SlideShare una empresa de Scribd logo
1 de 49
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After the Breach
2
Practical and entertaining education for
attorneys, accountants, business owners and
executives, and investors.
Disclaimer
The material in this webinar is for informational purposes only. It should not be considered
legal, financial or other professional advice. You should consult with an attorney or other
appropriate professional to determine what may be best for your individual needs. While
Financial Poise™ takes reasonable steps to ensure that information it publishes is accurate,
Financial Poise™ makes no guaranty in this regard.
3
4
Thank You To Our Sponsors
Meet the Faculty
MODERATOR
Kathryn Nadro – Sugar Felsenthal Grais & Helsinger LLP
PANELISTS
Anna Mercado Clark – Phillips Lytle LLP
Alison Schaffer - Jump Trading Group
Alex Sharpe - Sharpe LLC
5
About This Webinar-
Data Breach Response: Before and After the Breach
You’ve received the dreaded call that your company has just suffered a data breach – what
do you do next? Who do you call for help? What notification obligations do you have?
With proper preparation, you can mitigate the damage caused by this unfortunate event and
put your business in a position to recover. Your company may have already implemented its
information security program and identified the responsible parties, including applicable
outside experts, to be contacted in the event of a breach. However, now you must call up
your incident response team to investigate the extent of the breach, evaluate the possible
damage to your company, and determine whether you must notify your clients, customers,
or the public of the breach. This webinar will help prepare you to take action when the worst
happens.
6
About This Series: About This Series: Cyber Security &
Data Privacy 2022
Cybersecurity and data privacy are critical topics of concern for every business in today’s environment.
Data breaches are a threat to every business and can cause both direct losses from business interruption
and loss of data to indirect losses from unwanted publicity and damage to your business’s reputation.
Compliance with a patchwork of potentially applicable state and federal laws and regulations may cost
your business in terms of money and time.
This series discusses the various laws and regulations that affect businesses in the United States and in
Europe, as well as the best practices to use in creating an information security program and preparing for
and responding to data breaches.
Each Financial Poise Webinar is delivered in Plain English, understandable to investors, business owners, and
executives without much background in these areas, yet is of primary value to attorneys, accountants, and other
seasoned professionals. Each episode brings you into engaging, sometimes humorous, conversations designed to
entertain as it teaches. Each episode in the series is designed to be viewed independently of the other episodes so that
participants will enhance their knowledge of this area whether they attend one, some, or all episodes.
7
Episodes in this Series
#1 Introduction to US Privacy and Data Security: Regulations and Requirements
Premiere date: 08/03/22
#2 Introduction to EU General Data Protection Regulation: Planning, Implementation, and
Compliance
Premiere date: 9/07/22
#3 How to Build and Implement your Company's Information Security Program
Premiere date: 10/12/22
#4 Data Breach Response: Before and After the Breach
Premiere date: 11/09/22
8
Episode #4: Data Breach Response: Before and After the Breach
9
Overview
• What is a Data Breach?
✓ A data breach is a confirmed incident in which sensitive, confidential or otherwise
protected data has been accessed and/or disclosed in an unauthorized fashion
✓ Data breach may have different meanings under various state, federal, and
international laws
Overview
Data Breach Facts (IBM Cost of a Data Breach Report 2022)
✓ Average cost of a data breach in the US: $9.44 million
✓ Average cost of a data breach globally: $4.35 million
✓ Share of ransomware breaches rose 41% since 2021 and took 49 days longer to
remediate
✓ $4.54 million average total cost of a ransomware breach
✓ $45% of data breaches happen in the cloud
Overview
Data Breach Costs
✓ Computer forensics
✓ Breach notification mailing, call centering and identity restoration services costs
✓ Public relations
✓ Regulatory investigation, fines and penalties
✓ Lawsuit(s)
✓ Legal services
• Average number of days to identify and contain a breach: 287 days
Overview
• Examples of Data Breach Causes
✓ Malware/Ransomware
✓ Unsecured website login systems
✓ Use of unapproved or insecure software
✓ Insecure IT infrastructure
✓ Phishing/e-mail scam
✓ Employees mishandling data
✓ Human factor/negligence
Overview
What hackers are seeking:
✓ Money (e.g., wire theft)
✓ Theft of personal information
- Purchase of goods with stolen credit card information
✓ Filing of fraudulent tax returns
✓ Sale of personal information
✓ Disgruntled employee(s) use of information
✓ Corporate espionage
Before the Breach: Data Breach Response Plan
• What is a data breach response plan?
✓ Aims to help you manage a data breach
✓ Provides a framework that sets out roles and responsibilities for managing an
appropriate response to data breach
✓ Describes steps an entity should take to manage a breach, should one occur
✓ Prevention is better than remediation
• Why do you need a data breach response plan?
✓ Provides clarity and mitigates confusion
✓ Gives all employees knowledge of how to address a data breach
✓ Establishes a chain of command and responsibilities of each employee
✓ Quicker response time to fixing the breach
Data Breach Response Plan
• A data breach response plan should:
✓ Provide the actions to be taken if a breach is suspected, discovered or reported by a
staff member, including when it is to be escalated to the response team
✓ Identify members of your data breach response team
✓ Identify the actions the response team is expected to take
✓ Be in writing
▪ Staff and employees could clearly understand the roles and responsibilities
✓ Identify goals and objectives of the plan
Data Breach Response Plan
• Data breach response plan should cover:
✓ A strategy for assessing, managing and containing data breaches
✓ A clear explanation of what constitutes a data breach
✓ The reporting line if staff do suspect a data breach
✓ The circumstances in which the breach can be handled by a line manager or when it
should be escalated to the response team
✓ Recording data breaches
✓ A strategy to identify and address any weaknesses in data handling that contributed
to the breach
✓ A system for a post-breach review and assessment of your entity’s response to the
data breach and the effectiveness of your data breach response plan
Before the Breach: Tabletop Exercises
Incident Response or Breach Response Plans must be practiced:
✓ Tabletop exercises allow incident response teams to test out their incident response
plans and find any gaps or holes in the organization’s policies and procedures
✓ Will involve a simulated breach on an appropriate system for each organization,
such as vendor systems, business operations such as data processing or
transactions, or critical digital assets such as networks, applications, or sensitive
data
✓ Also include group discussions to review the effectiveness of strategies and tactics,
sometimes including a facilitator such as an outside cybersecurity expert
✓ All members of the incident response team should participate in the exercise,
including any additional stakeholders who would be activated in a breach
So, You Think You’ve Been Breached…
• Know who to call: the Incident Response Team
• Management
• Legal counsel
• IT support
• Public relations
• Forensic support
• Insurance contact
So, You Think You’ve Been Breached… (cont’d)
Breach Response
✓ Identify/Detect
Determine if a breach occurred
✓ Contain
Contain and mitigate the data breach
✓ Investigate
How did the breach occur and what was the scope?
✓ Notify
Provide notifications to affected individuals
✓ Remediate
Prevent reoccurrence of breach and identify lessons learned
Breach Response: Identify/Detect
• First, identify if an incident is a data breach
✓ Employees may have exposed sensitive personal data by accident – still an incident,
but requires a different response
✓ Common indicators of external compromise include –
- unusual login times
- reduced operating speeds across the network or heavy, unexplained traffic
- use of nonstandard command prompts
- unexpected restarts
- use of unusual software
- malfunctioning of antivirus/security software
- the presence of unexpected IP addresses
Breach Response: Containment
• Second, once you discover you’ve been breached, contain the breach
• Move quickly to secure systems and fix vulnerabilities
✓ Key is to stop the immediate business impact of the breach – cut off the access to
the external party, secure internal systems, stop the bleeding
• Deploy breach response team to work on investigation and containment and determine
additional resources to deploy:
✓ Forensics
✓ Legal
✓ Internal team leaders
Breach Response: Containment
• The First 24 Hours Checklist
✓ Record the date and time when the breach was discovered & response efforts begin
✓ Alert and activate everyone on the response team
✓ Secure the premises around the area where the data breach occurred to help
preserve evidence
Breach Response: Containment
• The First 24 Hours Checklist (Cont’d)
✓ Stop additional data loss
▪ Take devices offline but DO NOT turn off
✓ Assess priorities and risks
✓ Determine whether any early notification to customers, affected businesses, law
enforcement and other regulatory agencies is required or advisable
Breach Response: Fix Vulnerabilities
• Work with forensic experts
✓ Encryption enabled
✓ Analyze backup or preserved data
✓ Review the type of information compromised
• Develop a communication plan
✓ Develop comprehensive plan to communicate internally
Breach Response: Investigate
• Third, investigate the cause and scope of the breach promptly
✓ Consider relevant facts
✓ Inside or outside threat?
✓ Conduct interviews
✓ Analyze compromised systems
✓ Identify malware employed, if applicable
✓ Engage incident response team
✓ Engage forensic experts, as appropriate
✓ Engage legal counsel early in the process
✓ Determine whether insurance contact should be notified
✓ Reconstruct the incident
Breach Response: Investigate
• During the investigation:
✓ Evaluate the nature, extent, and scope of incident
✓ What information was improperly disclosed?
✓ Was the information recovered?
✓ When and how did the incident happen?
✓ How many individuals were affected?
✓ Does the incident involve residents of multiple states?
✓ Document the investigation findings, conclusion and rationale
Breach Response: Notice
• Fourth, determine your notification obligations
• Potential parties to notify:
✓ Customers
✓ Law enforcement and other regulatory agencies
✓ Affected businesses
Breach Response: Notice (cont’d)
• Notification requirements vary based on state, federal, and international law
✓ 54 U.S. states, territories, and tribal jurisdictions require some level of notification to
