The FCC has added Kaspersky products to the list of cybersecurity risks. Law firms should alert staff not to use the products on any devices that access their firms’ networks to safeguard client information.
Of course, the last thing you need from your Internet security product is for it to be a threat to your security. Let alone national security. But on Friday, the Federal Communications Commission (FCC) called Kaspersky a national cybersecurity threat by adding Kaspersky, China Mobile, and China Telecom to the list of companies affected by the Secure and Trusted Communications Networks Act of 2019. In other words, these products “are deemed to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons.” The FCC action (click here to view the FCC page) adds these companies to the existing list, which includes Huawei, ZTE, Hytera, Hikvision, and Dahua.
The FCC states that the decision to add Kaspersky to the Covered List was the result of action by the Department of Homeland Security that banned the companies’ security products from all federal systems in September 2017. Inclusion of producers or providers of equipment or services identified on the list is intended to include the subsidiaries and affiliates of such entities.
For law offices, this move is important because they are regularly targets of cybercriminals because the firms often maintain confidential information such as Social Security numbers, dates of birth, medical data and more that is valuable to hackers. At the Law Offices of Daniel J. Siegel, LLC and Integrated Technology Services, LLC, we provide ethical and techno-ethical guidance to our clients to assure that they are aware of the latest developments that could impact the security of their practices and their clients.