SlideShare a Scribd company logo

2016 Cyber Presentation

T
Todd Rowe
1 of 13
Download to read offline
© 2016 Tressler LLP Presented by: Cyber Security: Protecting Your Agency And Patrons 2016 IAPD/IPRA Soaring To New Heights January 30, 2016 Session #109 Todd M. Rowe, Tressler LLP Ken Sullivan, Tressler LLP Kevin Mahoney, Tressler LLP Mike Benard, Wheaton Park District Chandler Howell, Nexum Inc.
© 2016 Tressler LLP » Who Is Our Audience Today? » What does Cyber Mean? » Everyday Examples » High Profile Breaches » High Profile Decisions Part I: Pre-Breach Considerations 2
© 2016 Tressler LLP » The Hypothetical (Part I) Pre-Breach Considerations 3 In February 2016, the Hackersville Park District decided to add a pre-teen basketball camp to its summer program. The camp was designed for children that are between the ages of 9 and 12. In addition to helping kids with their basketball skills, the camp will partner with East Shore Health System. While the Park District would not typically request participants’ social security numbers, East Shore Health System claims it needs this information for all participants. The Park District Director asked the Park District IT guy to include a space on the registration form for social security numbers. The Director asked her administrative assistant to gather the social security numbers for the registration forms and forward the information to East Shore Health Systems. Like many of the Park District’s programs, the camp proves to be a huge success and the Park District created a second camp to serve all the interested kids. The Park District expects nearly 200 participants in the basketball camp. The administrative assistant forwarded all the participants’ information to East Shore Health Systems.
© 2016 Tressler LLP » Identifying Threats » Both federal and state law regulate cyber-crime. » The laws regulate computer fraud, hacking, cyber- squatting, cyber-stalking, reporting requirements, and the disposal of personal information. » Insurance Pre-Breach Considerations: The Lawyers 4
© 2016 Tressler LLP » Identifying Threats » Devices Provided To Employees » Vendors » Malware » Non-Traditional Sources » Property Damage—The Internet of Things Pre-Breach Considerations: The Technology Concerns 5
© 2016 Tressler LLP » FOIA Requests » Employees/Employee Information » Patron Information » Medical Information » Vendors » Website » Use of Social Media Pre-Breach Considerations: Park District Concerns 6
© 2016 Tressler LLP » Assess Data Retention Policies » Classify Data » Internal Compliance Information » Information Disposal » Employee Policies » Create Uniform Response Plan » Create Breach Response Team Pre-Breach Considerations: Response Plan 7
© 2016 Tressler LLP » Hypothetical (Part II) In April 2016, the Director of the Hackersville Park District received a phone call from their contact person at East Shore Health Systems informing them that East Shore Health Systems had a major data breach. The contact does not have much information and promises to call back. The Park District Director mentions the breach to a few people in the office and continues on with her day. Two days later, the Director left a frantic voicemail with her contact person at East Shore Health Systems asking for more information related to the breach. The East Shore Health Systems data breach is in the news and parents of the camp participants are calling for information about their children. The Director’s numerous calls over the next few days to her contact go unreturned. One week after the Director learned of the breach, the Park District receives a letter from the East Shore Health Systems indicating the camp’s participants’ information may have been included in the breach and that more information will be provided in the future. Uncertain as what her next steps should be, the Director asks the IT guy to look into the breach. Without knowing where to start, the IT guy investigates how the participants’ information was handled on the Park District’s end of things. It is at this point he notices the administrative assistant emailed the information to East Shore Health Systems and a personal email account. The IT guy tells the director that the information was also sent to an account he did not recognize. The Director asks her administrative assistant who received the other email. The assistant explained that she sent the email to her husband’s personal email account so she could work on the list at home. She said it would not be a problem because he does not read his emails anyway. In light of the fact that the Park District is involved in the East Shore Health System breach, the Director does not see the email to her administrative assistant’s husband to be a problem. Part II: The Breach 8
© 2016 Tressler LLP » What Does It Look Like? › Data › Loss or damage to assets › Business interruption › Cyber Extortion › Theft Part II: The Breach 9
© 2016 Tressler LLP » Hypothetical Part III By the end of April 2016, the Director has discussed the East Shore Health Systems breach with her contact. No longer avoiding her, the Director’s contact has assured her that East Shore Health Systems will take responsibility for the breach. Shortly thereafter, parents of the basketball campers receive a notice in the mail from East Shore Health Systems stating their information may have been included in the breach and East Shore Health Systems will pay for credit monitoring for one year. Just as the Director is feeling better with the pressure off, she gets a call from the Hackersville Policy Department that her administrative assistant’s husband has been arrested for identity theft. The Hackersville Police Department has found personal information from the Park District stored on the husband’s home computer. They have not found any evidence that the husband has used the personal information. Part III: Post Breach 10
© 2016 Tressler LLP » If a cyber-security breach occurs, implement your park district’s incident response plan. » Your district’s first priority should be securing the data as soon as possible so the minimum amount of data is compromised. » As soon as the data is secure, notify law enforcement of the breach. Part III: Post Breach 11
© 2016 Tressler LLP » Notification Requirements » Other considerations › PR › Patrons Part III: Post Breach 12
© 2016 Tressler LLP » Insurance Issues » Breaches continue through the “Internet of Things” » Information that must be protected will evolve “Think of a massive cyberattack as an intelligent hurricane…If it hits a house that doesn’t fall down it learns why the house didn’t fall and it changes.” Observations for 2016 13