individuals when a breach occurs
✓ If breaches reach a certain size (e.g., over 500 individuals), many states require
notification to attorneys general
✓ Notification generally must occur within a “reasonable time” after the breach is
discovered
• Generally, must include description of the circumstances of the breach, steps
taken to remedy the incident, steps intended to be taken after the notification,
and occasionally whether law enforcement is involved in investigating the
incident
✓ International law may be stricter than your specific state
✓ GDPR requires notice in 72 hours in some cases
Breach Response: Notice…to the FBI?
• Consider contacting the FBI and/or local authorities when a breach involves:
✓ Significant loss in data, system availability, or control of systems
✓ A large number of victims
✓ Unauthorized access to or malicious software on critical information technology
systems
✓ Critical infrastructure or core government functions
✓ National security, economic security, or public health and safety
✓ Financial transactions, such as unauthorized wire transfers
Breach Response: Remediation
• Fifth, remediate the data breach
✓ Requires looking at other potential flaws in security infrastructure – identify any
“lessons learned” in data security environment and response plan
✓ Develop a remediation plan that is tailored to the breach or incident to prevent it from
happening again
✓ Requires an honest and true assessment of the cause of the breach
Breach Response: Remediation (cont’d)
• Remediation practices can include:
✓ Developing an internal and external communications plan
✓ Strengthen data security policies
✓ Planning to prevent reoccurrence
✓ Providing additional training to employees on data security
✓ Maintaining documentation of actions
✓ Insurance considerations
Breach Response: Remediation
• Insurance Considerations
✓ Traditional policies
• E&O: errors and omissions
• D&O: directors and officers
• CGL: commercial general liability
✓ These policies frequently do not cover costs arising out of a security incident or data
breach
Breach Response: Remediation (cont’d)
• Insurance Considerations (Cont’d)
✓ 1st party cyber insurance coverage typically includes -
▪ Business interruption
▪ Cyber extortion
▪ Data restoration
▪ Forensic costs
▪ Crisis management
▪ Legal costs
▪ Notification, call center, credit monitoring/identity restoration
Breach Response: Remediation (cont’d)
• Insurance Considerations (Cont’d)
✓ 3rd party cyber coverage typically includes -
▪ Regulatory investigation
▪ PCI assessments and fines
▪ Lawsuits
✓ Insurance coverage frequently requires notice to the insurer prior to hiring counsel or
any investigators or other vendors, so notify the insurer as soon as possible
Breach Response – When and What to Document?
Document the steps you took in your investigation:
✓ Individuals interviewed
✓ Systems investigated and secured
✓ Identified vulnerabilities and remediation of same (including the cause and source,
if known, of the breach)
✓ What information was compromised and the scope of the breach
When documentation is required:
✓ GDPR requires certain documentation of breaches, whether they must be reported
or not (if not reported, should document reasons for that decision)
✓ Insurance carriers will require certain documentation of most breaches if claims are
made
✓ Other statutes may require documentation of the breach and investigation – many
state AGs or other regulatory agencies may also require documentation
Breach Response: Breach Team Members
• Forensics Team - helps determine the source and scope of breach
✓ Captures forensic images of affected systems
✓ Collects and analyze evidence, and
✓ Outlines remediation steps
• Hire independent forensic investigators to perform the investigation
Breach Response: Breach Team Members
• Legal Counsel - helps identify your legal obligations
✓ Identifies state and federal regulations regarding data breaches for your industry
✓ Identifies entities that need to be notified, such as customers, employees,
government agencies, regulatory boards, etc.
✓ May provide privilege to the investigation process if retained early enough and if
counsel directs forensic investigation
- Certain courts have refused to apply privilege to investigation even under those
circumstances
✓ Ensures notifications occur within any mandated timeframes
Trending Topics: Ransomware
• Ransomware is a growing threat, particularly since the pandemic increased remote work
o Companies may face both paying a ransom and then dealing with a data breach
remediation
o Attacks on critical infrastructure, such as the Colonial Pipeline incident in May 2021
o FBI and other agencies prioritized fighting ransomware in a similar way to fighting
terrorism
o Email is among the most prevalent attack vectors used to deliver ransomware
• In 2020, the U.S. Office of Foreign Asset Control (OFAC) issued guidance stating that the
government would start enforcing sanctions in connection with ransomware attacks
o OFAC announced it would enforce it not only against ransomware victims, but also
against their insurers and the intermediaries hired by companies or their insurers,
such as cybersecurity firms that negotiate with threat actors
• Insurance may be available for ransomware, but many policies require consent prior to
making a payment
Trending Topics: Standing for data breach victims in
court
• Plaintiffs in data breach litigation have had an uphill battle in establishing standing when
there is only an increased risk of identify theft due to a data breach
• McMorris Factors (McMorris v. Carlos Lopez & Associates LLC, 995 F.3d 295 (2d Cir.
2021)):
o Whether plaintiff’s data was exposed as the result of a targeted attempt to obtain the
data
o Whether any portion of the compromised dataset already has been misused; and
o Whether the exposed data includes high-risk information – e.g., Social Security
numbers and dates of birth
About the Faculty
41
About The Faculty
Kathryn Nadro - knadro@sfgh.com
Kathryn (“Katie”) Nadro leads Sugar Felsenthal Grais & Helsinger’s Data Security and Privacy practice.
Katie advises clients on a diverse array of business matters, including data security and privacy
compliance, commercial and business disputes, and employment issues. Katie works with individuals and
businesses of all sizes to craft successful resolutions tailored to each individual matter.
Katie is a Certified Information Privacy Professional (CIPP/US) and counsels clients on a variety of data
security and privacy issues, including breach response, policy drafting, program management, data
collection, vendor management, and compliance with ever-changing state, federal, and international
privacy law. Katie also has broad litigation experience representing companies and individuals in
contract, non-compete, discrimination, harassment, fiduciary duty, and trade secret litigation in state and
federal court and arbitration. With a background as both in-house and outside counsel, Katie
understands that business objectives, time, and resources play an important role in reaching a favorable
outcome for each client.
42
About The Faculty
Anna Mercado Clark – AClark@phillipslytle.com
Anna Mercado Clark, Esq., CIPP/E, CIPP/US, CIPM, FIP is a partner at Phillips Lytle LLP, a full service
law firm in the U.S. and Canada. She leads Phillips Lytle’s Data Security & Privacy and e-Discovery &
Digital Forensics Practice Teams and is the co-team leader of the firm’s Cryptocurrency & Bitcoin Mining
Practice Team. Additionally, Anna focuses her practice in the areas of business and commercial litigation
and, as a former district attorney, also handles white-collar criminal matters and investigations. She
regularly counsels sophisticated clients on technology solutions, risk mitigation, data protection and
compliance strategies given the constantly evolving regulatory landscape, and speaks at national and
international conferences as a subject-matter expert on these issues. Ms. Clark is an adjunct professor at
Fordham University School of Law, teaching a course on data security and privacy, as well as
fundamental lawyering skills.
/To read more, go to https://www.financialpoise.com/webinar-faculty/anna-mercado-clark
43
About The Faculty
Alison Schaffer – ASchaffer@jumptrading.com
Alison Schaffer is Legal and Regulatory Counsel at the Jump Trading Group in Chicago. Alison works
extensively in the areas of trading, technology, human resources, venture capital, and data protection
and privacy. Specifically, Alison leads GDPR implementation and data protection and privacy application
for all of the Jump Trading Group’s business lines. Alison graduated from Northwestern University with
Honors in Legal Studies and Communication Studies and a Certificate in Service Learning and attained a
Masters in Education while a Teach For America corps member in New York. Alison obtained her Juris
Doctor from Chicago-Kent College of Law, where she was an avid member of the Trial Team. She is a
member of the International Association of Privacy Professionals and looks forward to completing her
CIPP-E certification.
44
About The Faculty
Alex Sharpe – Alex@sharpellc.com
Alex Sharpe is a long-time Cybersecurity, Governance, and Digital Transformation expert with
real-world operational experience. He has spent much of his career helping corporations and
government agencies reap the rewards afforded by advances in technology while mitigating
risk. He began his career at the NSA before moving into the Management Consulting ranks
building practices at Booz Allen and KPMG. He subsequently co-founded two firms with
successful exits, including The Hackett Group. Alex holds degrees in Business from Columbia
Business School, Systems Engineering from Johns Hopkins University, and Electrical
Engineering from New Jersey Institute of Technology (NJIT). He is a published author,
speaker, instructor, and advisor.
45
Questions or Comments?
If you have any questions about this webinar that you did not get to ask during the live
premiere, or if you are watching this webinar On Demand, please do not hesitate to email us
at info@financialpoise.com with any questions or comments you may have. Please include
the name of the webinar in your email and we will do our best to provide a timely response.
IMPORTANT NOTE: The material in this presentation is for general educational purposes
only. It has been prepared primarily for attorneys and accountants for use in the pursuit of
their continuing legal education and continuing professional education.
46
47
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After the Breach
About Financial Poise
49
DailyDAC LLC, d/b/a Financial Poise™ provides
continuing education to attorneys, accountants,
business owners and executives, and investors. It’s
websites, webinars, and books provide Plain
English, entertaining, explanations about legal,
financial, and other subjects of interest to these
audiences.
Visit us at www.financialpoise.com
Our free weekly newsletter, Financial Poise
Weekly, updates you on new articles
published on our website and Upcoming
Webinars you may be interested in.
To join our email list, please visit:
https://www.financialpoise.com/subscribe/

