SlideShare a Scribd company logo

Cybersecurity: What the GC and CEO Need to Know

Shawn Tuma
Shawn Tuma

Shawn Tuma, Cybersecurity & Data Protection Partner at Scheef & Stone, L.L.P., presented to the Dallas Bar Association's Corporate Counsel Section on May 3, 2016. The title was Cybersecurity: What the GC and CEO Need to Know. A hands-on cybersecurity presentation: preparing an action plan before you are attacked, contracting tips and available insurance coverage.

Law
1 of 41
Download to read offline
www.solidcounsel.com
“There are only two types of companies: those that have been hacked, and those that will be.” –Robert Mueller
“It’s not a matter of if, but a matter of when”
62% of Cyber Attacks  SMBs
Odds: Security @100% / Hacker @ 1
TargetHome DepotNeiman MarcusMichael’sSpecsTJ MaxxeBaySally BeautyPF Chang’sUPSDairy QueenJimmy John’sJP Morgan ChaseKmartStaplesSonyAshley Madison
Yes, Legal
www.solidcounsel.com “Security and IT protect companies’ data; Legal protects companies from their data.” -Shawn E. Tuma
www.solidcounsel.com Privilege / Work Product “Target has demonstrated . . . that the work of the Data Breach Task Force was focused not on remediation of the breach . . . but on informing Target’s in-house and outside counsel about the breach so that Target’s attorneys could provide the company with legal advice and prepare to defend the company in litigation that was already pending and was reasonably expected to follow.” In re Target Corp. Customer Data Breach Litigation
www.solidcounsel.com ACC Study (Sept ‘15) What concerns keep Chief Legal Officers awake at night? #2 = Data Breaches 82% consider as somewhat, very, or extremely important
www.solidcounsel.com Cost of a Data Breach – US 2013 Cost • $188.00 per record • $5.4 million = total average cost paid by organizations 2014 Cost • $201 per record • $5.9 million = total average cost paid by organizations 2015 Cost • $217 per record • $6.5 million = total average cost paid by organizations (Ponemon Institute Cost of Data Breach Studies)
www.solidcounsel.com Legal Obligations  International Laws  Safe Harbor  Privacy Shield  Federal Laws & Regs  HIPAA, GLBA, FERPA  FTC, FCC, SEC  State Laws  47 states (Ala, NM, SD)  Fla (w/in 30 days)  OH & VT (45 days)  Industry Groups  PCI, FINRA, etc.  Contracts  Vendors & Suppliers  Business Partners  Data Security Addendum
www.solidcounsel.com Ancient Cybersecurity Wisdom  Water shapes its course according to the nature of the ground over which it flows; the soldier works out his victory in relation to the foe whom he is facing.”  “In all fighting the direct method may be used for joining battle, but indirect methods will be needed to secure victory.”
“An ounce of prevention is cheaper than the first day of litigation.”
Litigation
www.solidcounsel.com Consumer Litigation Peters v. St. Joseph Services, 74 F.Supp.3d 847 (S.D. Tex. Feb. 11, 2015) Remijas v. Neiman Marcus Group, LLC, 794 F.3d 688, 693 (7th Cir. 2015) Whalen v. Michael Stores Inc., 2015 WL 9462108 (E.D.N.Y. Dec. 28, 2015) In re SuperValu, Inc., 2016 WL 81792 (D. Minn. Jan. 7, 2016) In re Anthem Data Breach Litigation, 2016 WL 589760 (N.D. Cal. Feb. 14, 2016) (J. Lucy Koh)
Regulatory & Administrative
www.solidcounsel.com Regulatory & Administrative - FTC F.T.C. v. Wyndham Worldwide Corp., 799 F.3d 236 (3rd Cir. Aug. 24, 2015).  The FTC has authority to regulate cybersecurity under the unfairness prong of § 45(a) of the Federal Trade Commission Act.  Companies have fair notice that their specific cybersecurity practices could fall short of that provision.  3 breaches / 619,000 records / $10.6 million in fraud  Rudimentary practices v. 2007 guidebook  Website Privacy Policy misrepresentations  Jurisdiction v. set standard?
www.solidcounsel.com The Basics “Some people try to find things in this game that don’t exist but football is only two things – blocking and tackling.” -Lombardi
www.solidcounsel.com The Basics Best Practices  Documented  Basic IT Security  Basic Physical Security  Security Focused P&P  Company  Workforce  Network  Website / Privacy / TOS  Business Associates  Social Engineering  Implementation  Training
www.solidcounsel.com Regulatory & Administrative – FTC In re GMR Transcription Svcs, Inc., 2014 WL 4252393 (Aug. 14, 2014). FTC’s Order requires business to follow 3 steps when contracting with third party service providers: 1. Investigate before hiring data service providers. 2. Obligate their data service providers to adhere to the appropriate level of data security protections. 3. Verify that the data service providers are complying with obligations (contracts).
www.solidcounsel.com Addendum to Business Contracts  Common names for the Addendum:  Data Security & Privacy; Data Privacy; Cybersecurity; Privacy; Information Security.  Common features  Defines subject “Data” being protected in categories.  Describes acceptable and prohibited uses for Data.  Describes standards for protecting Data.  Describes requirements for deleting Data.  Describes obligations if a breach of Data.  Allocates responsibility if a breach of Data.  Requires binding third parties to similar provisions.
