Small BusinessData Breach Risks for Small & Medium Sized Businesses
Data Breach Risks for Small & Medium Sized Businesses

Data Breach Risks for Small & Medium Sized Businesses

Today, small and medium sized businesses (SMBs) are sometimes at a greater risk of cyber-attacks and security breaches than large enterprises and corporations. Seventy-one percent of cyber-attacks happen at businesses with less than one hundred employees due to less secure networks, lack of time, budget constraints, and limited resources for proper security.
DFSLessons Learned from DFS’s First Enforcement Action Under the DFS Cybersecurity Regulation
Lessons Learned from DFS’s First Enforcement Action Under the DFS Cybersecurity Regulation

Lessons Learned from DFS’s First Enforcement Action Under the DFS Cybersecurity Regulation

The DFS Cybersecurity Regulation 22 NYCRR 500 (“Regulation”) requires businesses operating under NY banking, insurance, and finance laws to implement and maintain certain cybersecurity practices, including risk assessments, documentation of security policies, management of third-party providers, and set strict requirements for data breach reporting. Even though the Regulations were issued in March 2017, they did not become fully effective until March of 2019, following a two-year phased implementation process.
Data Security Requirements Under New York SHIELD Act
Data Security Requirements Under New York SHIELD Act

Data Security Requirements Under New York SHIELD Act

On July 25, 2019, New York State Governor Andrew Cuomo signed the “Stop Hacks and Improve Electronic Data Security Act” (SHIELD Act). The SHIELD Act amends New York’s General Business Law and is an expansion of New York’s existing cyber security and data breach notification laws. The act was updated to keep pace with individual use and dissemination of private information.
CAN-SPAMCAN-SPAM, TCPA and CASL – Best Practices for Marketing Teams
CAN-SPAM, TCPA and CASL – Best Practices for Marketing Teams

CAN-SPAM, TCPA and CASL – Best Practices for Marketing Teams

Using digital communications to reach customers has never been more popular, especially as the pandemic pushes more businesses to make consumer interactions contactless. From email to SMS, marketing teams have taken business online—but doing so brings a specific set of risks regarding data security and privacy. It is easy to get tripped up if you do not have a good grasp of the basic legal guidelines that govern commercial emails.
Data BreachBreach Response Checklist
Breach Response Checklist

Breach Response Checklist

Having handled numerous headline-making data breaches, we are often asked what are some of the key considerations in incident response. Below are a few key considerations, but each incident should be evaluated on a case-by-case basis with experienced legal counsel with technology backgrounds.
HardwareNew Potential NYSB Training Requirement Highlights Interplay of Cybersecurity and Ethical Obligations
New Potential NYSB Training Requirement Highlights Interplay of Cybersecurity and Ethical Obligations

New Potential NYSB Training Requirement Highlights Interplay of Cybersecurity and Ethical Obligations

The New York State Bar Association (NYSBA) has approved a report from the NYSBA Committee on Technology and the Legal Profession that recommends amending the mandatory continuing legal education (CLE) rule to include cybersecurity training. If approved by the CLE board, the new rule would require New York attorneys to take one CLE cybersecurity credit every two years and would make New York State the first to implement a specific cybersecurity requirement.
Breach ResponseRecent Court Decisions Warns Companies To Not Engage Incident Response Tech Firms Without First Engaging Legal Counsel
Recent Court Decisions Warns Companies To Not Engage Incident Response Tech Firms Without First Engaging Legal Counsel

Recent Court Decisions Warns Companies To Not Engage Incident Response Tech Firms Without First Engaging Legal Counsel

In any data incident the first question is – who do I call first? Well a recent court decision reminds companies that the first call should be legal counsel.