Más contenido relacionado

La actualidad más candente

Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
Data privacy impact assessment
Data privacy impact assessmentData privacy impact assessment
Data privacy impact assessmentStephen Owen
 
Conducting Effective Workplace Investigations
Conducting Effective Workplace InvestigationsConducting Effective Workplace Investigations
Conducting Effective Workplace InvestigationsParsons Behle & Latimer
 
Whistleblowing Presentation
Whistleblowing PresentationWhistleblowing Presentation
Whistleblowing Presentationkatlyntrzaska
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCristian Garcia G.
 
OPay Latest Loan Application Form
OPay Latest Loan Application FormOPay Latest Loan Application Form
OPay Latest Loan Application FormHindenburg Research
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedurenewbie2019
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPFidelis Cybersecurity
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.vivatechijri
 
Letter Decision Resolving Defendants' Second Discovery Motion.pdf
Letter Decision Resolving Defendants' Second Discovery Motion.pdfLetter Decision Resolving Defendants' Second Discovery Motion.pdf
Letter Decision Resolving Defendants' Second Discovery Motion.pdfHindenburg Research
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics SlidesVarun Sehgal
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentationBokangMalunga
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 

La actualidad más candente (20)

Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
 
Data privacy impact assessment
Data privacy impact assessmentData privacy impact assessment
Data privacy impact assessment
 
Conducting Effective Workplace Investigations
Conducting Effective Workplace InvestigationsConducting Effective Workplace Investigations
Conducting Effective Workplace Investigations
 
Whistleblowing Presentation
Whistleblowing PresentationWhistleblowing Presentation
Whistleblowing Presentation
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfee
 
computer forensics
computer forensicscomputer forensics
computer forensics
 
What about GDPR?
What about GDPR?What about GDPR?
What about GDPR?
 
OPay Latest Loan Application Form
OPay Latest Loan Application FormOPay Latest Loan Application Form
OPay Latest Loan Application Form
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedure
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLP
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
 
A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.
 
Fraud principles1
Fraud principles1Fraud principles1
Fraud principles1
 
Letter Decision Resolving Defendants' Second Discovery Motion.pdf
Letter Decision Resolving Defendants' Second Discovery Motion.pdfLetter Decision Resolving Defendants' Second Discovery Motion.pdf
Letter Decision Resolving Defendants' Second Discovery Motion.pdf
 
Privacy by Design: legal perspective
Privacy by Design: legal perspectivePrivacy by Design: legal perspective
Privacy by Design: legal perspective
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics Slides
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentation
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 

Similar a CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After the Breach

Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachFinancial Poise
 
Experion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsPeter Henley
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management   a prep guideCybersecurity crisis management   a prep guide
Cybersecurity crisis management a prep guideJoAnna Cheshire
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramFinancial Poise
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach SecurityMetrics
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team SportQuarles & Brady
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
You Will Be Breached
You Will Be BreachedYou Will Be Breached
You Will Be BreachedMike Saunders
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsSarah Fane
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessJoel Cardella
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Wendy Knox Everette
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach riskLivingstone Advisory
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourYasser Mohammed
 
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...Financial Poise
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 

Similar a CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After the Breach (20)

Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the Breach
 
Experion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response Excerpts
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management   a prep guideCybersecurity crisis management   a prep guide
Cybersecurity crisis management a prep guide
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security Program
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team Sport
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
 
You Will Be Breached
You Will Be BreachedYou Will Be Breached
You Will Be Breached
 
YBB-NW-distribution
YBB-NW-distributionYBB-NW-distribution
YBB-NW-distribution
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security Fundamentals
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach risk
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
 
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
 
A data-centric program
A data-centric program A data-centric program
A data-centric program
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...
 

