SlideShare a Scribd company logo

Avoiding the Cyber Clutter: A Practical Guide to Cybersecurity

Download as PPTX, PDF
Uri Gutfreund, Law Firm Insurance Guru
Uri Gutfreund, Law Firm Insurance Guru

Legal administrators are deluged with cyber chatter. Partners are involved, clients are demanding. As part of the leadership of your firm, you must proactively become educated and help your firm protect itself from this new and evolving exposure.

Law
1 of 30
Avoiding the Cyber Clutter: A Practical Guide to Cybersecurity Uri Gutfreund, Risk Strategies Company Tanya Duprey, Tarter Krinsky & Drogin Mark Sangster, eSentire Wednesday, June 28, 2017
Today’s Discussion • What You REALLY Need To Worry About • Changing Threats • Risk Mitigation • Risk Transfer
Law Firms? Announced Breach
Good Morning
Good Luck!
JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC 10K 30K 20K 40K 60K 50K 70K 80K FINANCE LAW FIRMS TECHNOLOGY LAW FIRMS FACE THE FASTEST THREAT GROWTH 380% ATTACK INCREASE 100% MALWARE INCREASE $200K AVG BREACH COST
Who is the Weakest Link?
New Client - Congratulations! Oh oh… • Questionnaire • Audits • “shall indemnify, defend and hold harmless XXXX from and against any and all Damages arising..”
ATTORNEY State Breach Notification Laws FIRM State Bar Professional Ethics Code STATE ABA Professional Conduct Code INDUSTRYLEGAL Industry Obligations and Penalties CLIENT REGULATORY DUALITY
AOP Most At Risk • Personal Injury • Banking • Med Mal / Healthcare • Class Action • Real Estate • Trusts & Estates • Corporate M&A
INDUSTRY RANSOMWARE CAMPAIGN DECEMBER 2016 Email subject line: “The Office of The State Attorney Complaint” which alluded to vague legal action against the firm PDF ATTACHMENT Claimed to contain details of the legal action Actually contained Ransomware THIS WAS EASILY DETECTABLE • Legal action cannot be served by email! • Sent from Outlook.com domain not GOV EASILY PREVENTABLE • Security Awareness Training • Email filtering • Attachment blocking • eSentire MDR
Unauthorized Release of Private Information IMPACT • Reputation • Down Time • Cost of Repairs • Breach Costs • Regulators / Fines • Theft of Funds
RANSOMWARE IS A BILLION DOLLAR INDUSTRY 40% spam email contains ransomware 60% infections stem from spam emails 40seconds a company falls victim 150K in ransom payments $ 70% of companies pay the ransom 10K lost billable hours per attorney $
COMBATING RANSOMWARE 02 EXECUTIVE Client Notification Disruption Plan 03 INFO SEC Backups & Testing 04 INFO SEC Application Whitelisting 01 DIRECTORS Payment Policy 05 INFO SEC Application Controls 06 INFO SEC Ad Blocking 07 EMPLOYEES Training & Alerting
OBLIGATIONS Do you know what legislation governs the data you have? INVENTORY Do you know what data you have? RISKS Do you know what cyber threats are targeting your firm? AWARENESS Do your employees know how to avoid cyber risks? PROTECTION How are you defending your firm from cyber threats? CYBERSECURITY MUST-HAVES REPORTING Can you demonstrate your cybersecurity claims?
A “Cyber” Policy
Your Coverage Blueprint
Privacy Insurance Security & Privacy Liability Media Content Liability Network Interruption Cyber Extortion &/or Cyber Terrorism Data Restoration Event Management Expenses Third Party Coverages (Negligence) Retention Each Claim $5,000 - $1M First Party Coverages (Costs)
Event Management Expenses • Data Breach Coach Expenses • Forensic Investigation • Crisis Management Expenses • Privacy Breach Notification • Credit Monitoring
Policy Purchase Checklist • AM Best Credit Rating • Policy Limit • Data Security & Privacy • Media Liability • Network Interruption, Forensics & Data • Restoration • Event Management Expenses • Regulatory Defense & Penalties • Cyber Extortion • Social Engineering • Fraud
You Are in Trouble if Your Cyber Policy… •Has sub-limits •Third Party Only •Too small limits •Doesn’t cover employees •Doesn’t cover fines •Exclusions •Costs too much •No prior acts
Trends in Underwriting 2017 • Less not more • Quicker Not Slower • Cheaper Not Expensive
CYBERSECURITY WORKBOOKS (based on ABA Cybersecurity Handbook) C y b e r s e c u r i t y L e g a l T a s k F o r c e T H E A B A CYBERSECURIT Y H A N D B O O K A R E S O U R C E F O R A T T O R N E Y S , L A W F I R M S , A N D B U S I N E S S P R O F E S S I O N A L S
Cyber Breach Service Plan
• Cyber Strategy • Do Training • Make breach plan • Stand Alone Cyber Liability Insurance • Consider if you want to arrange resources in advance
Positive Signs for the Future • Major marketing opportunity for your firm to be known as a cutting edge safe firm and extra services • Most of the risk can be handled by an insurance policy
Any Questions? Uri.Gutfreund@risk-strategies.com TDuprey@tarterkrinsky.com Mark.Sangster@esentire.com