www.solidcounsel.com Addendum to Business Contracts
www.solidcounsel.com Addendum to Business Contracts
www.solidcounsel.com Addendum to Business Contracts
www.solidcounsel.com Addendum to Business Contracts
www.solidcounsel.com Addendum to Business Contracts
www.solidcounsel.com Regulatory & Administrative – SEC S.E.C. v. R.T. Jones Capital Equities Management, Consent Order (Sept. 22, 2015).  “Firms must adopt written policies to protect their clients’ private information”  “they need to anticipate potential cybersecurity events and  have clear procedures in place rather than waiting to react once a breach occurs.”  violated this “safeguards rule  100,000 records (no reports of harm)  $75,000 penalty
www.solidcounsel.com Written Policies
www.solidcounsel.com Responding: Execute Response Plan This is only a checklist – not a Response Plan
How Fast? • 45 days (most states) • 30 days (some states) • 3 days (fed contracts) • 2 days (bus expectation) • Immediately (contracts)
Officer & Director Liability
www.solidcounsel.com Officer & Director Liability “[B]oards that choose to ignore, or minimize, the importance of cybersecurity oversight responsibility, do so at their own peril.” SEC Commissioner Luis A. Aguilar, June 10, 2014.  Heartland Payment Systems, TJ Maxx, Target, Home Depot, Wyndham  Derivative claims premised on the harm to the company from data breach.  Caremark Claims:  Premised on lack of oversight = breach of the duty of loyalty and good faith  Cannot insulate the officers and directors = PERSONAL LIABILITY!  Standard:  (1) “utterly failed” to implement reporting system or controls; or  (2) “consciously failed” to monitor or oversee system.
www.solidcounsel.com Officer & Director Liability Palkon v. Holmes, 2014 WL 5341880, *5-6 (D. NJ Oct. 20, 2014).  Derivative action for failing to ensure Wyndham implemented adequate security policies and procedures.  Order Dismissing: The board satisfied the business judgement rule by staying reasonably informed of the cybersecurity risks and exercising appropriate oversight in the face of the known risks.  Well-documented history of diligence showed Board  Discussed cybersecurity risks, company security policies and proposed enhancements in 14 quarterly meetings; and  Implemented some of those cybersecurity measures.
Cyber Insurance
www.solidcounsel.com Cyber Insurance – Key Questions  Even know if you have it?  What period does the policy cover?  Are Officers & Directors Covered?  Cover 3rd Party Caused Events?  Social Engineering coverage?  Cover insiders intentional acts (vs. negligent)  What is the triggering event?  What types of data are covered?  What kind of incidents are covered?  Acts of war?  Required carrier list for attorneys & experts?  Other similar risks?
Virtually all companies will be breached.Will they be liable? It’s not the breach; it’s their diligence and response that matter most. Companies have a duty to be reasonably informed of and take reasonable measures to protect against cybersecurity risks.
Cyber Risk Assessment Strategic Planning Deploy Defense Assets Develop, Implement &Train on P&P Tabletop Testing Reassess & Refine Cybersecurity Risk Management Program
“You don’t drown by falling in the water; You drown by staying there.”
Shawn Tuma Cybersecurity Partner Scheef & Stone, L.L.P. 214.472.2135 shawn.tuma@solidcounsel.com @shawnetuma blog: www.shawnetuma.com web: www.solidcounsel.com This information provided is for educational purposes only, does not constitute legal advice, and no attorney-client relationship is created by this presentation. ShawnTuma is is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud and data privacy law. He is a Cybersecurity & Data Protection Partner at Scheef & Stone, LLP, a full- service commercial law firm inTexas that represents businesses of all sizes throughout the United States and around the world.  Board of Directors, NorthTexas Cyber Forensics Lab  Board of Directors & General Counsel, Cyber Future Foundation  Texas SuperLawyers 2015-16 (IP Litigation)  Best Lawyers in Dallas 2014-16, D Magazine (Digital Information Law)  Council, Computer &Technology Section, State Bar ofTexas  Chair, Civil Litigation & Appellate Section, Collin County Bar Association  College of the State Bar ofTexas  Privacy and Data Security Committee, Litigation, Intellectual Property Law, and Business Sections of the State Bar ofTexas  Information Security Committee of the Section on Science & Technology Committee of the American Bar Association  NorthTexas Crime Commission,Cybercrime Committee  Infragard (FBI)  International Association of Privacy Professionals (IAPP)  Information Systems Security Association (ISSA)  Board of Advisors, Optiv Security  Editor, Business Cybersecurity Business Law Blog