Más de Financial Poise

IP-301 POST-GRANT REVIEW TRIALS 2022 - Things to Consider Before You File
IP-301 POST-GRANT REVIEW TRIALS 2022 - Things to Consider Before You FileIP-301 POST-GRANT REVIEW TRIALS 2022 - Things to Consider Before You File
IP-301 POST-GRANT REVIEW TRIALS 2022 - Things to Consider Before You FileFinancial Poise
 
IP-301 POST-GRANT REVIEW TRIALS 2022 - PGRT Basics
IP-301 POST-GRANT REVIEW TRIALS 2022 - PGRT Basics  IP-301 POST-GRANT REVIEW TRIALS 2022 - PGRT Basics
IP-301 POST-GRANT REVIEW TRIALS 2022 - PGRT Basics Financial Poise
 
THE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a First Day Hearing
THE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a First Day HearingTHE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a First Day Hearing
THE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a First Day HearingFinancial Poise
 
RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022: Bad Debtor Owes Me Money!
RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022: Bad Debtor Owes Me Money!RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022: Bad Debtor Owes Me Money!
RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022: Bad Debtor Owes Me Money!Financial Poise
 
PERSUASIVE BRIEF WRITING 2022 - Style
PERSUASIVE BRIEF WRITING 2022 - Style PERSUASIVE BRIEF WRITING 2022 - Style
PERSUASIVE BRIEF WRITING 2022 - Style Financial Poise
 
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 - Enforcement: Post-Judgment Procee...
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 - Enforcement: Post-Judgment Procee...NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 - Enforcement: Post-Judgment Procee...
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 - Enforcement: Post-Judgment Procee...Financial Poise
 
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 -Appellate Practice- 101
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 -Appellate Practice- 101 NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 -Appellate Practice- 101
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 -Appellate Practice- 101 Financial Poise
 
MARKETING TIPS FOR THE NEW (OR OLD!) BUSINESS OWNER 2022: Learn How to Do Con...
MARKETING TIPS FOR THE NEW (OR OLD!) BUSINESS OWNER 2022: Learn How to Do Con...MARKETING TIPS FOR THE NEW (OR OLD!) BUSINESS OWNER 2022: Learn How to Do Con...
MARKETING TIPS FOR THE NEW (OR OLD!) BUSINESS OWNER 2022: Learn How to Do Con...Financial Poise
 
CHAPTER 11 - INDUSTRY FOCUS 2022 - Focus on Oil and Gas
CHAPTER 11 - INDUSTRY FOCUS 2022 - Focus on Oil and Gas CHAPTER 11 - INDUSTRY FOCUS 2022 - Focus on Oil and Gas
CHAPTER 11 - INDUSTRY FOCUS 2022 - Focus on Oil and Gas Financial Poise
 
NEWBIE LITIGATOR SCHOOL - Part I 2022: Working With Experts
NEWBIE LITIGATOR SCHOOL - Part I 2022: Working With Experts NEWBIE LITIGATOR SCHOOL - Part I 2022: Working With Experts
NEWBIE LITIGATOR SCHOOL - Part I 2022: Working With Experts Financial Poise
 
CORPORATE REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Executive Compensat...
CORPORATE  REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Executive Compensat...CORPORATE  REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Executive Compensat...
CORPORATE REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Executive Compensat...Financial Poise
 
CORPORATE REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Securities Law Comp...
CORPORATE  REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Securities Law Comp...CORPORATE  REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Securities Law Comp...
CORPORATE REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Securities Law Comp...Financial Poise
 
M&A BOOT CAMP - 2022: Post-Closing Issues -Integration & Potential Buyer Sell...
M&A BOOT CAMP - 2022: Post-Closing Issues -Integration & Potential Buyer Sell...M&A BOOT CAMP - 2022: Post-Closing Issues -Integration & Potential Buyer Sell...
M&A BOOT CAMP - 2022: Post-Closing Issues -Integration & Potential Buyer Sell...Financial Poise
 
M&A BOOT CAMP 2022 - Key Provisions in M&A Agreements
M&A BOOT CAMP 2022 - Key Provisions in M&A AgreementsM&A BOOT CAMP 2022 - Key Provisions in M&A Agreements
M&A BOOT CAMP 2022 - Key Provisions in M&A AgreementsFinancial Poise
 
M&A BOOT CAMP 2022 - The M&A Process
M&A BOOT CAMP 2022 - The M&A ProcessM&A BOOT CAMP 2022 - The M&A Process
M&A BOOT CAMP 2022 - The M&A ProcessFinancial Poise
 
CROWDFUNDING 2022 - Crowdfunding from the Investor's Perspective
CROWDFUNDING 2022 - Crowdfunding from the Investor's PerspectiveCROWDFUNDING 2022 - Crowdfunding from the Investor's Perspective
CROWDFUNDING 2022 - Crowdfunding from the Investor's PerspectiveFinancial Poise
 
CROWDFUNDING 2022 - Securities Crowdfunding for Intermediaries
CROWDFUNDING 2022 - Securities Crowdfunding for IntermediariesCROWDFUNDING 2022 - Securities Crowdfunding for Intermediaries
CROWDFUNDING 2022 - Securities Crowdfunding for IntermediariesFinancial Poise
 
CROWDFUNDING 2022 - Crowdfunding from the Start-Up's Perspective
CROWDFUNDING 2022 - Crowdfunding from the Start-Up's Perspective CROWDFUNDING 2022 - Crowdfunding from the Start-Up's Perspective
CROWDFUNDING 2022 - Crowdfunding from the Start-Up's Perspective Financial Poise
 
RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022_Opportunity Amidst Crisis...
RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022_Opportunity Amidst Crisis...RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022_Opportunity Amidst Crisis...
RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022_Opportunity Amidst Crisis...Financial Poise
 
NEWBIE LITIGATOR SCHOOL- PART II 2022 - ADR & Settlement
NEWBIE LITIGATOR SCHOOL- PART II 2022 - ADR & Settlement NEWBIE LITIGATOR SCHOOL- PART II 2022 - ADR & Settlement
NEWBIE LITIGATOR SCHOOL- PART II 2022 - ADR & Settlement Financial Poise
 

Más de Financial Poise (20)

IP-301 POST-GRANT REVIEW TRIALS 2022 - Things to Consider Before You File
IP-301 POST-GRANT REVIEW TRIALS 2022 - Things to Consider Before You FileIP-301 POST-GRANT REVIEW TRIALS 2022 - Things to Consider Before You File
IP-301 POST-GRANT REVIEW TRIALS 2022 - Things to Consider Before You File
 
IP-301 POST-GRANT REVIEW TRIALS 2022 - PGRT Basics
IP-301 POST-GRANT REVIEW TRIALS 2022 - PGRT Basics  IP-301 POST-GRANT REVIEW TRIALS 2022 - PGRT Basics
IP-301 POST-GRANT REVIEW TRIALS 2022 - PGRT Basics
 
THE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a First Day Hearing
THE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a First Day HearingTHE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a First Day Hearing
THE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a First Day Hearing
 
RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022: Bad Debtor Owes Me Money!
RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022: Bad Debtor Owes Me Money!RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022: Bad Debtor Owes Me Money!
RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022: Bad Debtor Owes Me Money!
 
PERSUASIVE BRIEF WRITING 2022 - Style
PERSUASIVE BRIEF WRITING 2022 - Style PERSUASIVE BRIEF WRITING 2022 - Style
PERSUASIVE BRIEF WRITING 2022 - Style
 
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 - Enforcement: Post-Judgment Procee...
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 - Enforcement: Post-Judgment Procee...NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 - Enforcement: Post-Judgment Procee...
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 - Enforcement: Post-Judgment Procee...
 
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 -Appellate Practice- 101
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 -Appellate Practice- 101 NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 -Appellate Practice- 101
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 -Appellate Practice- 101
 
MARKETING TIPS FOR THE NEW (OR OLD!) BUSINESS OWNER 2022: Learn How to Do Con...
MARKETING TIPS FOR THE NEW (OR OLD!) BUSINESS OWNER 2022: Learn How to Do Con...MARKETING TIPS FOR THE NEW (OR OLD!) BUSINESS OWNER 2022: Learn How to Do Con...
MARKETING TIPS FOR THE NEW (OR OLD!) BUSINESS OWNER 2022: Learn How to Do Con...
 