Recommended

ISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security cultureISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security culture
Craig McGill
 
They're Coming! Combining Teams and Cultures in a Corporate Merger
They're Coming! Combining Teams and Cultures in a Corporate MergerThey're Coming! Combining Teams and Cultures in a Corporate Merger
They're Coming! Combining Teams and Cultures in a Corporate Merger
Larry Kunz
 
Building Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyBuilding Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital Economy
Agus Wicaksono
 
The Impact of a Threat - How the Mall of America and its Partners Responded t...
The Impact of a Threat - How the Mall of America and its Partners Responded t...The Impact of a Threat - How the Mall of America and its Partners Responded t...
The Impact of a Threat - How the Mall of America and its Partners Responded t...
National Retail Federation
 
Third Annual State of Cyber Resilience SlideShare
Third Annual State of Cyber Resilience SlideShare Third Annual State of Cyber Resilience SlideShare
Third Annual State of Cyber Resilience SlideShare
Accenture Security
 
Strategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a RoleStrategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a Role
Kevin Duffey
 
CPSU Presentation
CPSU PresentationCPSU Presentation
CPSU Presentation
Todd Rowe
 
Best cybersecurity services for organizations
Best cybersecurity services for organizationsBest cybersecurity services for organizations
Best cybersecurity services for organizations
wilsonconsulting1
 

Recommended

ISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security cultureISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security culture
Craig McGill
 
They're Coming! Combining Teams and Cultures in a Corporate Merger
They're Coming! Combining Teams and Cultures in a Corporate MergerThey're Coming! Combining Teams and Cultures in a Corporate Merger
They're Coming! Combining Teams and Cultures in a Corporate Merger
Larry Kunz
 
Building Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyBuilding Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital Economy
Agus Wicaksono
 
The Impact of a Threat - How the Mall of America and its Partners Responded t...
The Impact of a Threat - How the Mall of America and its Partners Responded t...The Impact of a Threat - How the Mall of America and its Partners Responded t...
The Impact of a Threat - How the Mall of America and its Partners Responded t...
National Retail Federation
 
Third Annual State of Cyber Resilience SlideShare
Third Annual State of Cyber Resilience SlideShare Third Annual State of Cyber Resilience SlideShare
Third Annual State of Cyber Resilience SlideShare
Accenture Security
 
Strategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a RoleStrategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a Role
Kevin Duffey
 
CPSU Presentation
CPSU PresentationCPSU Presentation
CPSU Presentation
Todd Rowe
 
Best cybersecurity services for organizations
Best cybersecurity services for organizationsBest cybersecurity services for organizations
Best cybersecurity services for organizations
wilsonconsulting1
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
SurfWatch Labs
 