Recommended

Organization Calls on Prosecutors to Take Workplace Cases More Seriously
Organization Calls on Prosecutors to Take Workplace Cases More SeriouslyOrganization Calls on Prosecutors to Take Workplace Cases More Seriously
Organization Calls on Prosecutors to Take Workplace Cases More SeriouslyZachary_Guest
 
Why Credibility Matters in Your Social Security Disability Claim
Why Credibility Matters in Your Social Security Disability ClaimWhy Credibility Matters in Your Social Security Disability Claim
Why Credibility Matters in Your Social Security Disability ClaimParmele Law Firm
 
Road deaths by the numbers
Road deaths by the numbersRoad deaths by the numbers
Road deaths by the numbersCatherine McCullough
 
June 2016 Newsletter
June 2016 NewsletterJune 2016 Newsletter
June 2016 NewsletterSierra Smith
 
Seven Hiring Mistakes that Could Cost You Thousands
Seven Hiring Mistakes that Could Cost You ThousandsSeven Hiring Mistakes that Could Cost You Thousands
Seven Hiring Mistakes that Could Cost You ThousandsPatrick Barnett
 
The Congressional Tea Leaves
The Congressional Tea LeavesThe Congressional Tea Leaves
The Congressional Tea LeavesParmele Law Firm
 
Clio's The Whole Lawyer series - Confidentiality
Clio's The Whole Lawyer series - ConfidentialityClio's The Whole Lawyer series - Confidentiality
Clio's The Whole Lawyer series - ConfidentialityClio - Cloud-Based Legal Technology
 
Why choose ESS?
Why choose ESS?Why choose ESS?
Why choose ESS?EmploymentScreeningServices
 

Recommended

Organization Calls on Prosecutors to Take Workplace Cases More Seriously
Organization Calls on Prosecutors to Take Workplace Cases More SeriouslyOrganization Calls on Prosecutors to Take Workplace Cases More Seriously
Organization Calls on Prosecutors to Take Workplace Cases More SeriouslyZachary_Guest
 
Why Credibility Matters in Your Social Security Disability Claim
Why Credibility Matters in Your Social Security Disability ClaimWhy Credibility Matters in Your Social Security Disability Claim
Why Credibility Matters in Your Social Security Disability ClaimParmele Law Firm
 
Road deaths by the numbers
Road deaths by the numbersRoad deaths by the numbers
Road deaths by the numbersCatherine McCullough
 
June 2016 Newsletter
June 2016 NewsletterJune 2016 Newsletter
June 2016 NewsletterSierra Smith
 
Seven Hiring Mistakes that Could Cost You Thousands
Seven Hiring Mistakes that Could Cost You ThousandsSeven Hiring Mistakes that Could Cost You Thousands
Seven Hiring Mistakes that Could Cost You ThousandsPatrick Barnett
 
The Congressional Tea Leaves
The Congressional Tea LeavesThe Congressional Tea Leaves
The Congressional Tea LeavesParmele Law Firm
 
Clio's The Whole Lawyer series - Confidentiality
Clio's The Whole Lawyer series - ConfidentialityClio's The Whole Lawyer series - Confidentiality
Clio's The Whole Lawyer series - ConfidentialityClio - Cloud-Based Legal Technology
 
Why choose ESS?
Why choose ESS?Why choose ESS?
Why choose ESS?EmploymentScreeningServices
 
Cy bsec do_d2015
Cy bsec do_d2015Cy bsec do_d2015
Cy bsec do_d2015Joint Base Myer-Henderson Hall
 
Honoring Commitments in Lawyer-Client Relationships
Honoring Commitments in Lawyer-Client RelationshipsHonoring Commitments in Lawyer-Client Relationships
Honoring Commitments in Lawyer-Client RelationshipsClio - Cloud-Based Legal Technology
 
