Connect with us

News

Victims of SolarWinds Cyberattack Face Investigation Costs, Liability Issues

Published

on

While the customers impacted by the recent SolarWinds Corp. cyberattack are rightly being described as victims, they are nonetheless facing significant costs stemming from the incident.

SolarWinds’ customers will need to determine whether any of their data was accessed or exfiltrated. Making that determination requires a digital forensics investigation, typically involving a third-party security vendor.

First, the Forensic Investigation

The forensics bill depends on factors such as the number and types of devices and systems on a network, the geographic distribution of the network, and whether the customer already had a contract with a security vendor to provide such services in the event of a security incident.

If investigators determine that certain categories of personal information of residents of U.S. states or certain foreign countries was accessed or exfiltrated from a SolarWinds customer, the victim will need to provide notices to affected individuals. It is considered a best practice to offer credit repair and monitoring services and call centers to assist affected individuals.

Depending on its contracts, the victim company also may be required to notify its business customers and vendors and to reimburse them for expenses they incur in investigating and mitigating the effects of the breach and providing notifications. It may also be required to indemnify them for third-party lawsuits and regulatory proceedings.

The victim company may also be required to notify regulators or state attorneys general. Such agencies may issue fines if their investigations find that the company’s cybersecurity practices were not adequate or that the company did not notify within a required time frame. Additionally, the victim company may incur substantial costs in defending consumer, business partner, or shareholder derivative lawsuits.

Furthermore, after it has been determined that an adversary has accessed a network, there is a debate about whether any device on the network can be trusted and remain in use. Many IT security practitioners recommend fully rebuilding a network that has been breached by malware.

Take Proactive Steps to Address Potential Liability

Once the security incident has occurred, there are limits to what a company can do to minimize its liability. It can work cooperatively with its business partners to reduce the likelihood that they will sue. But other costs, such as class action suits, regulatory fines, or legal fees are considerably less controllable.

Not surprisingly, the best time to address potential liability for a security incident is before it happens. All companies, regardless of whether they were victims of the SolarWinds breach, should consider taking the following proactive measures:

  • Contracts with business partners should have reasonable limitations of liability and the implications of the cost of data breach provisions and indemnities should be carefully scrutinized, not just for each contract as it is negotiated, but in the aggregate for all contracts.
  • Companies should have cyber-insurance policies in place and, because the details of cyber-insurance coverage vary, they should also have a good working knowledge of what is and is not covered by the policies.
  • Companies should follow reasonable cybersecurity practices, not only to reduce the chances of experiencing a security incident, but to reduce the likelihood of being fined or successfully sued if an incident outside their control occurs.
  • Companies should regularly conduct a risk assessment and develop and update a written security plan based on the risk assessment.

In fact, many statutes and regulatory frameworks, such as the New York SHIELD Act, the Massachusetts Standards for the Protection of Personal Information, the rules and guidelines issued under the federal Gramm-Leach-Bliley Act, and New York’s Department of Financial Services Cybersecurity Regulation, require risk assessments, written security plans, and the use of reasonable cybersecurity measures.

Also, the California Consumer Privacy Act gives private litigants a right to sue if their personal information is exfiltrated as a result of a company’s failure to use reasonable security measures.

Assess Future Risk, Take Compliance Steps

What security measures are reasonable is heavily driven by the risk assessment. Recognized standards such as ISO 27001, the National Institutes of Standards and Technology Cybersecurity Framework, or the Center for Internet Security Critical Security Controls can be used to determine what is reasonable. Using an accredited outside vendor to certify compliance can help establish the proper diligence.

Common best practices include network segmentation, appropriate logging, use of intrusion detection systems, multi-factor authentication, use of current encryption standards in connection with data at rest and in transit, strong password requirements, use of password managers, regularly backing up data and testing the restoration of data, patching and vulnerability management, and regularly testing security controls and incident responses. Data retention policies also should not be overlooked , since data that a company has not retained cannot be the subject of a data breach.