Recommended

Cybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceCybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceShawn Tuma
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber securitySlamet Ar Rokhim
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
 
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity Logikcull.com
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...Shawn Tuma
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWPICPE
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
 
The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018CheapSSLsecurity
 

Recommended

Cybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceCybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceShawn Tuma
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber securitySlamet Ar Rokhim
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
 
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity Logikcull.com
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...Shawn Tuma
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWPICPE
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
 
The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018CheapSSLsecurity
 
Cyber Security work shop by Kapil Mehrotra
Cyber Security work shop by Kapil MehrotraCyber Security work shop by Kapil Mehrotra
Cyber Security work shop by Kapil MehrotraKapil Mehrotra
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - EnglishData Security
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security lawsNasir Bhutta
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsShawn Tuma
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachJim Brashear
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsShawn Tuma
 
Cyber Security Basics for the WFH Economy
Cyber Security Basics for the WFH EconomyCyber Security Basics for the WFH Economy
Cyber Security Basics for the WFH EconomyInternet Law Center
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.Chinatu Uzuegbu
 
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdfSania Baker
 
Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceBest Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceOracle
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentationashishjoshi
 
Understanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationUnderstanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationJacqueline Fick
 
Cyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseCyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseShawn Tuma
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...centralohioissa
 
20160317 ARMA Wyoming Social Media Security Threats
20160317 ARMA Wyoming Social Media Security Threats20160317 ARMA Wyoming Social Media Security Threats
20160317 ARMA Wyoming Social Media Security ThreatsJesse Wilkins
 
Building Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyBuilding Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyAgus Wicaksono
 
Tema 5.cybersecurity
Tema 5.cybersecurityTema 5.cybersecurity
Tema 5.cybersecurityFalconPeregrine1
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsDavid Sweigert
 
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Shawn Tuma
 
Cybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to KnowCybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to KnowShawn Tuma
 

