the issues for data security and privacy in an “all-connected, all-the-time” world are massive.  And as the FTC continues to forge ahead in efforts to address mobile and other burgeoning security matters it recently entered the … Continue Reading

Ponemon’s Cyber Insurance Study Finds Companies Neglecting Coverage

The challenges of managing corporate risk – whether through the growth of formal “GRC” (governance, risk management and compliance) programs or through contractual liability transfers – increase each year. However, a recent Ponemon Institute study, Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age, released Aug. 7, 2013 (available here: … Continue Reading

Lessons From When Cyber Security Meets Physical Security

Data security and what qualifies as “reasonable” security is on everyone’s mind these days – at least if you’re involved in IT, or responsible for addressing any aspect of the “GRC” troika of governance, risk management and compliance issues. Sometimes overlooked on the cyber side, however, is the interaction of cyber with real world, physical … Continue Reading

2013 Verizon Data Breach Report Is Out – Risks Increase

Verizon’s annual “Data Breach Investigations Report” (“DBIR”) is a must read for data and information security professionals and we eagerly await each release.  The 2013 DBIR is now out and being carefully read by information security professionals.  Now in its sixth year, each DBIR provides a broad overview of the changing information security and data … Continue Reading

White House Cyber Security Order Likely to Have Long-Term Impact on Critical Infrastructure Owners and Operators

On February 12, 2013, following Congress’ failure to enact cybersecurity legislation, the Administration issues an executive order — entitled “Improving Critical Infrastructure Cybersecurity” — that seeks to move forward the effort to comprehensively address the cybersecurity of the country’s critical assets. The White House observed that “the cyber threat to critical infrastructure continues to grow … Continue Reading