Educating employees about risks and best practices is also important. Additionally, companies should foster close multi-stakeholder coordination and communication about security. Representatives from the security organization, legal, IT, procurement, and product or sales groups should be included in the discussions.

Companies have exposure to significant potential liability arising from the SolarWinds security incident and a short set of options for limiting that liability. The best time for a company to limit its liability for security incidents is before they happen.

This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.

Write for Us: Author Guidelines

Author Information

Andrew Baer is chair of the Technology, Privacy & Data Security group at Cozen O’Connor where he focuses his practice on cutting-edge technology transactions on both the buy-side and sell-side, cloud computing, data privacy, security compliance, software, and transactions in the digital advertising ecosystem.

Christopher Dodson is an attorney at Cozen O’Connor, where he focuses his practice on privacy, technology, and regulatory law. He works extensively with clients on issues rated to compliance with the GDPR, CCPA, and privacy and data security laws.

Source link

Continue Reading

News

Are Sallie Mae Student Loans Federal or Private?

Published

on

When you hear the name Sallie Mae, you probably think of student loans. There’s a good reason for that; Sallie Mae has a long history, during which time it has provided both federal and private student loans.

However, as of 2014, all of Sallie Mae’s student loans are private, and its federal loans have been sold to another servicer. Here’s what to know if you have a Sallie Mae loan or are considering taking one out.

What is Sallie Mae?

Sallie Mae is a company that currently offers private student loans. But it has taken a few forms over the years.

In 1972, Congress first created the Student Loan Marketing Association (SLMA) as a private, for-profit corporation. Congress gave SLMA, commonly called “Sallie Mae,” the status of a government-sponsored enterprise (GSE) to support the company in its mission to provide stability and liquidity to the student loan market as a warehouse for student loans.

However, in 2004, the structure and purpose of the company began to change. SLMA dissolved in late December of that year, and the SLM Corporation, or “Sallie Mae,” was formed in its place as a fully private-sector company without GSE status.

In 2014, the company underwent another big adjustment when Sallie Mae split to form Navient and Sallie Mae. Navient is a federal student loan servicer that manages existing student loan accounts. Meanwhile, Sallie Mae continues to offer private student loans and other financial products to consumers. If you took out a student loan with Sallie Mae prior to 2014, there’s a chance that it was a federal student loan under the now-defunct Federal Family Education Loan Program (FFELP).

At present, Sallie Mae owns 1.4 percent of student loans in the United States. In addition to private student loans, the bank also offers credit cards, personal loans and savings accounts to its customers, many of whom are college students.

What is the difference between private and federal student loans?

When you’re seeking financing to pay for college, you’ll have a big choice to make: federal versus private student loans. Both types of loans offer some benefits and drawbacks.

Federal student loans are educational loans that come from the U.S. government. Under the William D. Ford Federal Direct Loan Program, there are four types of federal student loans available to qualified borrowers.

With federal student loans, you typically do not need a co-signer or even a credit check. The loans also come with numerous benefits, such as the ability to adjust your repayment plan based on your income. You may also be able to pause payments with a forbearance or deferment and perhaps even qualify for some level of student loan forgiveness.

On the negative side, most federal student loans feature borrowing limits, so you might need to find supplemental funding or scholarships if your educational costs exceed federal loan maximums.

Private student loans are educational loans you can access from private lenders, such as banks, credit unions and online lenders. On the plus side, private student loans often feature higher loan amounts than you can access through federal funding. And if you or your co-signer has excellent credit, you may be able to secure a competitive interest rate as well.

As for drawbacks, private student loans don’t offer the valuable benefits that federal student borrowers can enjoy. You may also face higher interest rates or have a harder time qualifying for financing if you have bad credit.

Are Sallie Mae loans better than federal student loans?

