13744645.1

In this Issue:

Chapter Performance Objectives

Cyber Security: The New

Frontier

July- August 2013

Chapter members enjoy a night at Great American Ballpark and the Superhero Run

for Kids

Page | 2 13744645.1

Thanks to Our 2013 Business Partners

Below is the list of our 2013 Business Partners. If you know of anyone who may be interested in becoming a Business Partner with us, please refer them to Glenda Raley or Perry Owen.

PARTNER CONTACT INFORMATION LEVEL Access (Retrievex) Matt Heinbaugh mheinbaugh@retrievex.com Platinum Iron Mountain Bryan Murphy Bryan.Murphy@ironmountain.com Platinum Loth Rebekah Vazquez RVazquez@lothinc.com Platinum MOM Bill Schulok bill.schulok@momnet.com Platinum Precision Staffing Services Scott Simpson sts@precisionstaffingusa.com Platinum Special Counsel Gordon Shock/513-721-4400 gordon.shock@specialcounsel.com Platinum Trustaff Liz Gabrick lgabrick@trustaff.com Platinum 21C Museum Hotel Amanda Hawkins ahawkins@21chotels.com Gold Harper Engraving Pete Mueller/614-276-0700 pmueller@harperengraving.com Gold IST Management Services Becca Evans/317-517-2696 bevans@istmanagement.com Gold Patterson Pope Rich Schemenaur/513-891-4430 rschemenaur@pattersonpope.com Gold Pro Tem Katie Dardugno katie.dardugno@protem.pro Gold ProSource Mark Heidrich/513-769-0606 mheidrich@totalprosource.com Gold Ricoh Richard Hughes/513-985-4770 richard.hughes@ricoh-usa.com Gold Rippe Kingston David Osbun/513-241-1375 dosbun@rippe.com Gold RJE Knoll Gerald Shannon/513-641-3700 gshannon@rjecincy.com Gold Salix Ruth Sarah Hart Schneider rschneider@salixdata.com Gold Big Hand Shelby Ontbank/513-376-7169 shelby.onthank@bighand.com Silver Control Systems Bill DeLong/800-390-2440 bdelong@copitrak.com Silver

Page | 3 13744645.1

Cyber Security: The New Frontier By Chris Nyhuis, Director of Cyber Security for SALIX

The World Wide Web is the modern day Wild West. Laws are difficult to enforce and crimes go largely unpunished. Instead of gangs of outlaws we have groups of hackers. These groups are looking for financial records, intellectual property and highly confidential information. Their attacks are becoming more sophisticated, more frequent and more difficult to prevent. As these attacks strengthen, businesses are becoming more dependent on the information and technology at risk.

Fortunately, for small businesses and large corporations alike, there are ways to mitigate the risks of a breach of the data that is so critical for day to day operations and decision making. The evolution of cyber threats and malicious programs has spurred the development of Cyber Security. There are several steps an organization can take to enhance their internal Cyber Security and it typically begins with a Vulnerability Audit to determine Risk. Once the network has been assessed and risks have been determined, it is critical to implement a layered defense system to fortify vulnerable areas. Even with these measures in place, no network is completely secure. To be as safe as possible, it is current best practices to implement a program of on-

going intrusion monitoring and routine virus software updates to minimize the risk of a breach occurring.

Risk

Cyber Risks can come in all shapes and sizes; from viruses, Trojan horses, worms, and phishing, to hacking, intrusion, hidden threats, and more. Due to the diverse nature of these threats, everyone from small businesses to large government agencies are at risk. Once a weakness in the network has been exploited an intruder can gain access to client data, email, financial information and intellectual property. The best defense against such risks begins with understanding the basics of Cyber Security, and the steps you can you take to protect yourself.

