Now that the WannaCry ransomware has your attention and the attention of everybody else, it is time to start thinking about your company’s cybersecurity legal and compliance obligations.

Do you know whether your company will be impacted by New York’s expansive and global reaching Cybersecurity Regulations? The new Regulations govern many companies that do business in New York as well as other companies they do business with, even if they are not located in or doing business in New York.

The Regulations became effective in March and enforcement begins on August 28, 2017. For companies directly regulated (Covered Entities), the Cybersecurity Regulations provide an outline of essential standards, dictate who should lead the process,andmandate top down buy-in by management and the Board of Directors through these mechanisms:

  • Each Covered Entity must assess its unique risk profile and design a cybersecurity risk management program that addresses its risks in a robust fashion.
  • Each Covered Entity must designate a qualified individual to serve as its Chief Information Security Officer responsible for overseeing and implementing its cybersecurity program that must include things such as cybersecurity-focused policies and procedures and workforce training, penetration testing, third party service provider policies and procedures, development of an incident response plan, and stringent reporting obligations.
  • Each Covered Entity’s senior management must be responsible for its cybersecurity program and file an annual certification confirming compliance with the Cybersecurity Regulations that is attested to by either a Senior Officer or the Chairman of the Board of Directors.

I am inviting you to a COMPLIMENTARY WEBINAR I will be hosting to explain which companies will be impacted and the details about this new law.

Date: Tuesday, May 23, 2017
Time: 10:00 CST
Can’t attend at that time? No problem, register to view it online at your convenience.

REGISTER HERE!

The webinar is being brought to you courtesy of Boldon James, Cyber Future Foundation, and Scheef & Stone. I look forward to your joining us for this webinar and welcome any questions you may have.

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Published by Shawn E. Tuma

Shawn Tuma is an attorney who is internationally recognized in cybersecurity, computer fraud and data privacy law, areas in which he has practiced for nearly two decades. He is a Partner at Spencer Fane, LLP where he regularly serves as outside cybersecurity and privacy counsel to a wide range of companies from small to midsized businesses to Fortune 100 enterprises. You can reach Shawn by telephone at 972.324.0317 or email him at stuma@spencerfane.com.

Leave a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Business Cyber Risk

Subscribe now to keep reading and get access to the full archive.

Continue reading