Cybersecurity & Data Privacy Insights — Lindabury, McCormick, Estabrook & Cooper, P.C. Firm News & Events

3 Simple Steps Addressing Cybersecurity for Commercial Real Estate

Published on: November 3, 2020 | by Eric B. Levine

As technology associated with commercial real estate has evolved, landlords are confronted with conundrum: How to use new technologies to modernize buildings and increase profitability by attracting high quality tenants through maximizing tenant experience, while addressing the cybersecurity threats that accompany these new technologies?

The exact problem will differ based on the type of commercial property being offered by a landlord, but the overriding concern remains the same, namely, how to secure the property from cyber-security breaches. For instance, whether a landlord owns: (i) a climate controlled industrial property used for housing cloud servers, storing food or pharmaceuticals, (ii) a multi-tenant retail property with an open WIFI network and cloud-based security system, or (iii) a mixed use development with state of the art building systems, should the integrated building systems of these properties be accessed and manipulated by a hacker, it could wreak havoc on the tenants, who will seek relief from the landlord. What can a commercial landlord do today to prevent this disaster from occurring and protect its assets and reputation?

Step 1: Technology Audit

‘Cyber Security Best Practices During the Covid-19 Pandemic’ Webinar Presented by Eric B. Levine for The Suburban Chamber of Commerce

Published on: June 8, 2020 | by Lindabury, McCormick, Estabrook & Cooper, P.C.

This webinar addresses best practices to protect yourself virtually during the coronavirus pandemic.

Presented by Eric Levine, Executive Vice President of Lindabury, McCormick, Estabrook, & Cooper and Co-Chair of the firm’s Cybersecurity and Data Privacy practice, this virtual presentation was hosted by The Suburban Chamber of Commerce.

Mr. Levine works with and creates cybersecurity policies and procedures for corporate leaders as well as with internal cyber-breach response teams that respond to cyber-attacks. He advises corporations and executives on mitigating the impact of cyber-breaches and counseling on post-breach regulatory reporting and client/customer notification duties. Mr. Levine is an accomplished litigator who has trial experience in both state and federal courts. As such, he works with corporations to defend claims brought by plaintiffs affected by cyber-breaches.

6 Tips for Every Business Dealing with Remote Access and Teleworking Employees

Published on: March 29, 2020 | by Eric B. Levine

By the time you are reading this guidance, your business has likely been operating under a shelter in place order or perhaps even a governmental quarantine in response to the Coronavirus pandemic, and your staff has been operating remotely for an extended period. While it may be too soon to fully assess whether remote access and teleworking is functioning optimally for your business, it is not too soon to ensure that the process of remote access and telework is being undertaken on the enterprise level in a safe and diligent fashion. Indeed, this is a responsibility that should be addressed from the Board of Directors and C-suite level down to the factory floor.

While the topic of remote access and its impact on cybersecurity could fill up volumes, there are two aspects of remote access and telework that businesses of all sizes need to acknowledge and address immediately. First, while remote access and telework were on the rise before the Coronavirus Pandemic, they are now most assuredly an integral part of your business for the foreseeable future. Your customers and staff expect you to be able to keep your business open through remote operations, and the harsh reality is that businesses that cannot operate remotely in some capacity have less chance of success during periods of shelter in place orders, governmental quarantines and social distancing.

Second, with more staff utilizing remote access and telework during the pandemic, the likelihood of your business’s information technology and the data stored thereon being exposed through cyber-breaches and attacks has grown exponentially. There are countless articles explaining the inherent dangers of remote access and telework, but the theme that permeates them all is that working remotely comes with its own set of dangers and that hackers and cybercriminals who have already been relentlessly attacking businesses through email and phishing scams, DDoS attacks, ransomware and social engineering, have already increased their attacks on businesses using remote access. Simple changes in your staff’s routines caused by new procedures can throw them off balance and create an opportunity for a hacker to exploit.

As Coronavirus Spreads, Some Firms May Struggle to Pivot to Remote Work

Published on: March 4, 2020 | by Lindabury, McCormick, Estabrook & Cooper, P.C.

Eric Levine, Cybersecurity & Data Privacy co-chair of Lindabury, McCormick, Estabrook & Cooper, was quoted by Legaltech news, in a recent article concerning the coronavirus’ impact on law firms. Eric says “the firm is proactively reminding the firm’s lawyers and staff to remain vigilant against coronavirus-related phishing emails.

