DHS Releases Report Addressing Security Threats in Ag Tech

DHS Releases Report Addressing Security Threats in Ag Tech

The Department of Homeland Security (DHS) recently released a report entitled “Threats to Precision Agriculture” regarding Ag Tech. The report addresses the security threats related to the adoption and impact of new digital technologies in crop and livestock production, highlights the potential vulnerabilities arising from using precision agriculture, identifies potential threat scenarios, and possible best

SEC: Cybersecurity Procedures Must be Reasonably Designed to Fit Specific Business Models

SEC: Cybersecurity Procedures Must be Reasonably Designed to Fit Specific Business Models

The Securities and Exchange Commission recently announced that a Des Moines-based broker-dealer and investment adviser has agreed to pay $1 million to settle charges related to its failures in cybersecurity policies and procedures surrounding a cyber intrusion that compromised personal information of thousands of customers. This is the latest SEC action demonstrating that cybersecurity must be tailored to the practices of the business.

The SEC charged Voya Financial Advisors Inc. (VFA) with violating the Safeguards Rule and the Identity Theft Red Flags Rule, which are designed to protect confidential customer information and protect customers from the risk of identity theft.  This is the first SEC enforcement action charging violations of the Identity Theft Red Flags Rule.

CFTC Sues and Settles with AMP Global Clearing over Cybersecurity Failures

CFTC Sues and Settles with AMP Global Clearing over Cybersecurity Failures

The Commodity Futures Trading Commission (CFTC) today issued an Order filing and simultaneously settling charges against AMP Global Clearing LLC, a registered FCM, for its failure to diligently supervise the implementation of critical provisions in AMP’s information systems security program (ISSP). As a result of this failure, a significant amount of AMP’s customers’ records and information

FBI Cyber Division Warns Cyber Hacktivists Targeting Data-Extraction Companies

FBI Cyber Division Warns Cyber Hacktivists Targeting Data-Extraction Companies

Today, the Federal Bureau of Investigation, Cyber Division released Private Industry Notification (PIN) 180110-001 regarding the targeting of individuals, companies, law enforcement agencies, and government officials by Hacktivists through doxing and other means to promote their ideologies. . The alert was released as TLP: Green and the details, including useful information for protection from doxing,

The Importance of a Cybersecurity and Disaster Recovery Plan

The Importance of a Cybersecurity and Disaster Recovery Plan

Kennyhertz Perry Partner Braden Perry was featured in Bluelock’s recent whitepaper, discussing the importance of a cybersecurity and disaster recovery plans. Perry said, “In the event of a malicious attack, a company should have systems in place to keep operational or at least backups where the company is not affected or very slightly affected. In the event of a total disruption of the business, it is too late to mitigate and you will likely see dramatic costs to the business, especially small or mid-sized businesses. Being proactive rather than reactive is the key.”

Perry’s comments not only show the importance of a proactive plan, but a disaster recovery procedure if a disruption of business occurs. As a member of the Kennyhertz Perry’s Privacy, Cybersecurity, and Breach Management practice group, Perry assists clients in prevention, developing robust information security programs, including administering internal compliance and risk assessments, which include the development and implementation of corporate policies and procedures required for compliance with state and federal privacy and security laws, and information security best practices; information security policies; records retention and management policies.

Braden Perry Discusses Email Discretion with Ragan.com

Braden Perry Discusses Email Discretion with Ragan.com

Kennyhertz Perry Partner Braden Perry was recently interviewed by Ragan.com about the timely issue of email discretion. Perry, a cybersecurity attorney who trains companies in email usage and emerging technological topics, provided the following advice: Communicate what you need to communicate, and only that. Leave sarcasm and jokes for the water cooler.

“You should always think that any email you write could be published on page one for all to read,” he says. “Ask yourself: Is it necessary to write? Or can I call and provide the same information?”

As a former federal enforcement attorney, Perry knows the dangers of errant emails. Frequently, an email would be the smoking gun necessary for prosecution.

Cybersecurity Experts Needed on the Board

Cybersecurity Experts Needed on the Board

Kennyhertz Perry partner Braden Perry spoke with TechTarget recently regarding the importance of cybersecurity experts on your Board. “Many boards are filled with very sophisticated business people who are not sophisticated in areas of information technology and security. Information security has become a real issue and a void most boards have,” Perry said. As a

Braden Perry Discusses MedSec Holdings and Muddy Waters Capital with FedScoop

Braden Perry Discusses MedSec Holdings and Muddy Waters Capital with FedScoop

Kennyhertz Perry partner Braden Perry was contacted recently by FedScoop.com to discuss the actions of MedSec Holdings, a cybersecurity firm who privately performed security penetration tests on St. Jude Medical’s devices, but then proceeded to partner with a short-seller rather than directly notify the medical device maker. “This disrupted the market and potentially put people at harm by

Cybersecurity and Breach Management Attorneys

Cybersecurity and Breach Management Attorneys

Kennyhertz Perry assists clients with data security needs, blending traditional legal experience in the corporate and litigation arenas with technical acumen as well as breach management. We assist clients in prevention, developing robust information security programs, including administering internal compliance and risk assessments, which include the development and implementation of corporate policies and procedures required

Braden Perry Discusses Rouge Insiders and Cybersecurity with Digital Guardian

Kennyhertz Perry partner Braden Perry was one of several data security and cybersecurity attorneys asked to compare the risks of insider threats vs. outsider threats with Digital Guardian, a leading platform for digital protection. Perry, a member of the firm’s Regulatory & Compliance Practice Group, discussed how insiders have are more dangerous to an entity due to their access to data. “There’s not much, besides compartmentalization and monitoring, that you can do if an insider wants to reach data,” Perry said.

Preparation and prospective mitigation are keys to limiting opportunities: ” While no single strategy fits all, practicing basic cyber hygiene would address or mitigate a vast majority of security breaches. Being prepared if an intrusion occurs is also critical and having a communications method for response, actively monitoring centralized host and networks, and including enhanced monitoring to detect known security events is a must. With a well-oiled cyber policy, you can mitigate outsiders significantly,” he said.

Braden Perry Speaks on FCPA Investigation Cooperation and Avoiding Common Corporate Mistakes

Braden Perry spoke today on Foreign Corrupt Practices Act (“FCPA”) Investigation Cooperation: Avoiding Common Corporate Mistakes on the Knowledge Group Webcast series. Mr. Perry shared his FCPA knowledge with an audience ranging from corporate executives to other legal practitioners. Key topics included: FCPA Enforcement – A 2016 Overview Common FCPA Corporate Missteps during Investigation Strategies for Thorough