Cybersecurity Law

“A security system is only as strong as its weakest link.”[1]  Unfortunately for businesses like Target the weak links in the cybersecurity more often than not arise out of relationships with third-parties. According to a survey conducted by Ponemon Institute in 2017, 56% of companies who suffered a data breach did so because of a vendor.[2] Without exercising the appropriate level of due diligence, companies who suffer a data breach by way of third-party vendors invariably get stuck holding the proverbial bag.  Target and its HVAC Vendor The Target breach should represent a cautionary tale for all businesses. In 2013, Target had over 40 million credit cards stolen from its point of sale systems. The weak spot exploited by the bad guys? A third-party vendor, but not just any vendor. The culprit was Target’s HVAC vendor. To be concise, the Target breach occurred because: Hackers installed malware by way of a malicious email on […]

You’ve probably heard the phrase, “You have to spend money to make money,” but what about, “You have to protect money to accept money”? The acceptance of credit cards is a critical and necessary function for any business. In order to reduce the cost around compliance, the vast majority of small and mid-sized companies process and store credit card payments by way of a third-party payment processor. Yet contrary to popular belief, the outsourcing of payment processing to any third-party neither negates a company’s PCI DSS responsibilities nor shields it from an assortment of legal liabilities. As this article will explain, a payment card data breach of any company not in compliance with PCI DSS opens up pandora’s box to an assortment of legal calamities. WHAT IS PCI DSS, ANYWAYS? Created by the five payment brands (American Express, Discover Financial Services, JCB International, Mastercard, and Visa, Inc.), PCI DSS stands […]