Talking About the Global Impact of Cybersecurity, Law, and Business Risk
I presented at the Institute of Internal Auditors 9th Annual Fraud Summit on The Legal Side of Data Breach and Third Party Risk. My co-presenter was Christopher Mitchell of Crowe Horwath. The following are the presentation slides used for my part of the presentation. Key Takeaway: Your company is still responsible for a data breach …
Continue reading “The Legal Side of Data Breach and Third Party Risk (presentation slides)”
Sun Tzu taught that, when it comes to cybersecurity, you must be wary of your business associates and other third parties. Why? Have you heard of the national retailer that what was hit with a perfectly timed cyber attack on Black Friday ’13 that resulted in credit card data from roughly 110 million customers being taken? That …
Continue reading “What did Sun Tzu teach about cybersecurity?”
Riddle: What has sensitive data, is the target of cyber criminals, and will (almost certainly) have a data breach? Answer: YOUR COMPANY! When your company has a data breach, these are the top 3 questions that you will be required to answer: How did the breach happen? What steps did your company take before the breach …
Continue reading “3 Important Questions Your Company Must Answer After A Data Breach”
Today I attended a meeting where a Special Agent of the United States Secret Service’s North Texas Electronic Crimes Task Force discussed the role of law enforcement in responding to hacking / data breach incidents and provided an overview of the steps the Secret Service often takes in investigating such incidents. The Special Agent passed …
THE POINT: Recent statements from the SEC indicate that the new standard of care for companies may require policies in place for (1) prevention, detection, and response to cyber attacks and data breaches, (2) IT training focused on security, and (3) vendor access to company systems and vendor due diligence. Do you still think your …
I have recently written of how data breach responses and response plans cannot be one-size-fits-all and must be tailored to the unique needs of the company involved, as well as its culture. That is, they must be tailored to fit a company of humans dealing with humans. This morning I read an article that discusses …
When responding to a data breach, the company has two primary objectives that must be balanced: (1) complying with the legal notification and remediation requirements; and (2) preserving its relationship with its customers. In my opinion, the second is always the most important because if the business fails, we too have failed. In order to …
I have handled several data breach incidents for clients as their breach response counsel and, while we have an effective process to implement to help keep clients out of legal hot water, that really is not the most important aspect of handling the incident. The most important issue is how the incident will impact the …
Continue reading “Executives – Are You Ready to Lead Your Company Through a Data Breach?”
Please follow me for a moment to think big-picture about a few important privacy and data security issues. Don’t over analyze, just read this and then close your eyes and think about it for a minute or two. Think big-picture. Aaron Swartz believed information should be liberated — that is, free for everyone to access …
TAKEAWAY: Businesses must protect their data from being taken by anyone who is not authorized to have it — insiders and outsiders alike. If their data is taken in a way that is unauthorized, it is a data breach. When a former employee leaves with a thumb drive, Gmail inbox, or Dropbox of your businesses’ …
You must be logged in to post a comment.