In general, federal loans are the best first choice for student borrowers. Federal student loans offer numerous benefits that private loans do not. You’ll generally want to complete the Free Application for Federal Student Aid (FAFSA) and review federal funding options before applying for any type of private student loan — Sallie Mae loans included.

However, private student loans, like those offered by Sallie Mae, do have their place. In some cases, federal student aid, grants, scholarships, work-study programs and savings might not be enough to cover educational expenses. In these situations, private student loans may provide you with another way to pay for college.

If you do need to take out private student loans, Sallie Mae is a lender worth considering. It offers loans for a variety of needs, including undergrad, MBA school, medical school, dental school and law school. Its loans also feature 100 percent coverage, so you can find funding for all of your certified school expenses.

With that said, it’s always best to compare a few lenders before committing. All lenders evaluate income and credit score differently, so it’s possible that another lender could give you lower interest rates or more favorable terms.

The bottom line

Sallie Mae may be a good choice if you’re in the market for private student loans and other financial products. Just be sure to do your research upfront, as you should before you take out any form of financing. Comparing multiple offers always gives you the best chance of saving money.

Learn more:

Source link

Continue Reading

News

Tips to do some fall cleaning on your finances

Published

on

Wealth manager, Harry Abrahamsen, has five simple ways to stay on top of the big financial picture.

PORTLAND, Maine — Keeping track of our financial stability is something we can all do, whether we have IRAs or 401ks or just a checking account. Harry J. Abrahamsen is the Founder of Abrahamsen Financial Group. He works with clients to create and grow their own wealth. Abrahamsen shares five financial tips, starting with knowing what you have. 

1. Analyze Your Finances Quarterly or Biannually

You want to make sure that your long-term strategy is congruent with your short-term strategy. If the short-term is not working out, you may need to adjust what you are doing to make sure your outcome produces the desired results you are looking to accomplish. It is just like setting sail on a voyage across the Atlantic Ocean. You know where you want to go and plot your course, but there are many factors that need to be considered to actually get you across and across safely. Your finances behave the exact same way. Check your current situation and make sure you are taking into consideration all of the various wealth-eroding factors that can take you completely off course.

With interest rates very low, now might be a good time to consider refinancing student loans or mortgages, or consolidating credit card debt. However, do so only if you need to or if you can create a positive cash flow. To ensure that you are saving the most by doing so, you must look at current payments, excluding taxes and insurance costs. This way you can do an apples-to-apples comparison.

The most important things to look for when reviewing your credit report is accuracy. Make sure the reporting agencies are reporting things actuary. If it doesn’t appear to be reporting correct and accurate information, you should consult with a reputable credit repair company to help you fix the incorrect information.

4. Savings and Retirement Accounts

The most important thing to consider when reviewing your savings and retirement accounts is to make sure the strategies match your short-term and long-term investment objectives. All too often people end up making decisions one at a time, at different times in their lives, with different people, under different circumstances. Having a sound strategy in place will allow you to view your finances with a macro-economic lens vs a micro-economic view. Stay the course and adjust accordingly from a risk and tax standpoint.

RELATED: Financial lessons learned through the pandemic

A great tip for lowering utility bills or car insurance premiums: Simply ask! There may be things you are not aware of that could save you hundreds of dollars every month. You just need to call all of the companies that you do business with to find out about cost-cutting strategies. 

RELATED: Overcome your fear of finances

To learn more about Abrahamsen Financial, click here

Source link

Continue Reading

News

How to Get a Loan Even with Bad Credit

Published

on

Sana pwedeng mabura ang bad credit history as quickly and easily as paying off your utility bills, ‘no? Unfortunately, it takes time. And bago mo pa maayos ang bad credit mo, more often than not, kailangan mo na namang mag-avail ng panibagong loan. 

Good thing you can still get a loan even with bad credit, kahit na medyo limited ang options. How do you get a loan if you have bad credit? Alamin sa short guide na ito. 

For more finance tips, visit Moneymax.

 

 

Source link

Continue Reading

Trending