On March 15, 2022, President Biden signed into law the 2022 Consolidated Appropriations Act containing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the “Cyber Incident Reporting Act”). While President Biden’s remarks highlighted the $13.6 billion in funding “to address Russia’s invasion of Ukraine and the impact on surrounding countries,” the 2022 Consolidated Appropriations Act contained numerous other laws, including the Cyber Incident Reporting Act, which should not be overlooked. The Cyber Incident Reporting Act puts in motion important new cybersecurity reporting requirements that will likely apply to businesses in almost every major sector of the economy, including health care, financial services, energy, transportation and commercial facilities. Critical infrastructure entities should monitor the upcoming rule-making by the Cybersecurity and Infrastructure Security Agency (“CISA”), as the final regulations will clarify the scope and application of the new law.

Continue Reading President Biden Signs into Law the Cyber Incident and Reporting Act, Mandating Reporting of Cyber Incidents and Ransomware Payments

Next month, New Jersey private employers will need to start informing drivers before using GPS tracking devices in the vehicles they operate. A new state law that becomes effective April 18, 2022, requires employers to provide written notice to employees before using “electronic or mechanical devices” that are “designed or intended to be used for the sole purpose of tracking the movement of a vehicle, person, or device.” The notification requirement applies to both employer-owned or -leased and personal vehicles.

Continue Reading Considering Tracking Employees in Vehicles? New Jersey Now Requires Employers to Provide Notice

As featured in #WorkforceWednesday:  This week, we look at H.R. 4445, new federal legislation that addresses mandatory arbitration of sexual assault and harassment claims.

Continue Reading Video: New Law on Arbitration of Sexual Harassment Claims, Cyber War Ramps Up, Salaried Nonexempt Status – Employment Law This Week

The U.S. Cybersecurity and Infrastructure Agency (CISA) has urged a “Shields Up” defense in depth approach, as Russian use of wiper malware in the Ukrainian war escalates. The Russian malware “HermeticWiper” and “Whispergate” are destructive attacks that corrupt the infected computers’ master boot record rendering the device inoperable. The wipers effectuate a denial of service attack designed to render the device’s data permanently unavailable or destroyed. Although the malware to date appears to be manually targeted at selected Ukrainian systems, the risks now escalate of a spillover effect to Europe and the United States particularly as to: (i) targeted cyber attacks including on critical infrastructure and financial organizations; and (ii) use of a rapidly spreading indiscriminate wiper like the devastating “NotPetya” that quickly moves across trusted networks. Indeed, Talos researchers have found functional similarities between the current malware and “NotPetya” which was attributed to the Russian military to target Ukranian organizations in 2017, but then quickly spread around the world reportedly resulting in over $10 billion dollars in damage.[1] The researchers added that the current wiper has included even further components designed to inflict damage.

Continue Reading CISA Encourages “Shields Up” to Protect Operations and Workers as Cyber War Ramps Up

As featured in #WorkforceWednesday:  This week, we focus on new developments increasing whistleblower protections across the country and prohibiting mandatory arbitration of sexual assault and harassment claims.

Continue Reading Video: Whistleblower Regulations Increasing, #MeToo Bill Passes, Cyberfraud Risk Mitigation – Employment Law This Week

The  New York State Acting Commissioner of Health has extended the designation of COVID-19 as a highly contagious communicable disease that presents a serious risk of harm to public health under the NY HERO Act until February 15, 2022. Accordingly, the airborne infectious disease exposure prevention plans required under Section 1 of the Act must be kept in place through that date, at which point the Commissioner will review whether the designation should be continued.

Continue Reading Keep Your Safety Plans in Place: New York HERO Act COVID-19 Designation Extended Until February 15, 2022

NYC employers will soon be required to include a minimum and maximum salary on all job postings for positions performed within the City. As we previously reported, the City Council passed Int. 1208-B (Law) on December 15, 2021, and due to new NYC mayor Eric Adam’s inaction within the 30-day veto period, it became a law as of January 15, 2022. Beginning May 15, 2022, the Law requires employers with four or more employees to include a “good faith” minimum and maximum salary range on for all advertised NYC job, promotion and transfer opportunities. Additionally, the Law makes the failure to include salary range an unlawful discriminatory practice under the City’s Human Rights Law.

Continue Reading NYC Job Postings Must Include Salary Ranges Effective May 15, 2022

Recent data thefts and systems intrusions, particularly with respect to ransomware, have assured that cybersecurity is top of mind for corporate executives and compliance officials. We at EBG have tried to keep you up to date with respect to legislative, regulatory and litigation developments and recommended best practices and procedures.

As we close out the year, we all should remain mindful that cyber criminals, especially those who are supported or protected by foreign adversaries, have little incentive to rest up during the holidays.

Continue Reading Best Practices to Protect Against Increased Cyber Threats During the Holiday Season

The Cybersecurity & Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) jointly published a new resource as part of their ongoing efforts to promote awareness of, and help organizations defend against, supply chain risks. The publication, Defending Against Software Supply Chain Attacks, provides recommendations for software customers and vendors

A recently discovered security vulnerability potentially affecting at least 100 million Internet of Things (“IoT”) devices[1] highlights the importance of the newly enacted IoT Cybersecurity Improvement Act of 2020 (the “IoT Act”). Researchers at the security firms Forescout Research Labs and JSOF Research Labs have jointly published a report detailing a security vulnerability known