Although New York has yet to enact legislation regarding the use of biometric identifiers and information (i.e. facial recognition, retinal scans, etc.), a recent legislative proposal and the statutes and regulations of other jurisdictions, provide valuable guidance to New York businesses regarding permissible practices.
A discussion of the threat that social engineering (aka the “human side of hacking”) poses to law firms, and some tips and practical guidelines to reduce its effectiveness.
The ability of cyber threats to compromise information systems is an ongoing danger to all organizations. However, an emerging threat presents a new challenge—cyberattacks that may cause physical harm to systems and persons. This threat has become acute for certain sectors such as critical infrastructure.
Many companies neglect to reach out to the FBI following a cyber incident, turning instead to law firms and cybersecurity firms alone. This might be a mistake considering the practical assistance the FBI can provide to targets of a cyber attack.
Amidst the patchwork of competing state laws and sector-specific federal standards, support has been growing for a preemptive federal standard for notification following a cybersecurity incident involving the exposure of personal information. While there may be significant benefits to a federal standard, it is critical that any standard incorporate the practical challenges of responding to a data breach.