FINTECH, CYBERSECURITY AND BUSINESS READINESS
FINTECH, CYBERSECURITY AND BUSINESS READINESS FINTECH, CYBERSECURITY AND BUSINESS READINESS
FINTECH, CYBERSECURITY AND BUSINESS READINESS
Andrew_Goss
 
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
Jay Kesan
 
The July 2017 Cybersecurity Risk Landscape
The July 2017 Cybersecurity Risk LandscapeThe July 2017 Cybersecurity Risk Landscape
The July 2017 Cybersecurity Risk Landscape
Craig McGill
 
Find the best cyebersecurity services
Find the best cyebersecurity servicesFind the best cyebersecurity services
Find the best cyebersecurity services
wilsonconsulting1
 
Wilson Consulting Group: A Cybersecurity Company
Wilson Consulting Group: A Cybersecurity CompanyWilson Consulting Group: A Cybersecurity Company
Wilson Consulting Group: A Cybersecurity Company
wilsonconsulting1
 
Internet threats- How to protect the Africa consumer
Internet threats- How to protect the Africa consumer Internet threats- How to protect the Africa consumer
Internet threats- How to protect the Africa consumer
Self
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Shawn Tuma
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbers
Eoin Keary
 
The Modern Business Has No Perimeter - ZoneFox
The Modern Business Has No Perimeter - ZoneFoxThe Modern Business Has No Perimeter - ZoneFox
The Modern Business Has No Perimeter - ZoneFox
ZoneFox
 
12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC Summit12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC Summit
Tripwire
 
MCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementMCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk Management
William McBorrough
 
The Rise of Data Breaches in Small Businesses
The Rise of Data Breaches in Small Businesses The Rise of Data Breaches in Small Businesses
The Rise of Data Breaches in Small Businesses
First American Payment Systems
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Shawn Tuma
 
W.E.B. Security Services
W.E.B. Security ServicesW.E.B. Security Services
W.E.B. Security Services
W.E.B Security Services LLC
 
2017 in Review: Infosec Pros Look Back on the Year
2017 in Review: Infosec Pros Look Back on the Year2017 in Review: Infosec Pros Look Back on the Year
2017 in Review: Infosec Pros Look Back on the Year
Tripwire
 
Baretzky & Associates Presentation.
Baretzky & Associates Presentation.Baretzky & Associates Presentation.
Baretzky & Associates Presentation.
Ricardo Bn. Baretzky
 
Quantifying Cyber Risk, Insurance and The Value of Personal Data
Quantifying Cyber Risk, Insurance and The Value of Personal DataQuantifying Cyber Risk, Insurance and The Value of Personal Data
Quantifying Cyber Risk, Insurance and The Value of Personal Data
Steven Schwartz
 
Common sense security by Fortium Partners
Common sense security by Fortium PartnersCommon sense security by Fortium Partners
Common sense security by Fortium Partners
DAVID BERGH
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
The Network Support Company
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Shawn Tuma
 
NextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingNextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive Briefing
Joe Nathans
 

More Related Content

What's hot

What's hot (16)

How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
 
FINTECH, CYBERSECURITY AND BUSINESS READINESS
FINTECH, CYBERSECURITY AND BUSINESS READINESS FINTECH, CYBERSECURITY AND BUSINESS READINESS
FINTECH, CYBERSECURITY AND BUSINESS READINESS
 
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
 
The July 2017 Cybersecurity Risk Landscape
The July 2017 Cybersecurity Risk LandscapeThe July 2017 Cybersecurity Risk Landscape
The July 2017 Cybersecurity Risk Landscape
 
Find the best cyebersecurity services
Find the best cyebersecurity servicesFind the best cyebersecurity services
Find the best cyebersecurity services
 
Wilson Consulting Group: A Cybersecurity Company
Wilson Consulting Group: A Cybersecurity CompanyWilson Consulting Group: A Cybersecurity Company
Wilson Consulting Group: A Cybersecurity Company
 
Internet threats- How to protect the Africa consumer
Internet threats- How to protect the Africa consumer Internet threats- How to protect the Africa consumer
Internet threats- How to protect the Africa consumer
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbers
 