Internet Misuse inside the Company
Internet Misuse inside the CompanyInternet Misuse inside the Company
Internet Misuse inside the CompanyRoberto de Paula Lico Junior
 
Employee Misuse of Internet and Blogosphere
Employee Misuse of Internet and BlogosphereEmployee Misuse of Internet and Blogosphere
Employee Misuse of Internet and BlogosphereKelly Savage
 
Wisconsin employment attorney search engine rankings on hundreds of variation...
Wisconsin employment attorney search engine rankings on hundreds of variation...Wisconsin employment attorney search engine rankings on hundreds of variation...
Wisconsin employment attorney search engine rankings on hundreds of variation...Brian Bateman
 
Wisconsin phrases-rankings
Wisconsin phrases-rankingsWisconsin phrases-rankings
Wisconsin phrases-rankingsBrian Bateman
 
What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...
What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...
What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...Epstein Becker Green
 
SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013- Mark - Fullbright
 
News berthaume-sentencing-jan2017
News berthaume-sentencing-jan2017News berthaume-sentencing-jan2017
News berthaume-sentencing-jan2017Andrey Apuhtin
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowThe Capital Network
 
"Trends in Pre-employment Screening in 2017"
"Trends in Pre-employment Screening in 2017" "Trends in Pre-employment Screening in 2017"
"Trends in Pre-employment Screening in 2017" Legal Locator Service
 
Wisconsin phrases-rankings-3
Wisconsin phrases-rankings-3Wisconsin phrases-rankings-3
Wisconsin phrases-rankings-3Brian Bateman
 
Wisconsin phrases-rankings-2
Wisconsin phrases-rankings-2Wisconsin phrases-rankings-2
Wisconsin phrases-rankings-2Brian Bateman
 
Oregon blue book DAS Leadership 2015 - Julie Bozzi Oregon
Oregon blue book DAS Leadership 2015 - Julie Bozzi OregonOregon blue book DAS Leadership 2015 - Julie Bozzi Oregon
Oregon blue book DAS Leadership 2015 - Julie Bozzi OregonJulie Bozzi, PfPM, PMP
 
FINAL Employers Guide to Best Practices 2013 (1)
FINAL Employers Guide to Best Practices 2013 (1)FINAL Employers Guide to Best Practices 2013 (1)
FINAL Employers Guide to Best Practices 2013 (1)Julie Sweeney
 
Empowering Women: Top 10 things BEFORE
Empowering Women: Top 10 things BEFOREEmpowering Women: Top 10 things BEFORE
Empowering Women: Top 10 things BEFOREBobby Cherry
 
Twitter and your career
Twitter and your careerTwitter and your career
Twitter and your careerYasir Hameed
 
Texas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New ChangesTexas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New ChangesJim Brashear
 
No more privilege against self-incrimination under the Environmental Protecti...
No more privilege against self-incrimination under the Environmental Protecti...No more privilege against self-incrimination under the Environmental Protecti...
No more privilege against self-incrimination under the Environmental Protecti...Developing InSight
 
Healthcare Businesses Leading the Way to More Jobs!
Healthcare Businesses Leading the Way to More Jobs!Healthcare Businesses Leading the Way to More Jobs!
Healthcare Businesses Leading the Way to More Jobs!flashnewsrelease
 
NESDO
NESDONESDO
NESDOGATEOPEN LIMITED
 
Influenceofdesign2011praguecollege 130112111532-phpapp02
Influenceofdesign2011praguecollege 130112111532-phpapp02Influenceofdesign2011praguecollege 130112111532-phpapp02
Influenceofdesign2011praguecollege 130112111532-phpapp02Xiang Ba
 

More Related Content

What's hot

Employee Misuse of Internet and Blogosphere
Employee Misuse of Internet and BlogosphereEmployee Misuse of Internet and Blogosphere
Employee Misuse of Internet and BlogosphereKelly Savage
 
Wisconsin employment attorney search engine rankings on hundreds of variation...
Wisconsin employment attorney search engine rankings on hundreds of variation...Wisconsin employment attorney search engine rankings on hundreds of variation...
Wisconsin employment attorney search engine rankings on hundreds of variation...Brian Bateman
 
Wisconsin phrases-rankings
Wisconsin phrases-rankingsWisconsin phrases-rankings
Wisconsin phrases-rankingsBrian Bateman
 
What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...
What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...
What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...Epstein Becker Green
 
SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013- Mark - Fullbright
 
News berthaume-sentencing-jan2017
News berthaume-sentencing-jan2017News berthaume-sentencing-jan2017
News berthaume-sentencing-jan2017Andrey Apuhtin
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowThe Capital Network
 