Vulnerability Audit

It is critical for any organization to have an initial assessment to identify the weaknesses in their current firewall or network security. This is the first step in compiling a comprehensive security program. A Vulnerability Audit will help you create the road map for your organization, and will identify the most critical and immediate needs. If sensitive data is vulnerable, the

Page | 4 13744645.1

principals in the organization will need be notified immediately, and the

necessary corrective programs put in place as a top priority.

Many organizations are now requiring business associates to have Vulnerability Audits performed annually. Additionally, it is becoming more popular for companies issuing RFP’s to require these audits.

Layered Defense

In the world of Cyber Security, best practices involve setting up a layered security scheme. One security measure alone will not suffice. For example, some organizations think because they already have a firewall, they are protected. Firewalls themselves need to be kept current with software that is updated on a regular basis to protect against the latest and greatest attacks. A security program comprised of multiple layers is your best defense. A very basic layered approach might include requiring strong passwords, firewalls and encrypted hardware (laptops, desktops, and handheld devices). Other standard precautions may include antivirus software, verification of server authenticity before providing personal information, and automated deletion of potential phishing sites. A more sophisticated program would include annual

Vulnerability Audits and on-going intrusion monitoring. Virus attacks evolve on a daily basis; on-going monitoring and protection updates are necessary safety measures. While no network is 100% guaranteed hacker proof, on-going monitoring is highly regarded as a best practice.

Data Breaches

A written plan to address company policies and procedures should a data breach occur is a must for any size business. This is another area where your Cyber Security partner, insurance agent, and attorney can help you create the right policy for the type of business. The law is very specific in terms of notification requirements, but many organizations have a more extensive plan in place, up to and including a plan for damage control of their business reputation.

HIPAA Requirements

Increased Cyber Security measures are a mandated requirement for many healthcare organizations and vendor partners. Newly enacted legislation in March of 2013 requires medical service providers and business associates to enhance the security of both the network and physical environments. If you house HIPAA data for your employees, clients, or as a part of the nature of your business, you will need

Page | 5 13744645.1

to ensure that your security plan addresses the HIPAA requirements.

Mobile Devices and BYOD (Bring Your Own Device)

An often unnoticed weakness is the use of company provided smart-phones, tablets, and other handheld devices to access company servers. It is important that all organizations ask the question, do employees access the corporate network remotely, or access other corporate online resources via their laptops, tablets or smart-phones? While these resources can make it much easier to access information on the go, they can also make it much easier to compromise the system to hackers. Additionally, it is becoming more and more common for companies to have BYOD (Bring your Own Device) policy. Unprotected personal devices drastically increase vulnerability to Cyber attacks. We are rapidly moving to work environments where many people are utilizing personal mobile devices in their daily professional life. Employees may be opening up company networks to security threats that enter through their personal emails that they access on a personal device. Special steps, such as device encryption, should be considered to safeguard data against these types of potential compromises.

It is becoming ever more popular to do business at internet cafes, such as Panera or Starbucks. There is a high

level of risk when your employees are accessing company information from these locations, with public wireless access. Your company security policy should address this issue clearly.

Cyber Liability Policies

It is critical to for all organizations assess their need for a Cyber Liability Policy. A policy that covers expenses for data breaches often times can mean the difference between staying in business or not. Small businesses believe these policies are for larger companies, but in reality, the costs have come down, and the availability of such policies has become more widespread. A Cyber Liability Policy can cover not only your out-of-pocket expenses for recovering after a breach, but also regulatory fines and penalties, business interruption coverage, and even the expense of hiring a public relations firm.

The Cost of Virus Attacks

Viruses are changing every day, and the costs of an infection to a business can be staggering. The risk of a significant amount of downtime can be expected, and it will be costly to an organization. As an example, it can often take up to 3 hours of “remediation” per “system” to remove a virus. A “system” can be defined as a PC, workstation, server, or other device on your network.

Page | 6 13744645.1

Remediation is the term used to repair and restore your device, and often times it may have to be reset to factory settings- which can cause a significant loss of data and productivity for your employees. Once networks have been remediated, they may still never be 100% clean.

