Welcome to the third edition of MoFocus, our guide to the changing risk and crisis landscape, offering insights from John Carlin and MoFo’s Global Risk + Crisis Management team.
In this edition we:
- examine the recently published SEC guidance covering a broad range of cybersecurity issues and provide advice to companies on the best disclosure practices (on page 1);
- discuss why combining the knowledge and experience of employment attorneys with white-collar defense attorneys has become crucial to conducting successful internal investigations when allegations of employee misconduct arise (on page 3);
- explore DOJ’s sweeping indictment against 36 defendants for their role in the Infraud Organization, which makes clear that companies are now not just up against solo hackers, but highly-skilled enterprises that rely on an international collection of criminal and cyber expertise (on page 5);
- analyze OFAC’s new Russia-related sanctions and discuss how these new sanctions may affect both U.S. and non-U.S. persons based on the new designations added to the list of Specially Designated Nationals and Blocked Persons (on page 6);
- assess how the CLOUD Act, which was passed into law last month, will overhaul U.S. laws for obtaining data stored overseas (on page 8);
- review key topics that companies should carefully consider when designing and implementing the bug-bounty program—a type of vulnerability-disclosure program in which organizations encourage members of the public to hack into their own company systems (on page 9); and
- share our insights on why it is time for the U.S. to fight back against Russia and put a stop to Putin’s online chaos machine (on page 11).
Read our newsletter.