"Trends in Pre-employment Screening in 2017"
"Trends in Pre-employment Screening in 2017" "Trends in Pre-employment Screening in 2017"
"Trends in Pre-employment Screening in 2017" Legal Locator Service
 
Wisconsin phrases-rankings-3
Wisconsin phrases-rankings-3Wisconsin phrases-rankings-3
Wisconsin phrases-rankings-3Brian Bateman
 
Wisconsin phrases-rankings-2
Wisconsin phrases-rankings-2Wisconsin phrases-rankings-2
Wisconsin phrases-rankings-2Brian Bateman
 
Oregon blue book DAS Leadership 2015 - Julie Bozzi Oregon
Oregon blue book DAS Leadership 2015 - Julie Bozzi OregonOregon blue book DAS Leadership 2015 - Julie Bozzi Oregon
Oregon blue book DAS Leadership 2015 - Julie Bozzi OregonJulie Bozzi, PfPM, PMP
 
FINAL Employers Guide to Best Practices 2013 (1)
FINAL Employers Guide to Best Practices 2013 (1)FINAL Employers Guide to Best Practices 2013 (1)
FINAL Employers Guide to Best Practices 2013 (1)Julie Sweeney
 
Empowering Women: Top 10 things BEFORE
Empowering Women: Top 10 things BEFOREEmpowering Women: Top 10 things BEFORE
Empowering Women: Top 10 things BEFOREBobby Cherry
 
Twitter and your career
Twitter and your careerTwitter and your career
Twitter and your careerYasir Hameed
 
Texas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New ChangesTexas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New ChangesJim Brashear
 
No more privilege against self-incrimination under the Environmental Protecti...
No more privilege against self-incrimination under the Environmental Protecti...No more privilege against self-incrimination under the Environmental Protecti...
No more privilege against self-incrimination under the Environmental Protecti...Developing InSight
 
Healthcare Businesses Leading the Way to More Jobs!
Healthcare Businesses Leading the Way to More Jobs!Healthcare Businesses Leading the Way to More Jobs!
Healthcare Businesses Leading the Way to More Jobs!flashnewsrelease
 

What's hot (20)

Cy bsec do_d2015
Cy bsec do_d2015Cy bsec do_d2015
Cy bsec do_d2015
 
Honoring Commitments in Lawyer-Client Relationships
Honoring Commitments in Lawyer-Client RelationshipsHonoring Commitments in Lawyer-Client Relationships
Honoring Commitments in Lawyer-Client Relationships
 
Internet Misuse inside the Company
Internet Misuse inside the CompanyInternet Misuse inside the Company
Internet Misuse inside the Company
 
Employee Misuse of Internet and Blogosphere
Employee Misuse of Internet and BlogosphereEmployee Misuse of Internet and Blogosphere
Employee Misuse of Internet and Blogosphere
 
Wisconsin employment attorney search engine rankings on hundreds of variation...
Wisconsin employment attorney search engine rankings on hundreds of variation...Wisconsin employment attorney search engine rankings on hundreds of variation...
Wisconsin employment attorney search engine rankings on hundreds of variation...
 
Wisconsin phrases-rankings
Wisconsin phrases-rankingsWisconsin phrases-rankings
Wisconsin phrases-rankings
 
What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...
What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...
What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...
 
SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013
 
News berthaume-sentencing-jan2017
News berthaume-sentencing-jan2017News berthaume-sentencing-jan2017
News berthaume-sentencing-jan2017
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to Know
 
"Trends in Pre-employment Screening in 2017"
"Trends in Pre-employment Screening in 2017" "Trends in Pre-employment Screening in 2017"
"Trends in Pre-employment Screening in 2017"
 
Wisconsin phrases-rankings-3
Wisconsin phrases-rankings-3Wisconsin phrases-rankings-3
Wisconsin phrases-rankings-3
 
Wisconsin phrases-rankings-2
Wisconsin phrases-rankings-2Wisconsin phrases-rankings-2
Wisconsin phrases-rankings-2
 
Oregon blue book DAS Leadership 2015 - Julie Bozzi Oregon
Oregon blue book DAS Leadership 2015 - Julie Bozzi OregonOregon blue book DAS Leadership 2015 - Julie Bozzi Oregon
Oregon blue book DAS Leadership 2015 - Julie Bozzi Oregon
 
FINAL Employers Guide to Best Practices 2013 (1)
FINAL Employers Guide to Best Practices 2013 (1)FINAL Employers Guide to Best Practices 2013 (1)
FINAL Employers Guide to Best Practices 2013 (1)
 
Empowering Women: Top 10 things BEFORE
Empowering Women: Top 10 things BEFOREEmpowering Women: Top 10 things BEFORE
Empowering Women: Top 10 things BEFORE
 
Twitter and your career
Twitter and your careerTwitter and your career
Twitter and your career
 
Texas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New ChangesTexas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New Changes
 
No more privilege against self-incrimination under the Environmental Protecti...
No more privilege against self-incrimination under the Environmental Protecti...No more privilege against self-incrimination under the Environmental Protecti...
No more privilege against self-incrimination under the Environmental Protecti...
 
