Eversheds Sutherland Cybersecurity and Privacy Insights Blog
content top

Data Sentinel: The Evolving Role of the Attorney as Protector of Company Data

Data. It is one of your organization’s greatest assets, and a necessary part of doing business. But in today’s financial services environment, it is also a source of one of your organization’s greatest risks. In their article for FinTech Law Report, Sutherland attorneys Michael Steinig and Mary Jane Wilson-Bilik describe the attorney’s evolving role in protecting company data, and...

Pros and Cons of the Payment Card Industry Data Security Standard

The Payment Card Industry Data Security Standard (the PCI DSS) establishes the self-described minimum data protection measures required of all entities involved in payment card transactions. The PCI DSS consists of 12 basic requirements, along with testing procedures and guidance designed to assist entities in meeting each requirement. The PCI DSS itself is not a law or regulation, and...

NAIC Adopts New Cybersecurity Exam Tool

On September 21, the National Association of Insurance Commissioners IT Examination Working Group adopted amendments to the IT section of the Financial Condition Examiners Handbook to strengthen the Handbook’s already existing cybersecurity guidance. Charged with improving this guidance, the Working Group compared the Handbook’s guidance to the National Institute of Standards and...

They’re Baaaack . . . SECs Office of Compliance Inspections and Examinations Releases New Cybersecurity Risk Alert

Yesterday, the U.S. Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations (OCIE) released a Risk Alert describing OCIE’s 2015 cybersecurity exam initiative.  [link to www.sec.gov/ocie/announcement/ocie-2015-cybersecurity-examination-initiative.pdf].  As the Risk Alert notes, OCIE’s new cybersecurity initiative builds on information OCIE learned from...

FINRA Warns Broker-dealers About Increase in Denial-of-service Attacks

FINRA warned broker-dealers last week that several FINRA members have recently been the victims of distributed denial of service (DDoS) attacks from a criminal group known as DD4BC. (In general terms, a DDoS attack bombards a target website with messages in an effort to make the site unavailable to legitimate users.) According to FINRA, DD4BC first sends its target a ransom request for...