Home/Steve Fiergang

About Steve Fiergang

Steve is both General Counsel and Cyber Risk Management Evangelist for Layer 8 Security. His practice focuses on working with clients to develop and implement the policies and procedures designed to ensure the security of information systems and nonpublic information accessible to, or held by, third-parties, along with a variety of other requirements to protect the confidentiality, integrity and availability of information systems. Beyond, Steve has cultivated a cyber insurance expertise, assisting clients in navigating the myriad of new cyber insurance products and policy placements. Steve lectures locally and is collaborating with Immaculata University to develop a course of study in Cybersecurity Governance.

Even Congress understands – Strong cybersecurity strategy is a must

Recently, Senator Jim Risch (R-Idaho) posted an op-ed on CNBC titled: Strong cybersecurity strategy is no longer a luxury for small business. I invite you to read the piece here. As a cyber evangelist, it is always heartwarming to see our legislators acknowledge, openly and honestly, the danger to small business that ransomware and other online schemes represent. In the article, Sen. Risch paraphrased a recent FBI press release, which characterized the number of online schemes to swindle both businesses [...]

2020-07-23T12:43:23-04:00By |

Data Security In The Coronavirus Age

A friend of mine just published an interesting piece in the opinion/commentary section of the Wall Street Journal, entitled Buildings Beef Up Security in the Coronavirus Age. This article discusses the societal tradeoff between safety and privacy. We have (globally) been accepting a diminishment of our individual privacy rights for the betterment of the greater good for some time. Should this idea seem at all novel, consider your last trip to the airport. Even more interesting than the article has [...]

2020-07-13T14:38:56-04:00By |

Stop the music! Law firm hack foreshadows celebrity doxing

Once again, a major New York law firm was hit by a ransomware attack, exposing their client’s personal and private information - several of whom are prominent musicians. The specific ransomware, commonly referred to as REvil or Sodinokibi, has done significant damage since being introduced in 2019. Viewed in isolation, this event - this specific attack and its effect on these unlucky celebrities - seems almost run of the mill. After all, the event involving Panamanian law firm Mossack Fonseca [...]

2020-05-15T10:13:28-04:00By |

Financial repercussions for Marriott in wake of data breach

Day by day, we gloss over the latest breach news without connecting the event with our own company. Data breach cases are daily events in the media, so even a well-read businessperson can be lulled into 'data breach fatigue.' While the reputational damage of a data breach incident is easy to see and feel, financial liability is harder to quantify from a distance. Cautionary tales abound, and here's a prime example. In November 2018, Marriott announced that it had been [...]

2020-04-28T08:37:26-04:00By |

Important precedent in PA data breach law

Data breach litigation will be forever changed; the Pennsylvania Supreme Court is leading the way. In a groundbreaking decision this past November, the Pennsylvania Supreme Court altered the data breach litigation landscape. In Dittman vs. UPMC, the court held that all employers have a common law, legal duty to use reasonable care to safeguard employee’s personal information. For reference, you can view the published opinion here: The court went on to say that Pennsylvania’s economic loss doctrine permits recovery [...]

2018-12-18T15:00:59-05:00By |

SEC charges investment adviser firm: $1M settlement accepted

The Securities and Exchange Commission (SEC) and its Office of Compliance Inspections and Examinations (OCIE) has long been advising the financial industry that cybersecurity is its top priority (see my prior blogpost. ( In late September, the SEC announced that an Iowa based broker-dealer and investment adviser, Voya Financial Advisors Inc. (VFA) has agreed to pay $1 million to settle charges regarding its failure to maintain adequate cybersecurity policies and procedures, as they related to a compromise of the company’s [...]

2018-11-13T14:22:47-05:00By |

The SEC announces its 2017 examination priorities

Attention to those in the financial industry, particularly, Broker/Dealers, Investment Advisers and Firms involved with Pension Funds and Seniors; OCIE is focused on you. The SEC's National Examination Program (NEP) of the Office of Compliance Inspections and Examinations (OCIE) announced that its examination priorities in 2017 will focus on three general areas including retail investors, risks specific to elderly investors and retirement investing, and assessing market-wide risks. Taken directly from the SEC website, "Cybersecurity - OCIE will continue its ongoing [...]

Breach Notification Laws Are Being Enforced

First HIPAA enforcement action for lack of timely breach notification settles for $475,000 In a landmark case, federal regulators have issued a $475,000 financial settlement and corrective action plan for Presence Health regarding its tardy notification for a paper records breach that affected approximately 800 individuals. The Director of the Department of Health and Humans Service's Office for Civil Rights (OCR), which enforces HIPAA, noted that companies "need to have a clear policy and procedures in place to respond to [...]

Week 4 – Our Continuously Connected Lives: What’s Your ‘App’-titude?

Unfortunately, Week 4’s theme acts as the perfect backdrop to the massive distributed denial-of-service, or DDoS, attacks of Friday the 21st.  The Department of Homeland security appears omnipresent once again in setting this week as the Internet of Things spotlight. With compounding growth of connected technologies – cars, household appliances, finances, healthcare, and more being increasingly managed by smart devices – we are confronted with the need for increased awareness to secure cutting-edge, technical innovations. Week 4 looks to the [...]

2017-06-22T20:19:37-04:00By |Tags: , , |

Week 3 – Recognizing and Combating Cybercrime

Cybersecurity must be viewed as a 'top-down' concern; when the executive team takes the time to highlight its Cyber Risk Management Program internally, team members are far more likely to recognize the significance of cyber-hygiene.  Viewed holistically, the entire company is more secure. Layer 8 Security preaches the significance of each individual’s on-line behavior as a critical aspect of producing a resilient team. As technology advances, the impact of cybercrime is becoming more costly and frequent.  Law enforcement, government, industry, [...]

2017-06-22T20:19:37-04:00By |Tags: , , , |