What Can I Do? It would be important to start with a Vulnerability Assessment, to help your organization create a “road map” with timing and budgetary considerations. There are third party vendors who can help you with an objective, thorough review of your existing exposures. Some very basic components of a security program can be implemented with on-going training and education of employees around the use of strong passwords and email vulnerabilities. Don’t let the lack of resources prevent you from at least starting at this point. Your Vulnerability Assessment will help you identify next steps. You may also want to contact your Cyber Security insurer for additional guidance. There may be discounts available from your insurer for implementing some of the security protections, so make sure to

ask. These rebates can help to offset the costs of your program. The first step is to get your organization to agree that Cyber Security is an area of concern, and to allocate the necessary resources. To learn more about Cyber Security, cyber monitoring, intrusion detection, and other ways to safeguard your data, attend SALIX’s Cyber security event at the Cincinnati Horseshoe Casino July 26, or contact SALIX directly. Register at www.salixdata.com/rsvp Chris Nyhuis is the Director of Cyber Security for SALIX, and currently the President and CEO of Vigilant LLC., an IT Services and Managed Security firm. Chris is a “certified hacker” with certifications CISP, CIPS, CPT and CEH. Chris has worked with US and International Customers in the Government, Legal, Financial, Health Care, Ministry and General Business sectors. Chris has been in the IT and Security industry for 16 years. During that time he has held both IT Director and Management roles in the Communications, Automotive and Food Distribution Industries. Chris enjoys Traveling with his Family, Backpacking and Brewing Craft Beer.

Page | 7 13744645.1

Page | 8 13744645.1

Page | 9 13744645.1

Page | 10 13744645.1

Page | 11 13744645.1

Page | 12 13744645.1

Page | 13 13744645.1

Page | 14 13744645.1

Page | 15 13744645.1

Page | 16 13744645.1

Association of Legal Administrators Greater Cincinnati Chapter 2013-2014 Board and Committee Chairs Past President Jeff Middendorf Katz, Teller, Brant & Hild 513-721-4532 jmiddendorf@katzteller.com President Tom Freeman Peck, Shaffer & Williams 513-639-9225 tfreeman@peckshaffer.com President Elect Erin Flynn Peck Shaffer & Williams 513-639-9227 eflynn@peckshaffer.com Secretary Alan Pickett Taft Stettinius & Hollister 513-357-9410 pickett@taftlaw.com Treasurer Kathy Wilson Aldrich Bonnefin & Moore 513-843-4272 kwilson@abmlawfirm.com Membership Ken Crooks Dinsmore & Shohl LLP 513-977-8687 kenneth.crooks@dinsmore.com Programs Phil Harmon Ritter & Randolph LLC 513-744-7713 pharmon@ritter.com Nan Walker Schwartz Manes Ruby & Slovin 513-579-1414 nwalker@smrslaw.com Business Partners Glenda Raley Ulmer & Berne LLP 513-698-5040 graley@ulmer.com Perry Owen Graydon Head & Ritchey 513-629-2826 powen@graydon.com Newsletter Beth Silvers Taft Stettinius & Hollister 513-357-9342 silvers@taftlaw.com Public Relations Jim Crosset Wood, Herron & Evans 513-241-2324 jcrosset@whepatent.com Surveys Lori Moser Keating, Muething & Klekamp 513-579-6556 lmoser@kmklaw.com Website Judy Groene Katz, Teller, Brant & Hild 513-721-4532 jgroene@katzteller.com CWW Janet Sullivan Statman, Harris & Eyrich 513-621-2666 jsullivan@statmanharris.com

This Greater Cincinnati Chapter of the Association of Legal Administrators newsletter is published bi-monthly for the education and benefit of legal

administrators. It is not published for the purpose of rendering legal, accounting, or other professional services or advice. Nothing contained in this

newsletter should be construed as legal, accounting, or other professional services or advice.