Cybercriminals are known to attack networks and individuals at inopportune times of crisis—and the coronavirus pandemic, unfortunately, presents just such an opportunity as millions are accessing corporate networks and databases from home. This past weekend New Jersey and Connecticut joined the growing list of jurisdictions (e.g., California, Delaware, Illinois, Louisiana, Ohio, and New York) to issue orders effectively requiring non-essential workers to avoid the workplace, and in some cases, to shelter-in-place.

Working remotely, whether short-term or permanent comes with many perks, but it also poses many new risks for the security of your organization’s data. For example, if an employee-owned device (laptop, PC, etc.) is connected to the company’s network and contains a virus or malware, they could be spread to your company’s network. Additionally, it becomes more of a challenge to verify the legitimacy of emails (for example, you’re no longer right down the hall from your CEO who requested an unusual wire transfer), you may be unfamiliar with policies and procedures as they pertain to a work from home environment, and the list goes on.

As millions of workers log into work from home to avoid the spread of COVID-19, there’s the risk that they could increase the chance of exposure to another kind of virus, the kind that can lock up corporate networks.

The Advisor Armor Cybersecurity Compliance Applet, introduced last December, represents a key security control when allowing for remote and distributed workforces during this disruptive time.

The Applet (VIDEO HERE) provides the following benefits, on unlimited devices per email license (meaning work and home computers at no additional cost):

Cyber criminals come in all shapes and sizes — and from any number of demographic backgrounds — so it's imperative that small businesses protect themselves from malicious intent.

The SEC and FINRA have made clear that market participants retain accountability for certain activities carried out on the platforms of external vendors and should not rely on vendors' controls to satisfy the firm's own obligations.  To avoid the pitfalls of such third-party arrangements, firms should incorporate these relationships into their regular risk assessments.  Where deficiencies are identified, firms should establish a system of risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks of this business activity.  Critically, Firms must implement and practice meaningful management oversight of vendor relationships, with clear escalation lines.

National standards would be preferable to a patchwork of state-by-state rules when it comes to dealing with rapidly evolving cyberthreats - but it won’t happen!

The SHIELD Act, 2019 N.Y. Ch. 117, which was signed into law by Governor Cuomo on July 25, 2019, modifies existing data breach law to expand the definition of “Private Information” and imposes new substantive cybersecurity requirements.

On January 27, 2020, OCIE issued a report detailing cybersecurity and resiliency observations the staff made after "thousands of examinations of broker-dealers, investment advisers, clearing agencies, national securities exchanges, and other SEC registrants." The report offers a snapshot of current market practices in seven key areas:

2020 may very well be the most impactful year for data privacy and cybersecurity in the United States. In honor of Data Privacy Day, we discuss some of the reasons why that may be the case. In short, as privacy and cybersecurity risks continue to emerge for organizations large and small, the law is beginning to catch up which is prompting a significant uptick in compliance efforts.