More Related Content

What's hot

Cyber Security work shop by Kapil Mehrotra
Cyber Security work shop by Kapil MehrotraCyber Security work shop by Kapil Mehrotra
Cyber Security work shop by Kapil MehrotraKapil Mehrotra
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - EnglishData Security
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security lawsNasir Bhutta
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsShawn Tuma
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachJim Brashear
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsShawn Tuma
 
Cyber Security Basics for the WFH Economy
Cyber Security Basics for the WFH EconomyCyber Security Basics for the WFH Economy
Cyber Security Basics for the WFH EconomyInternet Law Center
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.Chinatu Uzuegbu
 
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdfSania Baker
 
Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceBest Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceOracle
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentationashishjoshi
 
Understanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationUnderstanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationJacqueline Fick
 
Cyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseCyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseShawn Tuma
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...centralohioissa
 
20160317 ARMA Wyoming Social Media Security Threats
20160317 ARMA Wyoming Social Media Security Threats20160317 ARMA Wyoming Social Media Security Threats
20160317 ARMA Wyoming Social Media Security ThreatsJesse Wilkins
 
Building Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyBuilding Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyAgus Wicaksono
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsDavid Sweigert
 

What's hot (20)

Cyber Security work shop by Kapil Mehrotra
Cyber Security work shop by Kapil MehrotraCyber Security work shop by Kapil Mehrotra
Cyber Security work shop by Kapil Mehrotra
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - English
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security laws
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data Encryption
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
 
Cyber Security Basics for the WFH Economy
Cyber Security Basics for the WFH EconomyCyber Security Basics for the WFH Economy
Cyber Security Basics for the WFH Economy
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.
 
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf
 
Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceBest Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And Compliance
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentation
 
Understanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationUnderstanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisation
 
Cyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseCyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach Response
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
 
20160317 ARMA Wyoming Social Media Security Threats
20160317 ARMA Wyoming Social Media Security Threats20160317 ARMA Wyoming Social Media Security Threats
20160317 ARMA Wyoming Social Media Security Threats
 
Building Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyBuilding Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital Economy
 
Tema 5.cybersecurity
Tema 5.cybersecurityTema 5.cybersecurity
Tema 5.cybersecurity
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standards
 

Similar to Cybersecurity: What the GC and CEO Need to Know

Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Shawn Tuma
 
Cybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to KnowCybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to KnowShawn Tuma
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Shawn Tuma
 
Cybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceCybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceShawn Tuma
 
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Shawn Tuma
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Shawn Tuma
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Shawn Tuma
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...Shawn Tuma
 
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...Shawn Tuma
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Shawn Tuma
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers
 
Government Notification of Data Breach
Government Notification of Data BreachGovernment Notification of Data Breach
Government Notification of Data BreachShawn Tuma
 
Legal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & UsersLegal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & Usersjyates
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Shawn Tuma
 
Legal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and UsersLegal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and UsersMMMTechLaw
 
Digital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative BoardDigital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative BoardShawn Tuma
 
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...Shawn Tuma
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White PaperTodd Ruback
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paperspencerharry
 

Similar to Cybersecurity: What the GC and CEO Need to Know (20)

Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
 
Cybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to KnowCybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to Know
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
 
Cybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceCybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The Convergence
 
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
 
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101
 
Government Notification of Data Breach
Government Notification of Data BreachGovernment Notification of Data Breach
Government Notification of Data Breach
 
Legal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & UsersLegal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & Users
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
 
Legal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and UsersLegal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and Users
 
Digital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative BoardDigital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative Board
 
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 

More from Shawn Tuma

Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
 
The Dark Side of Digital Engagement
The Dark Side of Digital EngagementThe Dark Side of Digital Engagement
The Dark Side of Digital EngagementShawn Tuma
 
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackIncident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackShawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Shawn Tuma
 
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachThe Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachShawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Lawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityLawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityShawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Shawn Tuma
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
 
Cyber Hygiene Checklist
Cyber Hygiene ChecklistCyber Hygiene Checklist
Cyber Hygiene ChecklistShawn Tuma
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response ChecklistShawn Tuma
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsShawn Tuma
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Shawn Tuma
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemShawn Tuma
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Shawn Tuma
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500Shawn Tuma
 
