Cybersecurity Protection for your California Business

by

Just as the U.S. Department of Commerce’s National Institute of Standards and Technology (“NIST”) completes its version 1.0 National Framework for Improving Critical Infrastructure Cybersecurity, California Attorney General Kamala Harris has made clear she intends a leadership role for California. With the just published guide entitled “Cybersecurity in the Golden State: How California Businesses Can Protect Against and Respond to Malware, Data Breaches and Other Cyberincidents,” the Attorney General offers a simplified, brief, and plain English version of cybersecurity protection directed toward small and medium size California businesses that likely lack the resources to hire full-time cybersecurity personnel.

The Guide’s “Practical Steps to Minimize Cyber Vulnerabilities” is based on acknowledged deficiencies in the devices, websites, and applications at the network’s edge, and on the need for users and businesses to discipline their behavior and increase their vigilance against threats posed by Internet thieves. The best practices outlined in the Guide are not unique to small or medium size businesses and overlap to a large extent NIST’s perspective on threats and cyber recommendations from many sources. The NIST Framework provides greater detail and is more explicit in the latitude it provides for business judgments about the proportionality of precautions with respect to the specific risks posed by cybercriminals.

Both California’s Guide and NIST’s Framework seek to encourage organizations to analyze risks, determine needs, and outline plans to protect, detect, respond and recover when a cybersecurity breach occurs.

From California’s just published guidance, one thing is clear. Just as the Attorney General took the lead in privacy efforts and is leading state attorneys general in their own investigation of the Neiman Marcus, Target, and Michaels Stores breaches, she is taking the lead in protecting California businesses and consumers against cybersecurity threats, both domestically and internationally, posed by Internet criminals. Stay tuned for more developments in this area.

Finkel Law Group, with offices in San Francisco and Oakland, has worked with many companies that collect and retain business and consumer information and assisted them with policies and protocols to protect against cybersecurity threats lurking on-line When you need intelligent, insightful, conscientious and cost-effective legal counsel to assist you with how you protect and manage personal information collected from consumers, please contact us at (415) 252-9600, (510) 344-6601, or info@finkellawgroup.com to speak with one of our attorneys about your matter.