cyber risk presentation to murphy chamber of commerce (5.28.15)
TRANSCRIPT
PowerPoint Presentation
Cybersecurity
MissionImpossible?Shawn E. TumaScheef & Stone, LLP@shawnetuma
www.solidcounsel.com
There are only two types of companies: those that have been hacked, and those that will be. Robert Mueller
97% - Companies Tested Breached in Prior 6 mos.
Odds: Security @100% / Hacker @ 1
StewardshipPublic RelationsLegal
www.solidcounsel.comResponding: Execute Breach Response Plan
contact attorney (privilege)assemble your Response Teamnotify Card Processorcontact forensicscontact notification vendorinvestigate breachremediate responsible vulnerabilitiesreporting & notification
www.solidcounsel.com
What does reporting & notification mean?Law EnforcementState Attorneys Generalpre-notice = VT (14 days), MD, NJ St. PoliceFederal Agencies FTC, SEC, HHS, etc.ConsumersFla, Ohio, Vermont = 45 days
Industry GroupsPCI, FINRA, FDIC Credit BureausProfessional Vendors & Suppliers
www.solidcounsel.com
Cost of a Data Breach2013 Cost (pre-Target)$188.00 per record$5.4 million = total average cost paid by organizations2014 Cost$201 per record$5.9 million = total average cost paid by organizationsThe primary reason for the increase is the loss of customers following the data breach due to the additional expenses required to preserve the organizations brand and reputation. Ponemon Institute 2014 Cost of Data Breach Study
www.solidcounsel.com
2014: 90% Preventable
Blocking & TacklingTheftLostPasswordsPhishingWebsitesBasic ITCase Stories
www.solidcounsel.comBlocking & Tackling: Best PracticesYou will be breached, but will you be liable?Best Practices (if you have)ComputerDataInternet
www.solidcounsel.comBlocking & Tackling: Best PracticesApproved & DocumentedBasic IT SecurityBasic Physical SecurityPolicies & Procedures Focused on Data SecurityCompanyWorkforce (Rajaee v. Design Tech Homes, Ltd.)Network Business Associates (Travelers Casualty v. Ignition Studio, Inc.)Implementation & TrainingRegular Reassessment & Update
www.solidcounsel.com
protecting businesses information
protecting businesses from their informationRisk Compliance Program
Training!
www.solidcounsel.com
Login CredentialsYou dont drown from falling into the water25k v. 40m (T) / 56m (HD)
www.solidcounsel.com
www.solidcounsel.com
www.solidcounsel.com
www.solidcounsel.comOutsider & Insider Threats
www.solidcounsel.commisuse?
www.solidcounsel.comMisuse Case Examples
www.solidcounsel.comProtecting businesses from information
www.solidcounsel.com
Let us think
www.solidcounsel.com
#
www.solidcounsel.com
AdviserConsultantRelationshipsCoordinatorAttorney
www.solidcounsel.comShawn TumaPartner, Scheef & Stone, [email protected]@shawnetumablog: shawnetuma.comweb: solidcounsel.comThis information provided is for educational purposes only, does not constitute legal advice, and no attorney-client relationship is created by this presentation.Shawn Tuma is a cyber lawyer business leaders trust to help solve problems with cutting-edge issues involving cybersecurity, data privacy, computer fraud, intellectual property, and social media law. He is a partner at Scheef & Stone, LLP, a full service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, throughout the world.Texas SuperLawyers 2015 Best Lawyers in Dallas 2014 & 2015, D Magazine (Digital Information Law)Chair, Collin County Bar Association Civil Litigation & Appellate SectionCollege of the State Bar of TexasPrivacy and Data Security Committee, Litigation, Intellectual Property Law, and Business Sections of the State Bar of TexasInformation Security Committee of the Section on Science & Technology Committee of the American Bar AssociationSocial Media Committee of the American Bar AssociationNorth Texas Crime Commission, Cybercrime CommitteeInfragard (FBI)International Association of Privacy ProfessionalsInformation Systems Security AssociationContributor, Norse DarkMatters Security BlogEditor, Business Cyber Risk Law Blog