Healthcare Businesses Leading the Way to More Jobs!
Healthcare Businesses Leading the Way to More Jobs!Healthcare Businesses Leading the Way to More Jobs!
Healthcare Businesses Leading the Way to More Jobs!
 

Viewers also liked

Influenceofdesign2011praguecollege 130112111532-phpapp02
Influenceofdesign2011praguecollege 130112111532-phpapp02Influenceofdesign2011praguecollege 130112111532-phpapp02
Influenceofdesign2011praguecollege 130112111532-phpapp02Xiang Ba
 
4º básico a semana 04 de julio al 08 de julio
4º básico a semana 04 de julio al 08 de julio4º básico a semana 04 de julio al 08 de julio
4º básico a semana 04 de julio al 08 de julioColegio Camilo Henríquez
 
مشروع قانون الصحافة والنشر
مشروع قانون الصحافة والنشرمشروع قانون الصحافة والنشر
مشروع قانون الصحافة والنشرMustapha Khalfi
 
L'enquête nationale annuelle sur les Technologies de l’Information et de la C...
L'enquête nationale annuelle sur les Technologies de l’Information et de la C...L'enquête nationale annuelle sur les Technologies de l’Information et de la C...
L'enquête nationale annuelle sur les Technologies de l’Information et de la C...Mustapha Khalfi
 
Cinéma | Khalfi : Les quatre dernières années on été exceptionnelles
Cinéma | Khalfi : Les quatre dernières années on été exceptionnelles Cinéma | Khalfi : Les quatre dernières années on été exceptionnelles
Cinéma | Khalfi : Les quatre dernières années on été exceptionnelles Mustapha Khalfi
 
Panama papers osservazioni
Panama papers osservazioniPanama papers osservazioni
Panama papers osservazioniPaolo Soro
 
4º básico a semana 04 de julio al 08 de julio
4º básico a semana 04 de julio al 08 de julio4º básico a semana 04 de julio al 08 de julio
4º básico a semana 04 de julio al 08 de julioColegio Camilo Henríquez
 
1° básico b semana 28 de junio al 01 de julio
1° básico b semana 28 de junio al 01 de julio1° básico b semana 28 de junio al 01 de julio
1° básico b semana 28 de junio al 01 de julioColegio Camilo Henríquez
 
The danger of for profit colleges ii
The danger of for profit colleges iiThe danger of for profit colleges ii
The danger of for profit colleges iiDahn Shaulis
 
Blue Sky Card Solutions Presentation
Blue Sky Card Solutions PresentationBlue Sky Card Solutions Presentation
Blue Sky Card Solutions PresentationAmitdapatel
 
Programa de MIES creciendo con nuestros hijos por Alexandra Tamami
Programa de MIES creciendo con nuestros hijos por Alexandra TamamiPrograma de MIES creciendo con nuestros hijos por Alexandra Tamami
Programa de MIES creciendo con nuestros hijos por Alexandra Tamamialexandra_tamami
 
Composite_Material_on_Aircraft_atructure
Composite_Material_on_Aircraft_atructureComposite_Material_on_Aircraft_atructure
Composite_Material_on_Aircraft_atructureAbeeb Fajobi
 

Viewers also liked (20)

NESDO
NESDONESDO
NESDO
 
Influenceofdesign2011praguecollege 130112111532-phpapp02
Influenceofdesign2011praguecollege 130112111532-phpapp02Influenceofdesign2011praguecollege 130112111532-phpapp02
Influenceofdesign2011praguecollege 130112111532-phpapp02
 
Kazik anhalt
Kazik anhaltKazik anhalt
Kazik anhalt
 
4º básico a semana 04 de julio al 08 de julio
4º básico a semana 04 de julio al 08 de julio4º básico a semana 04 de julio al 08 de julio
4º básico a semana 04 de julio al 08 de julio
 
5° básico a semana 04 al 06 julio
5° básico a semana 04 al 06 julio5° básico a semana 04 al 06 julio
5° básico a semana 04 al 06 julio
 