CHAPTER 11 - INDUSTRY FOCUS 2022 - Focus on Oil and Gas
CHAPTER 11 - INDUSTRY FOCUS 2022 - Focus on Oil and Gas CHAPTER 11 - INDUSTRY FOCUS 2022 - Focus on Oil and Gas
CHAPTER 11 - INDUSTRY FOCUS 2022 - Focus on Oil and Gas
 
NEWBIE LITIGATOR SCHOOL - Part I 2022: Working With Experts
NEWBIE LITIGATOR SCHOOL - Part I 2022: Working With Experts NEWBIE LITIGATOR SCHOOL - Part I 2022: Working With Experts
NEWBIE LITIGATOR SCHOOL - Part I 2022: Working With Experts
 
CORPORATE REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Executive Compensat...
CORPORATE  REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Executive Compensat...CORPORATE  REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Executive Compensat...
CORPORATE REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Executive Compensat...
 
CORPORATE REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Securities Law Comp...
CORPORATE  REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Securities Law Comp...CORPORATE  REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Securities Law Comp...
CORPORATE REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Securities Law Comp...
 
M&A BOOT CAMP - 2022: Post-Closing Issues -Integration & Potential Buyer Sell...
M&A BOOT CAMP - 2022: Post-Closing Issues -Integration & Potential Buyer Sell...M&A BOOT CAMP - 2022: Post-Closing Issues -Integration & Potential Buyer Sell...
M&A BOOT CAMP - 2022: Post-Closing Issues -Integration & Potential Buyer Sell...
 
M&A BOOT CAMP 2022 - Key Provisions in M&A Agreements
M&A BOOT CAMP 2022 - Key Provisions in M&A AgreementsM&A BOOT CAMP 2022 - Key Provisions in M&A Agreements
M&A BOOT CAMP 2022 - Key Provisions in M&A Agreements
 
M&A BOOT CAMP 2022 - The M&A Process
M&A BOOT CAMP 2022 - The M&A ProcessM&A BOOT CAMP 2022 - The M&A Process
M&A BOOT CAMP 2022 - The M&A Process
 
CROWDFUNDING 2022 - Crowdfunding from the Investor's Perspective
CROWDFUNDING 2022 - Crowdfunding from the Investor's PerspectiveCROWDFUNDING 2022 - Crowdfunding from the Investor's Perspective
CROWDFUNDING 2022 - Crowdfunding from the Investor's Perspective
 
CROWDFUNDING 2022 - Securities Crowdfunding for Intermediaries
CROWDFUNDING 2022 - Securities Crowdfunding for IntermediariesCROWDFUNDING 2022 - Securities Crowdfunding for Intermediaries
CROWDFUNDING 2022 - Securities Crowdfunding for Intermediaries
 
CROWDFUNDING 2022 - Crowdfunding from the Start-Up's Perspective
CROWDFUNDING 2022 - Crowdfunding from the Start-Up's Perspective CROWDFUNDING 2022 - Crowdfunding from the Start-Up's Perspective
CROWDFUNDING 2022 - Crowdfunding from the Start-Up's Perspective
 
RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022_Opportunity Amidst Crisis...
RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022_Opportunity Amidst Crisis...RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022_Opportunity Amidst Crisis...
RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022_Opportunity Amidst Crisis...
 
NEWBIE LITIGATOR SCHOOL- PART II 2022 - ADR & Settlement
NEWBIE LITIGATOR SCHOOL- PART II 2022 - ADR & Settlement NEWBIE LITIGATOR SCHOOL- PART II 2022 - ADR & Settlement
NEWBIE LITIGATOR SCHOOL- PART II 2022 - ADR & Settlement
 

Último

Auchitya Theory by Kshemendra Indian Poetics
Auchitya Theory by Kshemendra Indian PoeticsAuchitya Theory by Kshemendra Indian Poetics
Auchitya Theory by Kshemendra Indian PoeticsDhatriParmar
 
LEAD6001 - Introduction to Advanced Stud
LEAD6001 - Introduction to Advanced StudLEAD6001 - Introduction to Advanced Stud
LEAD6001 - Introduction to Advanced StudDr. Bruce A. Johnson
 
25 CHUYÊN ĐỀ ÔN THI TỐT NGHIỆP THPT 2023 – BÀI TẬP PHÁT TRIỂN TỪ ĐỀ MINH HỌA...
25 CHUYÊN ĐỀ ÔN THI TỐT NGHIỆP THPT 2023 – BÀI TẬP PHÁT TRIỂN TỪ ĐỀ MINH HỌA...25 CHUYÊN ĐỀ ÔN THI TỐT NGHIỆP THPT 2023 – BÀI TẬP PHÁT TRIỂN TỪ ĐỀ MINH HỌA...
25 CHUYÊN ĐỀ ÔN THI TỐT NGHIỆP THPT 2023 – BÀI TẬP PHÁT TRIỂN TỪ ĐỀ MINH HỌA...Nguyen Thanh Tu Collection
 
EDD8524 The Future of Educational Leader
EDD8524 The Future of Educational LeaderEDD8524 The Future of Educational Leader
EDD8524 The Future of Educational LeaderDr. Bruce A. Johnson
 
2024.03.16 How to write better quality materials for your learners ELTABB San...
2024.03.16 How to write better quality materials for your learners ELTABB San...2024.03.16 How to write better quality materials for your learners ELTABB San...
2024.03.16 How to write better quality materials for your learners ELTABB San...Sandy Millin
 
BBA 205 BE UNIT 2 economic systems prof dr kanchan.pptx
BBA 205 BE UNIT 2 economic systems prof dr kanchan.pptxBBA 205 BE UNIT 2 economic systems prof dr kanchan.pptx
BBA 205 BE UNIT 2 economic systems prof dr kanchan.pptxProf. Kanchan Kumari
 
AI Uses and Misuses: Academic and Workplace Applications
AI Uses and Misuses: Academic and Workplace ApplicationsAI Uses and Misuses: Academic and Workplace Applications
AI Uses and Misuses: Academic and Workplace ApplicationsStella Lee
 
3.12.24 The Social Construction of Gender.pptx
3.12.24 The Social Construction of Gender.pptx3.12.24 The Social Construction of Gender.pptx
3.12.24 The Social Construction of Gender.pptxmary850239
 
Dhavni Theory by Anandvardhana Indian Poetics
Dhavni Theory by Anandvardhana Indian PoeticsDhavni Theory by Anandvardhana Indian Poetics
Dhavni Theory by Anandvardhana Indian PoeticsDhatriParmar
 
POST ENCEPHALITIS case study Jitendra bhargav
POST ENCEPHALITIS case study  Jitendra bhargavPOST ENCEPHALITIS case study  Jitendra bhargav
POST ENCEPHALITIS case study Jitendra bhargavJitendra Bhargav
 
Awards Presentation 2024 - March 12 2024
Awards Presentation 2024 - March 12 2024Awards Presentation 2024 - March 12 2024
Awards Presentation 2024 - March 12 2024bsellato
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...Nguyen Thanh Tu Collection
 
Material Remains as Source of Ancient Indian History & Culture.ppt
Material Remains as Source of Ancient Indian History & Culture.pptMaterial Remains as Source of Ancient Indian History & Culture.ppt
Material Remains as Source of Ancient Indian History & Culture.pptBanaras Hindu University
 
Pharmacology chapter No 7 full notes.pdf
Pharmacology chapter No 7 full notes.pdfPharmacology chapter No 7 full notes.pdf
Pharmacology chapter No 7 full notes.pdfSumit Tiwari
 
Quantitative research methodology and survey design
Quantitative research methodology and survey designQuantitative research methodology and survey design
Quantitative research methodology and survey designBalelaBoru
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...Nguyen Thanh Tu Collection
 
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...Marlene Maheu
 
Research Methodology and Tips on Better Research
Research Methodology and Tips on Better ResearchResearch Methodology and Tips on Better Research
Research Methodology and Tips on Better ResearchRushdi Shams
 

