Tag Archives: Officers & Directors

Breach Notifications Should Focus On Preserving The Customer Relationship First, Then On Legal Requirements

When responding to a data breach, the company has two primary objectives that must be balanced: (1) complying with the legal notification and remediation requirements; and (2) preserving its relationship with its customers. In my opinion, the second is always the most important because if the business fails, we too have failed. In order to …

Continue reading “Breach Notifications Should Focus On Preserving The Customer Relationship First, Then On Legal Requirements”

Executives – Are You Ready to Lead Your Company Through a Data Breach?

I have handled several data breach incidents for clients as their breach response counsel and, while we have an effective process to implement to help keep clients out of legal hot water, that really is not the most important aspect of handling the incident. The most important issue is how the incident will impact the …

Continue reading “Executives – Are You Ready to Lead Your Company Through a Data Breach?”

So, your business has never had a data breach? Have you ever had an employee leave?

TAKEAWAY: Businesses must protect their data from being taken by anyone who is not authorized to have it — insiders and outsiders alike. If their data is taken in a way that is unauthorized, it is a data breach. When a former employee leaves with a thumb drive, Gmail inbox, or Dropbox of your businesses’ …

Continue reading “So, your business has never had a data breach? Have you ever had an employee leave?”

Read this explanation of cyber espionage and how it impacts YOUR company

This morning I read an article that I am sharing because it is, in essence, a very high-level overview of the theme of the presentations that Jarrett Kolthoff, David Major, and I recently delivered at the Combating Corporate Espionage: Protecting Your Organization From “hackers, insiders & fraudster” seminar. The article is Blame game: Cyber espionage from …

Continue reading “Read this explanation of cyber espionage and how it impacts YOUR company”

Combating Corporate Espionage Seminar – Prezi and a few thoughts

Today I had the honor of speaking at the Combating Corporate Espionage: Protecting Your Organization From “hackers, insiders & fraudster” seminar with Jarrett Kolthoff and David Major. Jarrett is the CEO of SpearTip Cyber Counterintelligence; he and I have worked together quite a bit so he first impressed me long ago with the depth of his …

Continue reading “Combating Corporate Espionage Seminar – Prezi and a few thoughts”

Responsiveness and Responsibility Are Considered in Assessing Data Breach Fines

About a year and a half ago I wrote a post titled Data Breach – Who’s Gonna Get it? where I made the point that, much like with Ford’s “bean counting” with the Pinto deaths back in the ’70s, companies that were aware of the risk of data breach but did not act responsibly were …

Continue reading “Responsiveness and Responsibility Are Considered in Assessing Data Breach Fines”

This Is Why Your Business Needs Cyber Insurance Coverage

Unless your business is selling home-grown vegetables out of a truck on the side of the road, you need to seriously consider getting insurance that covers cyber risks. Why? Because most insurance companies will not willingly cover cyber-related losses under their conventional insurance policies. Trust me, I have fought this battle before! A recent case …

Continue reading “This Is Why Your Business Needs Cyber Insurance Coverage”

Texas’ Amended Data Breach Notification Law

Texas amended its existing data breach notification law which became effective on September 1, 2012. The relevant section of the law is titled “Notification Required Following Breach of Security of Computerized Data” and is found at Section 521.053 of the Texas Business and Commerce Code. The main body of the law provides as follows: (b)  A …

Continue reading “Texas’ Amended Data Breach Notification Law”

Cybersecurity risk — think its material? (hint: the SEC does!)

That’s right — the Securities and Exchange Commission has determined that risks associated with cybersecurity can be material enough to require that they be included in companies’ disclosures. The SEC issued a disclosure guidance on October 13, 2011 to alert companies that these risks may fall within their existing disclosure requirements. In other words, what …

Continue reading “Cybersecurity risk — think its material? (hint: the SEC does!)”

We Are The Biggest Security Risk To Our Companies

“We are the weakest link.” Wow, this is certainly the theme of the last few weeks — people are realizing that the biggest threat to companies’ security defenses are the people people inside the companies. You may recall that I discussed this issue in two blogs about this over the last couple of weeks: Guarding …

Continue reading “We Are The Biggest Security Risk To Our Companies”