The Modern Business Has No Perimeter - ZoneFox
The Modern Business Has No Perimeter - ZoneFoxThe Modern Business Has No Perimeter - ZoneFox
The Modern Business Has No Perimeter - ZoneFox
 
12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC Summit12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC Summit
 
MCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementMCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk Management
 
The Rise of Data Breaches in Small Businesses
The Rise of Data Breaches in Small Businesses The Rise of Data Breaches in Small Businesses
The Rise of Data Breaches in Small Businesses
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
 
W.E.B. Security Services
W.E.B. Security ServicesW.E.B. Security Services
W.E.B. Security Services
 
2017 in Review: Infosec Pros Look Back on the Year
2017 in Review: Infosec Pros Look Back on the Year2017 in Review: Infosec Pros Look Back on the Year
2017 in Review: Infosec Pros Look Back on the Year
 

Similar to Avoiding the Cyber Clutter: A Practical Guide to Cybersecurity

[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
CODE BLUE
 
Core Elements of Retail LP Shortened version 15MB
Core Elements of Retail LP Shortened version 15MBCore Elements of Retail LP Shortened version 15MB
Core Elements of Retail LP Shortened version 15MB
Alan Greggo
 

Similar to Avoiding the Cyber Clutter: A Practical Guide to Cybersecurity (20)

Baretzky & Associates Presentation.
Baretzky & Associates Presentation.Baretzky & Associates Presentation.
Baretzky & Associates Presentation.
 
Quantifying Cyber Risk, Insurance and The Value of Personal Data
Quantifying Cyber Risk, Insurance and The Value of Personal DataQuantifying Cyber Risk, Insurance and The Value of Personal Data
Quantifying Cyber Risk, Insurance and The Value of Personal Data
 
Common sense security by Fortium Partners
Common sense security by Fortium PartnersCommon sense security by Fortium Partners
Common sense security by Fortium Partners
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
NextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingNextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive Briefing
 
Cybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceCybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & Compliance
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
 
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
 
Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm,...
Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm,...Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm,...
Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm,...
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
 
CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMS
 
Open Source Intelligence Overview
Open Source Intelligence OverviewOpen Source Intelligence Overview
Open Source Intelligence Overview
 
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
 
Core Elements of Retail LP Shortened version 15MB
Core Elements of Retail LP Shortened version 15MBCore Elements of Retail LP Shortened version 15MB
Core Elements of Retail LP Shortened version 15MB
 
Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101
 
ComResource Agency Solutions
ComResource Agency SolutionsComResource Agency Solutions
ComResource Agency Solutions
 
Working Together to Build a Cyber Security Program
Working Together to Build a Cyber Security ProgramWorking Together to Build a Cyber Security Program
Working Together to Build a Cyber Security Program
 

Recently uploaded

Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction Fails
Aurora Consulting
 
一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书
E LSS
 
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxAudience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
MollyBrown86
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书
SS A
 
Appeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdfAppeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdf
PoojaGadiya1
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
bd2c5966a56d
 

Recently uploaded (20)

8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
 
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
 
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptxKEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction Fails
 
一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书
 
PPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptxPPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptx
 
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptxMOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
 
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxAudience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdfBPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书
 
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptxpnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
 
Performance of contract-1 law presentation
Performance of contract-1 law presentationPerformance of contract-1 law presentation
Performance of contract-1 law presentation
 
Appeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdfAppeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdf
 
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top BoutiqueAndrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
 
589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdf589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdf
 
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptxIBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
 
Presentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptx
Presentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptxPresentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptx
Presentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptx
 
Chp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptChp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .ppt
 
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULELITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
 

