cyber risk presentation to murphy chamber of commerce (5.28.15)

PowerPoint Presentation

Cybersecurity

MissionImpossible?Shawn E. TumaScheef & Stone, LLP@shawnetuma

www.solidcounsel.com

There are only two types of companies: those that have been hacked, and those that will be. Robert Mueller

97% - Companies Tested Breached in Prior 6 mos.

Odds: Security @100% / Hacker @ 1

StewardshipPublic RelationsLegal

www.solidcounsel.comResponding: Execute Breach Response Plan

contact attorney (privilege)assemble your Response Teamnotify Card Processorcontact forensicscontact notification vendorinvestigate breachremediate responsible vulnerabilitiesreporting & notification


What does reporting & notification mean?Law EnforcementState Attorneys Generalpre-notice = VT (14 days), MD, NJ St. PoliceFederal Agencies FTC, SEC, HHS, etc.ConsumersFla, Ohio, Vermont = 45 days

Industry GroupsPCI, FINRA, FDIC Credit BureausProfessional Vendors & Suppliers


Cost of a Data Breach2013 Cost (pre-Target)$188.00 per record$5.4 million = total average cost paid by organizations2014 Cost$201 per record$5.9 million = total average cost paid by organizationsThe primary reason for the increase is the loss of customers following the data breach due to the additional expenses required to preserve the organizations brand and reputation. Ponemon Institute 2014 Cost of Data Breach Study


2014: 90% Preventable

Blocking & TacklingTheftLostPasswordsPhishingWebsitesBasic ITCase Stories

www.solidcounsel.comBlocking & Tackling: Best PracticesYou will be breached, but will you be liable?Best Practices (if you have)ComputerDataInternet

www.solidcounsel.comBlocking & Tackling: Best PracticesApproved & DocumentedBasic IT SecurityBasic Physical SecurityPolicies & Procedures Focused on Data SecurityCompanyWorkforce (Rajaee v. Design Tech Homes, Ltd.)Network Business Associates (Travelers Casualty v. Ignition Studio, Inc.)Implementation & TrainingRegular Reassessment & Update


protecting businesses information

protecting businesses from their informationRisk Compliance Program

Training!


Login CredentialsYou dont drown from falling into the water25k v. 40m (T) / 56m (HD)




www.solidcounsel.comOutsider & Insider Threats

www.solidcounsel.commisuse?

www.solidcounsel.comMisuse Case Examples

www.solidcounsel.comProtecting businesses from information


Let us think


#


AdviserConsultantRelationshipsCoordinatorAttorney

www.solidcounsel.comShawn TumaPartner, Scheef & Stone, [email protected]@shawnetumablog: shawnetuma.comweb: solidcounsel.comThis information provided is for educational purposes only, does not constitute legal advice, and no attorney-client relationship is created by this presentation.Shawn Tuma is a cyber lawyer business leaders trust to help solve problems with cutting-edge issues involving cybersecurity, data privacy, computer fraud, intellectual property, and social media law. He is a partner at Scheef & Stone, LLP, a full service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, throughout the world.Texas SuperLawyers 2015 Best Lawyers in Dallas 2014 & 2015, D Magazine (Digital Information Law)Chair, Collin County Bar Association Civil Litigation & Appellate SectionCollege of the State Bar of TexasPrivacy and Data Security Committee, Litigation, Intellectual Property Law, and Business Sections of the State Bar of TexasInformation Security Committee of the Section on Science & Technology Committee of the American Bar AssociationSocial Media Committee of the American Bar AssociationNorth Texas Crime Commission, Cybercrime CommitteeInfragard (FBI)International Association of Privacy ProfessionalsInformation Systems Security AssociationContributor, Norse DarkMatters Security BlogEditor, Business Cyber Risk Law Blog