In a recent blog post discussing business email compromise (“BEC”) schemes, we shared tips for preventing and responding to these incidents in remote work environments. This week, Bloomberg Law has posted Part Two of our series on BECs, which relates to the allocation of losses that often result from successful BEC attacks. In this installment, we discuss an emerging legal…

On July 7, 2020, please join Avi Gesser and Mengyi Xu from Debevoise’s Data Strategy & Security Group, along with our special guests, Luke Tenery and Joe Shepley of Ankura, for a discussion on how companies can identify and reduce the risks associated with employee credential security, including: Making sure that furloughed and departing employees do not have access to…

As many people return to their workplaces, cybersecurity attacks continue unabated. Email phishing remains the most common method by which cybercriminals first gain unauthorized access. These phishing attacks can then lead to ransomware incidents, business email compromise scams and other destructive cyber attacks. So, training employees to be able to spot phishing emails is as important as ever, as is…

Ransomware attacks continue to plague businesses across the globe. As companies enhance their defenses, attackers increase the sophistication of their software and its deployment. Ransomware attacks used to be limited to the locking of a company’s computer system by encryption software and a demand to pay in order to obtain the key, but not anymore. In early June 2020, for…

On June 23, 2020, please join Avi Gesser and HJ Brehmer from Debevoise’s Data Strategy & Security Group, along with our special guest, Dave Wong, VP at FireEye Mandiant, for a discussion on the current threat landscape of Ransomware 2.0 and associated mitigation strategies and considerations, including: Ransomware 2.0 and the current threat landscape, including COVID-19 related phishing e-mails, attacks…

On June 16, Avi Gesser, Stephanie Cipolla, and special guests Art Ehuan from Crypsis and Ed Cabrera from Trend Micro discussed the hallmarks of a reasonable corporate cybersecurity program for the purposes of defending litigation or responding to regulatory inquiries, including: Technical controls (MFA, access rights, encryption, network segmentation, endpoint detection, etc.) Administrative controls (policies, procedures, training, resources, vendor management, etc.)…

Introduction Much has been written recently on the increased cybersecurity and privacy risks that companies are facing. One of the most effective ways for organizations to mitigate those risks is to significantly reduce the amount of data that they collect and maintain. Having less data means that there is less sensitive information to protect from hacks or leaks which is…

On June 9, Calvin A. Shivers, Assistant Director of the Criminal Investigative Division of the FBI, testified before the Senate Judiciary Committee regarding a variety of frauds during COVID-19, including Business Email Compromise (“BEC”) frauds and the FBI’s response. BECs are among the most successful and persistent forms of cyber attacks. Indeed, the FBI has seen increases in cyber-enabled financial…

Today, Debevoise’s Data Strategy & Security practice (DSS) is launching a Data Blog to help clients identify and respond to emerging issues, and a Debevoise Data Portal to help clients facing a breach assess and begin addressing their notification obligations within minutes of detection. We are also introducing DSS as the new name for our practice, which had been called Cybersecurity & Data…

It looks like the California Attorney General’s implementing regulations for the California Consumer Privacy Act (“CCPA”) are, finally, final. On June 1, 2020, the California Attorney General submitted for publication the final proposed regulations. The California Office of Administrative Law now has 30 working days, plus an additional 60 calendar days under an Executive Order issued in connection with the…