مشروع قانون الصحافة والنشر
مشروع قانون الصحافة والنشرمشروع قانون الصحافة والنشر
مشروع قانون الصحافة والنشر
 
2º básico a semana del 26 al 30
2º básico a semana del 26 al 302º básico a semana del 26 al 30
2º básico a semana del 26 al 30
 
5° básico b semana 26 al 30 septimbre
5° básico b semana 26 al 30 septimbre5° básico b semana 26 al 30 septimbre
5° básico b semana 26 al 30 septimbre
 
L'enquête nationale annuelle sur les Technologies de l’Information et de la C...
L'enquête nationale annuelle sur les Technologies de l’Information et de la C...L'enquête nationale annuelle sur les Technologies de l’Information et de la C...
L'enquête nationale annuelle sur les Technologies de l’Information et de la C...
 
3º básico b semana 12 al 16 de septiembre
3º básico b semana 12 al 16 de septiembre3º básico b semana 12 al 16 de septiembre
3º básico b semana 12 al 16 de septiembre
 
project-euler
project-eulerproject-euler
project-euler
 
Cinéma | Khalfi : Les quatre dernières années on été exceptionnelles
Cinéma | Khalfi : Les quatre dernières années on été exceptionnelles Cinéma | Khalfi : Les quatre dernières années on été exceptionnelles
Cinéma | Khalfi : Les quatre dernières années on été exceptionnelles
 
Events week commencing 29 February 2016
Events week commencing 29 February 2016Events week commencing 29 February 2016
Events week commencing 29 February 2016
 
Panama papers osservazioni
Panama papers osservazioniPanama papers osservazioni
Panama papers osservazioni
 
4º básico a semana 04 de julio al 08 de julio
4º básico a semana 04 de julio al 08 de julio4º básico a semana 04 de julio al 08 de julio
4º básico a semana 04 de julio al 08 de julio
 
1° básico b semana 28 de junio al 01 de julio
1° básico b semana 28 de junio al 01 de julio1° básico b semana 28 de junio al 01 de julio
1° básico b semana 28 de junio al 01 de julio
 
The danger of for profit colleges ii
The danger of for profit colleges iiThe danger of for profit colleges ii
The danger of for profit colleges ii
 
Blue Sky Card Solutions Presentation
Blue Sky Card Solutions PresentationBlue Sky Card Solutions Presentation
Blue Sky Card Solutions Presentation
 
Programa de MIES creciendo con nuestros hijos por Alexandra Tamami
Programa de MIES creciendo con nuestros hijos por Alexandra TamamiPrograma de MIES creciendo con nuestros hijos por Alexandra Tamami
Programa de MIES creciendo con nuestros hijos por Alexandra Tamami
 
Composite_Material_on_Aircraft_atructure
Composite_Material_on_Aircraft_atructureComposite_Material_on_Aircraft_atructure
Composite_Material_on_Aircraft_atructure
 

Similar to 2016 Cyber Presentation

This assignment covers chapter 8 and is due by 1000 p.m on Monday.docx
This assignment covers chapter 8 and is due by 1000 p.m on Monday.docxThis assignment covers chapter 8 and is due by 1000 p.m on Monday.docx
This assignment covers chapter 8 and is due by 1000 p.m on Monday.docxchristalgrieg
 
Background Screening Webinar 1.0
Background Screening Webinar 1.0Background Screening Webinar 1.0
Background Screening Webinar 1.0Jmschwietz1
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...Shawn Tuma
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityJisc Scotland
 
Social Media in the Workplace and Beyond
Social Media in the Workplace and BeyondSocial Media in the Workplace and Beyond
Social Media in the Workplace and BeyondAlexNemiroff
 
Cyber liability insurance and risk management program
Cyber liability insurance and risk management programCyber liability insurance and risk management program
Cyber liability insurance and risk management programRebecca Carter
 
Sample Introduction For College Class Samples - S
Sample Introduction For College Class Samples - SSample Introduction For College Class Samples - S
Sample Introduction For College Class Samples - SDebra Perea
 
Sharon's AG_QuiTam_MS256B_2harvest
Sharon's AG_QuiTam_MS256B_2harvestSharon's AG_QuiTam_MS256B_2harvest
Sharon's AG_QuiTam_MS256B_2harvestguestfbc06f
 
Top Law Firm Cyber Attacks Throughout History
Top Law Firm Cyber Attacks Throughout HistoryTop Law Firm Cyber Attacks Throughout History
Top Law Firm Cyber Attacks Throughout HistoryProtected Harbor
 
Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...
Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...
Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...Brian Dickerson
 
Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...
Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...
Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...Nicole Waid
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Shawn Tuma
 
Impacted dhcs sec breach faqs 120412
Impacted dhcs sec breach faqs 120412Impacted dhcs sec breach faqs 120412
Impacted dhcs sec breach faqs 120412CUHW Local 4034
 
InstructionsDisciplinary Assignment Part 1 Instructions.docx
InstructionsDisciplinary Assignment Part 1 Instructions.docxInstructionsDisciplinary Assignment Part 1 Instructions.docx
InstructionsDisciplinary Assignment Part 1 Instructions.docxaltheaboyer
 
March 10 Cyber Presentation
March 10 Cyber PresentationMarch 10 Cyber Presentation
March 10 Cyber PresentationTodd Rowe
 
Internet partner services
Internet partner servicesInternet partner services
Internet partner servicestamikamartin
 

Similar to 2016 Cyber Presentation (20)

This assignment covers chapter 8 and is due by 1000 p.m on Monday.docx
This assignment covers chapter 8 and is due by 1000 p.m on Monday.docxThis assignment covers chapter 8 and is due by 1000 p.m on Monday.docx
This assignment covers chapter 8 and is due by 1000 p.m on Monday.docx
 
Background Screening Webinar 1.0
Background Screening Webinar 1.0Background Screening Webinar 1.0
Background Screening Webinar 1.0
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
 
Compliance
ComplianceCompliance
Compliance
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information Security
 
Social Media in the Workplace and Beyond
Social Media in the Workplace and BeyondSocial Media in the Workplace and Beyond
Social Media in the Workplace and Beyond
 
Cyber liability insurance and risk management program
Cyber liability insurance and risk management programCyber liability insurance and risk management program
Cyber liability insurance and risk management program
 
Sample Introduction For College Class Samples - S
Sample Introduction For College Class Samples - SSample Introduction For College Class Samples - S
Sample Introduction For College Class Samples - S
 
Sharon's AG_QuiTam_MS256B_2harvest
Sharon's AG_QuiTam_MS256B_2harvestSharon's AG_QuiTam_MS256B_2harvest
Sharon's AG_QuiTam_MS256B_2harvest
 
Top Law Firm Cyber Attacks Throughout History
Top Law Firm Cyber Attacks Throughout HistoryTop Law Firm Cyber Attacks Throughout History
Top Law Firm Cyber Attacks Throughout History
 
October Monthly Brief
October Monthly BriefOctober Monthly Brief
October Monthly Brief
 
Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...
Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...
Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...
 
Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...
Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...
Failure to Execute a HIPAA Business Associate Agreement Results in $1.55 Mill...
 
IDT Red Flags White Paper By Wrf
IDT Red Flags White Paper By WrfIDT Red Flags White Paper By Wrf
IDT Red Flags White Paper By Wrf
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
 
Impacted dhcs sec breach faqs 120412
Impacted dhcs sec breach faqs 120412Impacted dhcs sec breach faqs 120412
Impacted dhcs sec breach faqs 120412
 
InstructionsDisciplinary Assignment Part 1 Instructions.docx
InstructionsDisciplinary Assignment Part 1 Instructions.docxInstructionsDisciplinary Assignment Part 1 Instructions.docx
InstructionsDisciplinary Assignment Part 1 Instructions.docx
 
March 10 Cyber Presentation
March 10 Cyber PresentationMarch 10 Cyber Presentation
March 10 Cyber Presentation
 
Internet partner services
Internet partner servicesInternet partner services
Internet partner services
 
Identity Theft Red Flags Rule for Business
Identity Theft Red Flags Rule for BusinessIdentity Theft Red Flags Rule for Business
Identity Theft Red Flags Rule for Business
 