Cybersecurity Update
Cybersecurity UpdateCybersecurity Update
Cybersecurity UpdateShawn Tuma
 

More from Shawn Tuma (20)

Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
 
The Dark Side of Digital Engagement
The Dark Side of Digital EngagementThe Dark Side of Digital Engagement
The Dark Side of Digital Engagement
 
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackIncident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
 
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachThe Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Lawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityLawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for Cybersecurity
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
 
Cyber Hygiene Checklist
Cyber Hygiene ChecklistCyber Hygiene Checklist
Cyber Hygiene Checklist
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response Checklist
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and Clients
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid Them
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
 
Cybersecurity Update
Cybersecurity UpdateCybersecurity Update
Cybersecurity Update
 

Recently uploaded

COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxRRR Chambers
 
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptxKEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptxRRR Chambers
 
The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...James Watkins, III JD CFP®
 
Shubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubham Wadhonkar
 
The doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteThe doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteDeepikaK245113
 
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxAnalysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxadvabhayjha2627
 
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptxIBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptxRRR Chambers
 
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...Finlaw Associates
 
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxAudience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxMollyBrown86
 
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptxPamelaAbegailMonsant2
 
Appeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdfAppeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdfPoojaGadiya1
 
Human Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxHuman Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxfilippoluciani9
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.pptseri bangash
 
THE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labourTHE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labourBhavikaGholap1
 
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategySmarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategyJong Hyuk Choi
 
INVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptxINVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptxnyabatejosphat1
 
Doctrine of Part-Performance.ddddddddddppt
Doctrine of Part-Performance.ddddddddddpptDoctrine of Part-Performance.ddddddddddppt
Doctrine of Part-Performance.ddddddddddppt2020000445musaib
 
Presentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptx
Presentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptxPresentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptx
Presentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptxRRR Chambers
 
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptxpnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptxPSSPRO12
 

Recently uploaded (20)

COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
 
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptxKEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
 
The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...
 
Shubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptx
 
The doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteThe doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statute
 
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxAnalysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
 
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptxIBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
 
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
 
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxAudience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
 
Appeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdfAppeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdf
 
Human Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxHuman Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptx
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt
 
THE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labourTHE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labour
 
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
 
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategySmarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
 
INVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptxINVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptx
 
Doctrine of Part-Performance.ddddddddddppt
Doctrine of Part-Performance.ddddddddddpptDoctrine of Part-Performance.ddddddddddppt
Doctrine of Part-Performance.ddddddddddppt
 
Presentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptx
Presentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptxPresentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptx
Presentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptx
 
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptxpnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
 