“From a cybersecurity and data privacy standpoint, people must be aware that the virus itself presents an opportunity for hackers and wrongdoers to gain access to resources,” he said. “I sent an email to our staff and attorneys with an article saying to be careful for these types of email scams, they’re more potent because they’re tied to a health scare.”

To read the full article as published online at Law.com click here, a subscription may be required.

Eric Levine Quoted in NJBIZ – “Show Me the Money: How to Counter the Growing Threat from Digital Con Artists”

Published on: June 17, 2019 | by Eric B. Levine

Eric Levine, co-chair of Lindabury’s Cybersecurity and Data Privacy practice is quoted in a recent issue of NJBIZ regarding the growing digital threat often disguised as a legitimate-looking email. Eric says that when our firm receives an email in regards to a bank transaction, “We won’t cut a check against it until it clears our financial institution, and then we’ll wait up to another 10 days. It can be an inconvenience for a client, but this way we know the money is good.”

To read the full NJBIZ article click here.

Experts Warn of Cyber Attacks on Smart Cities and Buildings

Published on: January 4, 2019 | by Eric B. Levine

Eric Levine, co-chair of Lindabury’s Cybersecurity & Data Privacy practice group spoke recently to attendees during NAIOP New Jersey’s final installment of their “Future Proof Your Buildings” series.

Coverage of the event by Real Estate Weekly was recently published providing highlights and strategies for ensuring security of smart cities throughout the state.

Eric says he believes liability is one of the fundamental risks facing building owners.

How Cybersecurity Training Protects Your Organization Even After a Breach

Published on: December 18, 2018 | by Eric B. Levine

Eric Levine and Robert Anderson co-authored the recently published article in Training Industry addressing the need of businesses to assess their own cybersecurity risks and openly exchange internal information to effectively address and mitigate an actual breach situation. Yet a company’s internal assessments of its own weaknesses and the holes in its cybersecurity protections can, ironically, actually expose the company to even greater danger in future security breach litigation.

Read the full article online here.

Training Industry, Inc. (Dec. 18, 2018). How Cybersecurity Training Protects Your Organization Even After a Breach.

Protecting Employee Data From a Human Resources Perspective

Published on: October 12, 2018 | by Eric B. Levine

Originally published in the October 2018 issue of HR News.

Combatting cyber-threats and protecting data is not only the job of an IT department. Human resource professionals play a critical role in safeguarding personally identifiable information as well. Indeed, if there is one area in every company that has in its possession a literal treasure trove of sensitive information, it is Human Resource. Who else has access to employees’ names, addresses, dates of birth, social security numbers, bank account information (for direct depositing of paychecks), health and medical information (originating form health insurance applications, flex plan reimbursement materials) and financial information, especially if your company has a self-directed 401K plan and contributions are automatically deducted from payroll. Needless to say, a data breach implicating your Human Resources department could be devastating. So what can you as a human resource professional do to assist in maintaining the integrity of your company’s data? Plenty.

Collaborate with IT and Legal departments:

Hiding in Plain Sight – Techniques to Defend Against Insider Attacks

Published on: July 11, 2018 | by Eric B. Levine

Eric Levine, Lindabury’s Cybersecurity & Data Privacy Group Co-Chair provided insight to SC Media for their recent white paper, Hiding in Plain Sight. Eric suggests that an organization consider and understand what types of data might be vulnerable to attack in order to understand the implications of responding to unauthorized accesses of that information.

You can download a copy of the white paper here.

Protecting Privilege Before and After a Cyber Breach

Published on: June 8, 2018 | by Robert W. Anderson and Eric B. Levine

If you are not already thinking about cybersecurity for your company or firm, you should be. Regardless of your organization’s size or industry, cyber crime is probably the greatest threat to your bottom line today.

One of the most important things a company/firm can do is to regularly conduct an investigation to understand what its cybersecurity defense weaknesses and vulnerabilities may be. The results of such an investigation most likely will produce a lengthy list of potential problem areas that in an ideal world should all be promptly and exhaustively remedied. Many times, this remedial approach is not feasible as most companies have budgetary and other practical limitations that may require them to prioritize which vulnerabilities to address first, and the degree of remediation of each such vulnerability that can reasonably be undertaken at a given time.

Unfortunately, another problem with this scenario is that the company or firm will end up with a written report identifying all variety of cybersecurity weaknesses, and then a set of actions that address some — but not all — of those weaknesses. If, at a later date, the organization experiences a cyber breach incident, this written report is likely to become Exhibit A of any plaintiff action against the company over that breach. The report, after all, shows that the company or firm clearly knew about certain vulnerabilities and chose not to remedy several of them.