2016 Cyber Presentation

  • 1. © 2016 Tressler LLP Presented by: Cyber Security: Protecting Your Agency And Patrons 2016 IAPD/IPRA Soaring To New Heights January 30, 2016 Session #109 Todd M. Rowe, Tressler LLP Ken Sullivan, Tressler LLP Kevin Mahoney, Tressler LLP Mike Benard, Wheaton Park District Chandler Howell, Nexum Inc.
  • 2. © 2016 Tressler LLP » Who Is Our Audience Today? » What does Cyber Mean? » Everyday Examples » High Profile Breaches » High Profile Decisions Part I: Pre-Breach Considerations 2
  • 3. © 2016 Tressler LLP » The Hypothetical (Part I) Pre-Breach Considerations 3 In February 2016, the Hackersville Park District decided to add a pre-teen basketball camp to its summer program. The camp was designed for children that are between the ages of 9 and 12. In addition to helping kids with their basketball skills, the camp will partner with East Shore Health System. While the Park District would not typically request participants’ social security numbers, East Shore Health System claims it needs this information for all participants. The Park District Director asked the Park District IT guy to include a space on the registration form for social security numbers. The Director asked her administrative assistant to gather the social security numbers for the registration forms and forward the information to East Shore Health Systems. Like many of the Park District’s programs, the camp proves to be a huge success and the Park District created a second camp to serve all the interested kids. The Park District expects nearly 200 participants in the basketball camp. The administrative assistant forwarded all the participants’ information to East Shore Health Systems.
  • 4. © 2016 Tressler LLP » Identifying Threats » Both federal and state law regulate cyber-crime. » The laws regulate computer fraud, hacking, cyber- squatting, cyber-stalking, reporting requirements, and the disposal of personal information. » Insurance Pre-Breach Considerations: The Lawyers 4
  • 5. © 2016 Tressler LLP » Identifying Threats » Devices Provided To Employees » Vendors » Malware » Non-Traditional Sources » Property Damage—The Internet of Things Pre-Breach Considerations: The Technology Concerns 5
  • 6. © 2016 Tressler LLP » FOIA Requests » Employees/Employee Information » Patron Information » Medical Information » Vendors » Website » Use of Social Media Pre-Breach Considerations: Park District Concerns 6
  • 7. © 2016 Tressler LLP » Assess Data Retention Policies » Classify Data » Internal Compliance Information » Information Disposal » Employee Policies » Create Uniform Response Plan » Create Breach Response Team Pre-Breach Considerations: Response Plan 7
  • 8. © 2016 Tressler LLP » Hypothetical (Part II) In April 2016, the Director of the Hackersville Park District received a phone call from their contact person at East Shore Health Systems informing them that East Shore Health Systems had a major data breach. The contact does not have much information and promises to call back. The Park District Director mentions the breach to a few people in the office and continues on with her day. Two days later, the Director left a frantic voicemail with her contact person at East Shore Health Systems asking for more information related to the breach. The East Shore Health Systems data breach is in the news and parents of the camp participants are calling for information about their children. The Director’s numerous calls over the next few days to her contact go unreturned. One week after the Director learned of the breach, the Park District receives a letter from the East Shore Health Systems indicating the camp’s participants’ information may have been included in the breach and that more information will be provided in the future. Uncertain as what her next steps should be, the Director asks the IT guy to look into the breach. Without knowing where to start, the IT guy investigates how the participants’ information was handled on the Park District’s end of things. It is at this point he notices the administrative assistant emailed the information to East Shore Health Systems and a personal email account. The IT guy tells the director that the information was also sent to an account he did not recognize. The Director asks her administrative assistant who received the other email. The assistant explained that she sent the email to her husband’s personal email account so she could work on the list at home. She said it would not be a problem because he does not read his emails anyway. In light of the fact that the Park District is involved in the East Shore Health System breach, the Director does not see the email to her administrative assistant’s husband to be a problem. Part II: The Breach 8
  • 9. © 2016 Tressler LLP » What Does It Look Like? › Data › Loss or damage to assets › Business interruption › Cyber Extortion › Theft Part II: The Breach 9
  • 10. © 2016 Tressler LLP » Hypothetical Part III By the end of April 2016, the Director has discussed the East Shore Health Systems breach with her contact. No longer avoiding her, the Director’s contact has assured her that East Shore Health Systems will take responsibility for the breach. Shortly thereafter, parents of the basketball campers receive a notice in the mail from East Shore Health Systems stating their information may have been included in the breach and East Shore Health Systems will pay for credit monitoring for one year. Just as the Director is feeling better with the pressure off, she gets a call from the Hackersville Policy Department that her administrative assistant’s husband has been arrested for identity theft. The Hackersville Police Department has found personal information from the Park District stored on the husband’s home computer. They have not found any evidence that the husband has used the personal information. Part III: Post Breach 10
  • 11. © 2016 Tressler LLP » If a cyber-security breach occurs, implement your park district’s incident response plan. » Your district’s first priority should be securing the data as soon as possible so the minimum amount of data is compromised. » As soon as the data is secure, notify law enforcement of the breach. Part III: Post Breach 11
  • 12. © 2016 Tressler LLP » Notification Requirements » Other considerations › PR › Patrons Part III: Post Breach 12
  • 13. © 2016 Tressler LLP » Insurance Issues » Breaches continue through the “Internet of Things” » Information that must be protected will evolve “Think of a massive cyberattack as an intelligent hurricane…If it hits a house that doesn’t fall down it learns why the house didn’t fall and it changes.” Observations for 2016 13