Cybersecurity: What the GC and CEO Need to Know

  • 2. “There are only two types of companies: those that have been hacked, and those that will be.” –Robert Mueller
  • 3. “It’s not a matter of if, but a matter of when”
  • 4. 62% of Cyber Attacks  SMBs
  • 5. Odds: Security @100% / Hacker @ 1
  • 6. TargetHome DepotNeiman MarcusMichael’sSpecsTJ MaxxeBaySally BeautyPF Chang’sUPSDairy QueenJimmy John’sJP Morgan ChaseKmartStaplesSonyAshley Madison
  • 7.
  • 9. www.solidcounsel.com “Security and IT protect companies’ data; Legal protects companies from their data.” -Shawn E. Tuma
  • 10. www.solidcounsel.com Privilege / Work Product “Target has demonstrated . . . that the work of the Data Breach Task Force was focused not on remediation of the breach . . . but on informing Target’s in-house and outside counsel about the breach so that Target’s attorneys could provide the company with legal advice and prepare to defend the company in litigation that was already pending and was reasonably expected to follow.” In re Target Corp. Customer Data Breach Litigation
  • 11. www.solidcounsel.com ACC Study (Sept ‘15) What concerns keep Chief Legal Officers awake at night? #2 = Data Breaches 82% consider as somewhat, very, or extremely important
  • 12. www.solidcounsel.com Cost of a Data Breach – US 2013 Cost • $188.00 per record • $5.4 million = total average cost paid by organizations 2014 Cost • $201 per record • $5.9 million = total average cost paid by organizations 2015 Cost • $217 per record • $6.5 million = total average cost paid by organizations (Ponemon Institute Cost of Data Breach Studies)
  • 13. www.solidcounsel.com Legal Obligations  International Laws  Safe Harbor  Privacy Shield  Federal Laws & Regs  HIPAA, GLBA, FERPA  FTC, FCC, SEC  State Laws  47 states (Ala, NM, SD)  Fla (w/in 30 days)  OH & VT (45 days)  Industry Groups  PCI, FINRA, etc.  Contracts  Vendors & Suppliers  Business Partners  Data Security Addendum
  • 14. www.solidcounsel.com Ancient Cybersecurity Wisdom  Water shapes its course according to the nature of the ground over which it flows; the soldier works out his victory in relation to the foe whom he is facing.”  “In all fighting the direct method may be used for joining battle, but indirect methods will be needed to secure victory.”
  • 15. “An ounce of prevention is cheaper than the first day of litigation.”
  • 17. www.solidcounsel.com Consumer Litigation Peters v. St. Joseph Services, 74 F.Supp.3d 847 (S.D. Tex. Feb. 11, 2015) Remijas v. Neiman Marcus Group, LLC, 794 F.3d 688, 693 (7th Cir. 2015) Whalen v. Michael Stores Inc., 2015 WL 9462108 (E.D.N.Y. Dec. 28, 2015) In re SuperValu, Inc., 2016 WL 81792 (D. Minn. Jan. 7, 2016) In re Anthem Data Breach Litigation, 2016 WL 589760 (N.D. Cal. Feb. 14, 2016) (J. Lucy Koh)
  • 19. www.solidcounsel.com Regulatory & Administrative - FTC F.T.C. v. Wyndham Worldwide Corp., 799 F.3d 236 (3rd Cir. Aug. 24, 2015).  The FTC has authority to regulate cybersecurity under the unfairness prong of § 45(a) of the Federal Trade Commission Act.  Companies have fair notice that their specific cybersecurity practices could fall short of that provision.  3 breaches / 619,000 records / $10.6 million in fraud  Rudimentary practices v. 2007 guidebook  Website Privacy Policy misrepresentations  Jurisdiction v. set standard?
  • 20. www.solidcounsel.com The Basics “Some people try to find things in this game that don’t exist but football is only two things – blocking and tackling.” -Lombardi
  • 21. www.solidcounsel.com The Basics Best Practices  Documented  Basic IT Security  Basic Physical Security  Security Focused P&P  Company  Workforce  Network  Website / Privacy / TOS  Business Associates  Social Engineering  Implementation  Training
  • 22. www.solidcounsel.com Regulatory & Administrative – FTC In re GMR Transcription Svcs, Inc., 2014 WL 4252393 (Aug. 14, 2014). FTC’s Order requires business to follow 3 steps when contracting with third party service providers: 1. Investigate before hiring data service providers. 2. Obligate their data service providers to adhere to the appropriate level of data security protections. 3. Verify that the data service providers are complying with obligations (contracts).
  • 23. www.solidcounsel.com Addendum to Business Contracts  Common names for the Addendum:  Data Security & Privacy; Data Privacy; Cybersecurity; Privacy; Information Security.  Common features  Defines subject “Data” being protected in categories.  Describes acceptable and prohibited uses for Data.  Describes standards for protecting Data.  Describes requirements for deleting Data.  Describes obligations if a breach of Data.  Allocates responsibility if a breach of Data.  Requires binding third parties to similar provisions.