Último (20)

Auchitya Theory by Kshemendra Indian Poetics
Auchitya Theory by Kshemendra Indian PoeticsAuchitya Theory by Kshemendra Indian Poetics
Auchitya Theory by Kshemendra Indian Poetics
 
LEAD6001 - Introduction to Advanced Stud
LEAD6001 - Introduction to Advanced StudLEAD6001 - Introduction to Advanced Stud
LEAD6001 - Introduction to Advanced Stud
 
25 CHUYÊN ĐỀ ÔN THI TỐT NGHIỆP THPT 2023 – BÀI TẬP PHÁT TRIỂN TỪ ĐỀ MINH HỌA...
25 CHUYÊN ĐỀ ÔN THI TỐT NGHIỆP THPT 2023 – BÀI TẬP PHÁT TRIỂN TỪ ĐỀ MINH HỌA...25 CHUYÊN ĐỀ ÔN THI TỐT NGHIỆP THPT 2023 – BÀI TẬP PHÁT TRIỂN TỪ ĐỀ MINH HỌA...
25 CHUYÊN ĐỀ ÔN THI TỐT NGHIỆP THPT 2023 – BÀI TẬP PHÁT TRIỂN TỪ ĐỀ MINH HỌA...
 
EDD8524 The Future of Educational Leader
EDD8524 The Future of Educational LeaderEDD8524 The Future of Educational Leader
EDD8524 The Future of Educational Leader
 
2024.03.16 How to write better quality materials for your learners ELTABB San...
2024.03.16 How to write better quality materials for your learners ELTABB San...2024.03.16 How to write better quality materials for your learners ELTABB San...
2024.03.16 How to write better quality materials for your learners ELTABB San...
 
Problems on Mean,Mode,Median Standard Deviation
Problems on Mean,Mode,Median Standard DeviationProblems on Mean,Mode,Median Standard Deviation
Problems on Mean,Mode,Median Standard Deviation
 
BBA 205 BE UNIT 2 economic systems prof dr kanchan.pptx
BBA 205 BE UNIT 2 economic systems prof dr kanchan.pptxBBA 205 BE UNIT 2 economic systems prof dr kanchan.pptx
BBA 205 BE UNIT 2 economic systems prof dr kanchan.pptx
 
AI Uses and Misuses: Academic and Workplace Applications
AI Uses and Misuses: Academic and Workplace ApplicationsAI Uses and Misuses: Academic and Workplace Applications
AI Uses and Misuses: Academic and Workplace Applications
 
ANOVA Parametric test: Biostatics and Research Methodology
ANOVA Parametric test: Biostatics and Research MethodologyANOVA Parametric test: Biostatics and Research Methodology
ANOVA Parametric test: Biostatics and Research Methodology
 
3.12.24 The Social Construction of Gender.pptx
3.12.24 The Social Construction of Gender.pptx3.12.24 The Social Construction of Gender.pptx
3.12.24 The Social Construction of Gender.pptx
 
Dhavni Theory by Anandvardhana Indian Poetics
Dhavni Theory by Anandvardhana Indian PoeticsDhavni Theory by Anandvardhana Indian Poetics
Dhavni Theory by Anandvardhana Indian Poetics
 
POST ENCEPHALITIS case study Jitendra bhargav
POST ENCEPHALITIS case study  Jitendra bhargavPOST ENCEPHALITIS case study  Jitendra bhargav
POST ENCEPHALITIS case study Jitendra bhargav
 
Awards Presentation 2024 - March 12 2024
Awards Presentation 2024 - March 12 2024Awards Presentation 2024 - March 12 2024
Awards Presentation 2024 - March 12 2024
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...
 
Material Remains as Source of Ancient Indian History & Culture.ppt
Material Remains as Source of Ancient Indian History & Culture.pptMaterial Remains as Source of Ancient Indian History & Culture.ppt
Material Remains as Source of Ancient Indian History & Culture.ppt
 
Pharmacology chapter No 7 full notes.pdf
Pharmacology chapter No 7 full notes.pdfPharmacology chapter No 7 full notes.pdf
Pharmacology chapter No 7 full notes.pdf
 
Quantitative research methodology and survey design
Quantitative research methodology and survey designQuantitative research methodology and survey design
Quantitative research methodology and survey design
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
 
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...
 
Research Methodology and Tips on Better Research
Research Methodology and Tips on Better ResearchResearch Methodology and Tips on Better Research
Research Methodology and Tips on Better Research
 

CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After the Breach

  • 2. 2 Practical and entertaining education for attorneys, accountants, business owners and executives, and investors.
  • 3. Disclaimer The material in this webinar is for informational purposes only. It should not be considered legal, financial or other professional advice. You should consult with an attorney or other appropriate professional to determine what may be best for your individual needs. While Financial Poise™ takes reasonable steps to ensure that information it publishes is accurate, Financial Poise™ makes no guaranty in this regard. 3
  • 4. 4 Thank You To Our Sponsors
  • 5. Meet the Faculty MODERATOR Kathryn Nadro – Sugar Felsenthal Grais & Helsinger LLP PANELISTS Anna Mercado Clark – Phillips Lytle LLP Alison Schaffer - Jump Trading Group Alex Sharpe - Sharpe LLC 5
  • 6. About This Webinar- Data Breach Response: Before and After the Breach You’ve received the dreaded call that your company has just suffered a data breach – what do you do next? Who do you call for help? What notification obligations do you have? With proper preparation, you can mitigate the damage caused by this unfortunate event and put your business in a position to recover. Your company may have already implemented its information security program and identified the responsible parties, including applicable outside experts, to be contacted in the event of a breach. However, now you must call up your incident response team to investigate the extent of the breach, evaluate the possible damage to your company, and determine whether you must notify your clients, customers, or the public of the breach. This webinar will help prepare you to take action when the worst happens. 6
  • 7. About This Series: About This Series: Cyber Security & Data Privacy 2022 Cybersecurity and data privacy are critical topics of concern for every business in today’s environment. Data breaches are a threat to every business and can cause both direct losses from business interruption and loss of data to indirect losses from unwanted publicity and damage to your business’s reputation. Compliance with a patchwork of potentially applicable state and federal laws and regulations may cost your business in terms of money and time. This series discusses the various laws and regulations that affect businesses in the United States and in Europe, as well as the best practices to use in creating an information security program and preparing for and responding to data breaches. Each Financial Poise Webinar is delivered in Plain English, understandable to investors, business owners, and executives without much background in these areas, yet is of primary value to attorneys, accountants, and other seasoned professionals. Each episode brings you into engaging, sometimes humorous, conversations designed to entertain as it teaches. Each episode in the series is designed to be viewed independently of the other episodes so that participants will enhance their knowledge of this area whether they attend one, some, or all episodes. 7
  • 8. Episodes in this Series #1 Introduction to US Privacy and Data Security: Regulations and Requirements Premiere date: 08/03/22 #2 Introduction to EU General Data Protection Regulation: Planning, Implementation, and Compliance Premiere date: 9/07/22 #3 How to Build and Implement your Company's Information Security Program Premiere date: 10/12/22 #4 Data Breach Response: Before and After the Breach Premiere date: 11/09/22 8
  • 9. Episode #4: Data Breach Response: Before and After the Breach 9
  • 10. Overview • What is a Data Breach? ✓ A data breach is a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion ✓ Data breach may have different meanings under various state, federal, and international laws
  • 11. Overview Data Breach Facts (IBM Cost of a Data Breach Report 2022) ✓ Average cost of a data breach in the US: $9.44 million ✓ Average cost of a data breach globally: $4.35 million ✓ Share of ransomware breaches rose 41% since 2021 and took 49 days longer to remediate ✓ $4.54 million average total cost of a ransomware breach ✓ $45% of data breaches happen in the cloud
  • 12. Overview Data Breach Costs ✓ Computer forensics ✓ Breach notification mailing, call centering and identity restoration services costs ✓ Public relations ✓ Regulatory investigation, fines and penalties ✓ Lawsuit(s) ✓ Legal services • Average number of days to identify and contain a breach: 287 days
  • 13. Overview • Examples of Data Breach Causes ✓ Malware/Ransomware ✓ Unsecured website login systems ✓ Use of unapproved or insecure software ✓ Insecure IT infrastructure ✓ Phishing/e-mail scam ✓ Employees mishandling data ✓ Human factor/negligence
  • 14. Overview What hackers are seeking: ✓ Money (e.g., wire theft) ✓ Theft of personal information - Purchase of goods with stolen credit card information ✓ Filing of fraudulent tax returns ✓ Sale of personal information ✓ Disgruntled employee(s) use of information ✓ Corporate espionage
  • 15. Before the Breach: Data Breach Response Plan • What is a data breach response plan? ✓ Aims to help you manage a data breach ✓ Provides a framework that sets out roles and responsibilities for managing an appropriate response to data breach ✓ Describes steps an entity should take to manage a breach, should one occur ✓ Prevention is better than remediation • Why do you need a data breach response plan? ✓ Provides clarity and mitigates confusion ✓ Gives all employees knowledge of how to address a data breach ✓ Establishes a chain of command and responsibilities of each employee ✓ Quicker response time to fixing the breach
  • 16. Data Breach Response Plan • A data breach response plan should: ✓ Provide the actions to be taken if a breach is suspected, discovered or reported by a staff member, including when it is to be escalated to the response team ✓ Identify members of your data breach response team ✓ Identify the actions the response team is expected to take ✓ Be in writing ▪ Staff and employees could clearly understand the roles and responsibilities ✓ Identify goals and objectives of the plan
  • 17. Data Breach Response Plan • Data breach response plan should cover: ✓ A strategy for assessing, managing and containing data breaches ✓ A clear explanation of what constitutes a data breach ✓ The reporting line if staff do suspect a data breach ✓ The circumstances in which the breach can be handled by a line manager or when it should be escalated to the response team ✓ Recording data breaches ✓ A strategy to identify and address any weaknesses in data handling that contributed to the breach ✓ A system for a post-breach review and assessment of your entity’s response to the data breach and the effectiveness of your data breach response plan
  • 18. Before the Breach: Tabletop Exercises Incident Response or Breach Response Plans must be practiced: ✓ Tabletop exercises allow incident response teams to test out their incident response plans and find any gaps or holes in the organization’s policies and procedures ✓ Will involve a simulated breach on an appropriate system for each organization, such as vendor systems, business operations such as data processing or transactions, or critical digital assets such as networks, applications, or sensitive data ✓ Also include group discussions to review the effectiveness of strategies and tactics, sometimes including a facilitator such as an outside cybersecurity expert ✓ All members of the incident response team should participate in the exercise, including any additional stakeholders who would be activated in a breach
  • 19. So, You Think You’ve Been Breached… • Know who to call: the Incident Response Team • Management • Legal counsel • IT support • Public relations • Forensic support • Insurance contact
  • 20. So, You Think You’ve Been Breached… (cont’d) Breach Response ✓ Identify/Detect Determine if a breach occurred ✓ Contain Contain and mitigate the data breach ✓ Investigate How did the breach occur and what was the scope? ✓ Notify Provide notifications to affected individuals ✓ Remediate Prevent reoccurrence of breach and identify lessons learned
  • 21. Breach Response: Identify/Detect • First, identify if an incident is a data breach ✓ Employees may have exposed sensitive personal data by accident – still an incident, but requires a different response ✓ Common indicators of external compromise include – - unusual login times - reduced operating speeds across the network or heavy, unexplained traffic - use of nonstandard command prompts - unexpected restarts - use of unusual software - malfunctioning of antivirus/security software - the presence of unexpected IP addresses
  • 22. Breach Response: Containment • Second, once you discover you’ve been breached, contain the breach • Move quickly to secure systems and fix vulnerabilities ✓ Key is to stop the immediate business impact of the breach – cut off the access to the external party, secure internal systems, stop the bleeding • Deploy breach response team to work on investigation and containment and determine additional resources to deploy: ✓ Forensics ✓ Legal ✓ Internal team leaders
  • 23. Breach Response: Containment • The First 24 Hours Checklist ✓ Record the date and time when the breach was discovered & response efforts begin ✓ Alert and activate everyone on the response team ✓ Secure the premises around the area where the data breach occurred to help preserve evidence
  • 24. Breach Response: Containment • The First 24 Hours Checklist (Cont’d) ✓ Stop additional data loss ▪ Take devices offline but DO NOT turn off ✓ Assess priorities and risks ✓ Determine whether any early notification to customers, affected businesses, law enforcement and other regulatory agencies is required or advisable
  • 25. Breach Response: Fix Vulnerabilities • Work with forensic experts ✓ Encryption enabled ✓ Analyze backup or preserved data ✓ Review the type of information compromised • Develop a communication plan ✓ Develop comprehensive plan to communicate internally
  • 26. Breach Response: Investigate • Third, investigate the cause and scope of the breach promptly ✓ Consider relevant facts ✓ Inside or outside threat? ✓ Conduct interviews ✓ Analyze compromised systems ✓ Identify malware employed, if applicable ✓ Engage incident response team ✓ Engage forensic experts, as appropriate ✓ Engage legal counsel early in the process ✓ Determine whether insurance contact should be notified ✓ Reconstruct the incident
  • 27. Breach Response: Investigate • During the investigation: ✓ Evaluate the nature, extent, and scope of incident ✓ What information was improperly disclosed? ✓ Was the information recovered? ✓ When and how did the incident happen? ✓ How many individuals were affected? ✓ Does the incident involve residents of multiple states? ✓ Document the investigation findings, conclusion and rationale
  • 28. Breach Response: Notice • Fourth, determine your notification obligations • Potential parties to notify: ✓ Customers ✓ Law enforcement and other regulatory agencies ✓ Affected businesses
