Part of any good cybersecurity program rests on spreading good habits and inculcating employees with best practices around handling data and using network resources. In this cybersecurity is as much a behavioral challenge as it as a technological one. That’s precisely why the recent coronavirus outbreak, or COVID-19, is so potentially harmful to a company’s cybersecurity efforts.

Already, we have seen a large number of event cancellations and the shuttering of offices around the world as organizations attempt to balance public health concerns with business as usual. Many companies are actively encouraging their employees to work from home if possible. For organizations that do this routinely, coronavirus-related cybersecurity issues will be less of a concern; however, for a great many businesses, working remotely is not the norm, and it will necessarily disrupt work patterns and processes.


Continue Reading Maintaining Privacy and Cybersecurity Vigilance during the Coronavirus Outbreak

In response to increasing actions by “foreign adversaries” to create and exploit “vulnerabilities in information and communications technology and services”, President Trump issued Executive Order 13873 (“E.O. 13873”) on May 15, 2019. The range of transactions which could potentially be covered under the forthcoming E.O. 13873 rules and regulations is quite broad and could include

Fresh off the heels enacting the California Consumer Privacy Act, California Governor, Jerry Brown, signed the country’s first law governing the security of Internet of Things or connected devices. The bill, SB 327, is entitled “Security of Connected Devices.”

Beginning on January 1, 2020, all manufacturers of connected devices will be required to equip the device with reasonable security features to protect against the unauthorized access, destruction, use, modification or disclosure of information that is collected or transmitted by the device.
Continue Reading California Steps into the Fray to Regulate the Security of Connected Devices

Let’s say that your next idea—which could be the next big idea—involves a web-based collection, compilation, or some presentation of a sliver of “big data” so pioneering, maybe even disruptive, that customers and investors will come chomping at the bit to get their hands on it. Your idea, undoubtedly, has an e-commerce angle, such as a proprietary feature complete with pricing information indexed for your customers’ convenience. A meaningful portion of your solution’s value will likely stem from this carefully selected catalog of prices. So, how do you protect it?

There are several mechanisms of protection at your disposable—some technical and others legal, for example. Determining the specific type and degree of security measures that you will deploy to defend against the myriad of potential threats is a business decision, which must be made early and revisited often.  However, one modern technical phenomenon, data scraping, presents a particularly tricky business dilemma warranting a deeper level of analysis.


Continue Reading Publicly Available Data: To Scrape or Not to Scrape?

On March 15, 2018 the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) exercised its authority to issue cyber sanctions under Executive Order 13694 and the new Countering America’s Adversaries Through Sanctions Act (CAATSA) by imposing blocking sanctions against 5 Russian entities and 19 Russian individuals connected to previous Russian cyber operations directed towards the United States. In an accompanying press release, OFAC stated that these sanctions were intended to counter Russian destabilizing activities such as interference in the 2016 US election, the 2017 global NotPetya cyber-attack and other cyber-attacks directed at critical U.S. infrastructure sectors. One aspect of this move was somewhat puzzling, because 9 of the total 24 sanctioned entities and individuals were already subject to blocking sanctions for their previous activities. For those 9 sanctioned entities and individuals, (which include Russia’s Federal Security Service (the FSB) and Main Intelligence Directorate (the GRU), whose initial designation we covered here), it is unclear what OFAC seeks to accomplish by imposing blocking sanctions against them for a second time.

Continue Reading OFAC Imposes More Russian Cyber Sanctions and Foreshadows Future Oligarch Sanctions

healthcare technology iotThe influence of the Internet of Things (IoT) will undoubtedly be transformational with a total potential economic impact estimated to be $3.9 trillion to $11.1 trillion a year by 2025. In the race into the IoT marketplace, there are both known and unknown legal hurdles that will affect those who offer of goods and services during the proliferation of the Internet of Things.

Some of the current and potential legal hurdles related to the IoT are well known, some are not, and some are the result of the intersection between the physical and virtual worlds, and the collision between two intersecting major drivers of innovation in IoT. On one hand, there are the established manufacturers of products and consumer goods whose expertise in developing, testing and manufacturing products puts them in an advantageous position. On the other hand, there are the technology companies who are used to developing software and whose expertise lies in software development, data collection, and data processing.
Continue Reading Hurdles the Internet of Things Must Clear for Manufacturers and Providers

International flagsThe Office of Foreign Assets Control (“OFAC”) recently announced new sanctions on entities and individuals in Iran and Mexico. These sanctions were designated against individuals associated with Iran’s Islamic Revolutionary Guards Corps (“the Quds Force”), Iranian entities involved in hacking against American financial institutions in 2011 and 2012, and Mexican businesses and individuals associated with drug trafficking.

Continue Reading OFAC Announces New Sanctions on Iran and Mexico

Social media cubesIt seems like we hear about a new data breach every week. Thanks to one of the most recent breaches, you could be only ten dollars away from getting in touch with your favorite A-list celebrity. Instagram — the Facebook-owned photo sharing company — was recently hacked due to a flaw in the program. Most recent reports indicate up to six million Instagram users’ email addresses and phone numbers may have been made public due to the data breach.

While the breach initially appeared to affect only celebrities and verified accounts, it has now been shown to affect a much wider range of accounts.


Continue Reading Instagram Hacked: What to Do to Protect Yourself in an Age of Data Breaches

data securityYou are an entrepreneur. You have great ideas. Those ideas are going to change your industry. In most cases, to accomplish those goals, you are going to need help from others. How do you protect your intellectual property and data? You need to focus on protecting those assets in the contracting process.

Most developing companies rely on third party service providers. As an entrepreneur, you will likely rely on hosting and cloud solutions. While we advise that you consider business considerations first, you should also consider legal issues relating to data privacy and security issues. You cannot achieve 100% security for your assets, but there are many ways to protect yourself. You should also consider obtaining cyber-liability insurance for your company and you should ask your service providers whether they have it.


Continue Reading Protecting Your Data and Intellectual Property