  • 29. www.solidcounsel.com Regulatory & Administrative – SEC S.E.C. v. R.T. Jones Capital Equities Management, Consent Order (Sept. 22, 2015).  “Firms must adopt written policies to protect their clients’ private information”  “they need to anticipate potential cybersecurity events and  have clear procedures in place rather than waiting to react once a breach occurs.”  violated this “safeguards rule  100,000 records (no reports of harm)  $75,000 penalty
  • 31. www.solidcounsel.com Responding: Execute Response Plan This is only a checklist – not a Response Plan
  • 32. How Fast? • 45 days (most states) • 30 days (some states) • 3 days (fed contracts) • 2 days (bus expectation) • Immediately (contracts)
  • 33. Officer & Director Liability
  • 34. www.solidcounsel.com Officer & Director Liability “[B]oards that choose to ignore, or minimize, the importance of cybersecurity oversight responsibility, do so at their own peril.” SEC Commissioner Luis A. Aguilar, June 10, 2014.  Heartland Payment Systems, TJ Maxx, Target, Home Depot, Wyndham  Derivative claims premised on the harm to the company from data breach.  Caremark Claims:  Premised on lack of oversight = breach of the duty of loyalty and good faith  Cannot insulate the officers and directors = PERSONAL LIABILITY!  Standard:  (1) “utterly failed” to implement reporting system or controls; or  (2) “consciously failed” to monitor or oversee system.
  • 35. www.solidcounsel.com Officer & Director Liability Palkon v. Holmes, 2014 WL 5341880, *5-6 (D. NJ Oct. 20, 2014).  Derivative action for failing to ensure Wyndham implemented adequate security policies and procedures.  Order Dismissing: The board satisfied the business judgement rule by staying reasonably informed of the cybersecurity risks and exercising appropriate oversight in the face of the known risks.  Well-documented history of diligence showed Board  Discussed cybersecurity risks, company security policies and proposed enhancements in 14 quarterly meetings; and  Implemented some of those cybersecurity measures.
  • 37. www.solidcounsel.com Cyber Insurance – Key Questions  Even know if you have it?  What period does the policy cover?  Are Officers & Directors Covered?  Cover 3rd Party Caused Events?  Social Engineering coverage?  Cover insiders intentional acts (vs. negligent)  What is the triggering event?  What types of data are covered?  What kind of incidents are covered?  Acts of war?  Required carrier list for attorneys & experts?  Other similar risks?
  • 38. Virtually all companies will be breached.Will they be liable? It’s not the breach; it’s their diligence and response that matter most. Companies have a duty to be reasonably informed of and take reasonable measures to protect against cybersecurity risks.
  • 40. “You don’t drown by falling in the water; You drown by staying there.”
  • 41. Shawn Tuma Cybersecurity Partner Scheef & Stone, L.L.P. 214.472.2135 shawn.tuma@solidcounsel.com @shawnetuma blog: www.shawnetuma.com web: www.solidcounsel.com This information provided is for educational purposes only, does not constitute legal advice, and no attorney-client relationship is created by this presentation. ShawnTuma is is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud and data privacy law. He is a Cybersecurity & Data Protection Partner at Scheef & Stone, LLP, a full- service commercial law firm inTexas that represents businesses of all sizes throughout the United States and around the world.  Board of Directors, NorthTexas Cyber Forensics Lab  Board of Directors & General Counsel, Cyber Future Foundation  Texas SuperLawyers 2015-16 (IP Litigation)  Best Lawyers in Dallas 2014-16, D Magazine (Digital Information Law)  Council, Computer &Technology Section, State Bar ofTexas  Chair, Civil Litigation & Appellate Section, Collin County Bar Association  College of the State Bar ofTexas  Privacy and Data Security Committee, Litigation, Intellectual Property Law, and Business Sections of the State Bar ofTexas  Information Security Committee of the Section on Science & Technology Committee of the American Bar Association  NorthTexas Crime Commission,Cybercrime Committee  Infragard (FBI)  International Association of Privacy Professionals (IAPP)  Information Systems Security Association (ISSA)  Board of Advisors, Optiv Security  Editor, Business Cybersecurity Business Law Blog