  • 29. Breach Response: Notice (cont’d) • Notification requirements vary based on state, federal, and international law ✓ 54 U.S. states, territories, and tribal jurisdictions require some level of notification to individuals when a breach occurs ✓ If breaches reach a certain size (e.g., over 500 individuals), many states require notification to attorneys general ✓ Notification generally must occur within a “reasonable time” after the breach is discovered • Generally, must include description of the circumstances of the breach, steps taken to remedy the incident, steps intended to be taken after the notification, and occasionally whether law enforcement is involved in investigating the incident ✓ International law may be stricter than your specific state ✓ GDPR requires notice in 72 hours in some cases
  • 30. Breach Response: Notice…to the FBI? • Consider contacting the FBI and/or local authorities when a breach involves: ✓ Significant loss in data, system availability, or control of systems ✓ A large number of victims ✓ Unauthorized access to or malicious software on critical information technology systems ✓ Critical infrastructure or core government functions ✓ National security, economic security, or public health and safety ✓ Financial transactions, such as unauthorized wire transfers
  • 31. Breach Response: Remediation • Fifth, remediate the data breach ✓ Requires looking at other potential flaws in security infrastructure – identify any “lessons learned” in data security environment and response plan ✓ Develop a remediation plan that is tailored to the breach or incident to prevent it from happening again ✓ Requires an honest and true assessment of the cause of the breach
  • 32. Breach Response: Remediation (cont’d) • Remediation practices can include: ✓ Developing an internal and external communications plan ✓ Strengthen data security policies ✓ Planning to prevent reoccurrence ✓ Providing additional training to employees on data security ✓ Maintaining documentation of actions ✓ Insurance considerations
  • 33. Breach Response: Remediation • Insurance Considerations ✓ Traditional policies • E&O: errors and omissions • D&O: directors and officers • CGL: commercial general liability ✓ These policies frequently do not cover costs arising out of a security incident or data breach
  • 34. Breach Response: Remediation (cont’d) • Insurance Considerations (Cont’d) ✓ 1st party cyber insurance coverage typically includes - ▪ Business interruption ▪ Cyber extortion ▪ Data restoration ▪ Forensic costs ▪ Crisis management ▪ Legal costs ▪ Notification, call center, credit monitoring/identity restoration
  • 35. Breach Response: Remediation (cont’d) • Insurance Considerations (Cont’d) ✓ 3rd party cyber coverage typically includes - ▪ Regulatory investigation ▪ PCI assessments and fines ▪ Lawsuits ✓ Insurance coverage frequently requires notice to the insurer prior to hiring counsel or any investigators or other vendors, so notify the insurer as soon as possible
  • 36. Breach Response – When and What to Document? Document the steps you took in your investigation: ✓ Individuals interviewed ✓ Systems investigated and secured ✓ Identified vulnerabilities and remediation of same (including the cause and source, if known, of the breach) ✓ What information was compromised and the scope of the breach When documentation is required: ✓ GDPR requires certain documentation of breaches, whether they must be reported or not (if not reported, should document reasons for that decision) ✓ Insurance carriers will require certain documentation of most breaches if claims are made ✓ Other statutes may require documentation of the breach and investigation – many state AGs or other regulatory agencies may also require documentation
  • 37. Breach Response: Breach Team Members • Forensics Team - helps determine the source and scope of breach ✓ Captures forensic images of affected systems ✓ Collects and analyze evidence, and ✓ Outlines remediation steps • Hire independent forensic investigators to perform the investigation
  • 38. Breach Response: Breach Team Members • Legal Counsel - helps identify your legal obligations ✓ Identifies state and federal regulations regarding data breaches for your industry ✓ Identifies entities that need to be notified, such as customers, employees, government agencies, regulatory boards, etc. ✓ May provide privilege to the investigation process if retained early enough and if counsel directs forensic investigation - Certain courts have refused to apply privilege to investigation even under those circumstances ✓ Ensures notifications occur within any mandated timeframes
  • 39. Trending Topics: Ransomware • Ransomware is a growing threat, particularly since the pandemic increased remote work o Companies may face both paying a ransom and then dealing with a data breach remediation o Attacks on critical infrastructure, such as the Colonial Pipeline incident in May 2021 o FBI and other agencies prioritized fighting ransomware in a similar way to fighting terrorism o Email is among the most prevalent attack vectors used to deliver ransomware • In 2020, the U.S. Office of Foreign Asset Control (OFAC) issued guidance stating that the government would start enforcing sanctions in connection with ransomware attacks o OFAC announced it would enforce it not only against ransomware victims, but also against their insurers and the intermediaries hired by companies or their insurers, such as cybersecurity firms that negotiate with threat actors • Insurance may be available for ransomware, but many policies require consent prior to making a payment
  • 40. Trending Topics: Standing for data breach victims in court • Plaintiffs in data breach litigation have had an uphill battle in establishing standing when there is only an increased risk of identify theft due to a data breach • McMorris Factors (McMorris v. Carlos Lopez & Associates LLC, 995 F.3d 295 (2d Cir. 2021)): o Whether plaintiff’s data was exposed as the result of a targeted attempt to obtain the data o Whether any portion of the compromised dataset already has been misused; and o Whether the exposed data includes high-risk information – e.g., Social Security numbers and dates of birth
  • 42. About The Faculty Kathryn Nadro - knadro@sfgh.com Kathryn (“Katie”) Nadro leads Sugar Felsenthal Grais & Helsinger’s Data Security and Privacy practice. Katie advises clients on a diverse array of business matters, including data security and privacy compliance, commercial and business disputes, and employment issues. Katie works with individuals and businesses of all sizes to craft successful resolutions tailored to each individual matter. Katie is a Certified Information Privacy Professional (CIPP/US) and counsels clients on a variety of data security and privacy issues, including breach response, policy drafting, program management, data collection, vendor management, and compliance with ever-changing state, federal, and international privacy law. Katie also has broad litigation experience representing companies and individuals in contract, non-compete, discrimination, harassment, fiduciary duty, and trade secret litigation in state and federal court and arbitration. With a background as both in-house and outside counsel, Katie understands that business objectives, time, and resources play an important role in reaching a favorable outcome for each client. 42
  • 43. About The Faculty Anna Mercado Clark – AClark@phillipslytle.com Anna Mercado Clark, Esq., CIPP/E, CIPP/US, CIPM, FIP is a partner at Phillips Lytle LLP, a full service law firm in the U.S. and Canada. She leads Phillips Lytle’s Data Security & Privacy and e-Discovery & Digital Forensics Practice Teams and is the co-team leader of the firm’s Cryptocurrency & Bitcoin Mining Practice Team. Additionally, Anna focuses her practice in the areas of business and commercial litigation and, as a former district attorney, also handles white-collar criminal matters and investigations. She regularly counsels sophisticated clients on technology solutions, risk mitigation, data protection and compliance strategies given the constantly evolving regulatory landscape, and speaks at national and international conferences as a subject-matter expert on these issues. Ms. Clark is an adjunct professor at Fordham University School of Law, teaching a course on data security and privacy, as well as fundamental lawyering skills. /To read more, go to https://www.financialpoise.com/webinar-faculty/anna-mercado-clark 43
  • 44. About The Faculty Alison Schaffer – ASchaffer@jumptrading.com Alison Schaffer is Legal and Regulatory Counsel at the Jump Trading Group in Chicago. Alison works extensively in the areas of trading, technology, human resources, venture capital, and data protection and privacy. Specifically, Alison leads GDPR implementation and data protection and privacy application for all of the Jump Trading Group’s business lines. Alison graduated from Northwestern University with Honors in Legal Studies and Communication Studies and a Certificate in Service Learning and attained a Masters in Education while a Teach For America corps member in New York. Alison obtained her Juris Doctor from Chicago-Kent College of Law, where she was an avid member of the Trial Team. She is a member of the International Association of Privacy Professionals and looks forward to completing her CIPP-E certification. 44
  • 45. About The Faculty Alex Sharpe – Alex@sharpellc.com Alex Sharpe is a long-time Cybersecurity, Governance, and Digital Transformation expert with real-world operational experience. He has spent much of his career helping corporations and government agencies reap the rewards afforded by advances in technology while mitigating risk. He began his career at the NSA before moving into the Management Consulting ranks building practices at Booz Allen and KPMG. He subsequently co-founded two firms with successful exits, including The Hackett Group. Alex holds degrees in Business from Columbia Business School, Systems Engineering from Johns Hopkins University, and Electrical Engineering from New Jersey Institute of Technology (NJIT). He is a published author, speaker, instructor, and advisor. 45
  • 46. Questions or Comments? If you have any questions about this webinar that you did not get to ask during the live premiere, or if you are watching this webinar On Demand, please do not hesitate to email us at info@financialpoise.com with any questions or comments you may have. Please include the name of the webinar in your email and we will do our best to provide a timely response. IMPORTANT NOTE: The material in this presentation is for general educational purposes only. It has been prepared primarily for attorneys and accountants for use in the pursuit of their continuing legal education and continuing professional education. 46
  • 47. 47
  • 49. About Financial Poise 49 DailyDAC LLC, d/b/a Financial Poise™ provides continuing education to attorneys, accountants, business owners and executives, and investors. It’s websites, webinars, and books provide Plain English, entertaining, explanations about legal, financial, and other subjects of interest to these audiences. Visit us at www.financialpoise.com Our free weekly newsletter, Financial Poise Weekly, updates you on new articles published on our website and Upcoming Webinars you may be interested in. To join our email list, please visit: https://www.financialpoise.com/subscribe/