Avoiding the Cyber Clutter: A Practical Guide to Cybersecurity

  • 1. Avoiding the Cyber Clutter: A Practical Guide to Cybersecurity Uri Gutfreund, Risk Strategies Company Tanya Duprey, Tarter Krinsky & Drogin Mark Sangster, eSentire Wednesday, June 28, 2017
  • 2. Today’s Discussion • What You REALLY Need To Worry About • Changing Threats • Risk Mitigation • Risk Transfer
  • 3.
  • 7. JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC 10K 30K 20K 40K 60K 50K 70K 80K FINANCE LAW FIRMS TECHNOLOGY LAW FIRMS FACE THE FASTEST THREAT GROWTH 380% ATTACK INCREASE 100% MALWARE INCREASE $200K AVG BREACH COST
  • 8. Who is the Weakest Link?
  • 9. New Client - Congratulations! Oh oh… • Questionnaire • Audits • “shall indemnify, defend and hold harmless XXXX from and against any and all Damages arising..”
  • 10. ATTORNEY State Breach Notification Laws FIRM State Bar Professional Ethics Code STATE ABA Professional Conduct Code INDUSTRYLEGAL Industry Obligations and Penalties CLIENT REGULATORY DUALITY
  • 11. AOP Most At Risk • Personal Injury • Banking • Med Mal / Healthcare • Class Action • Real Estate • Trusts & Estates • Corporate M&A
  • 12. INDUSTRY RANSOMWARE CAMPAIGN DECEMBER 2016 Email subject line: “The Office of The State Attorney Complaint” which alluded to vague legal action against the firm PDF ATTACHMENT Claimed to contain details of the legal action Actually contained Ransomware THIS WAS EASILY DETECTABLE • Legal action cannot be served by email! • Sent from Outlook.com domain not GOV EASILY PREVENTABLE • Security Awareness Training • Email filtering • Attachment blocking • eSentire MDR
  • 13. Unauthorized Release of Private Information IMPACT • Reputation • Down Time • Cost of Repairs • Breach Costs • Regulators / Fines • Theft of Funds
  • 14. RANSOMWARE IS A BILLION DOLLAR INDUSTRY 40% spam email contains ransomware 60% infections stem from spam emails 40seconds a company falls victim 150K in ransom payments $ 70% of companies pay the ransom 10K lost billable hours per attorney $
  • 15. COMBATING RANSOMWARE 02 EXECUTIVE Client Notification Disruption Plan 03 INFO SEC Backups & Testing 04 INFO SEC Application Whitelisting 01 DIRECTORS Payment Policy 05 INFO SEC Application Controls 06 INFO SEC Ad Blocking 07 EMPLOYEES Training & Alerting
  • 16. OBLIGATIONS Do you know what legislation governs the data you have? INVENTORY Do you know what data you have? RISKS Do you know what cyber threats are targeting your firm? AWARENESS Do your employees know how to avoid cyber risks? PROTECTION How are you defending your firm from cyber threats? CYBERSECURITY MUST-HAVES REPORTING Can you demonstrate your cybersecurity claims?
  • 19. Privacy Insurance Security & Privacy Liability Media Content Liability Network Interruption Cyber Extortion &/or Cyber Terrorism Data Restoration Event Management Expenses Third Party Coverages (Negligence) Retention Each Claim $5,000 - $1M First Party Coverages (Costs)
  • 20. Event Management Expenses • Data Breach Coach Expenses • Forensic Investigation • Crisis Management Expenses • Privacy Breach Notification • Credit Monitoring
  • 21. Policy Purchase Checklist • AM Best Credit Rating • Policy Limit • Data Security & Privacy • Media Liability • Network Interruption, Forensics & Data • Restoration • Event Management Expenses • Regulatory Defense & Penalties • Cyber Extortion • Social Engineering • Fraud
  • 22. You Are in Trouble if Your Cyber Policy… •Has sub-limits •Third Party Only •Too small limits •Doesn’t cover employees •Doesn’t cover fines •Exclusions •Costs too much •No prior acts
  • 23. Trends in Underwriting 2017 • Less not more • Quicker Not Slower • Cheaper Not Expensive
  • 24. CYBERSECURITY WORKBOOKS (based on ABA Cybersecurity Handbook) C y b e r s e c u r i t y L e g a l T a s k F o r c e T H E A B A CYBERSECURIT Y H A N D B O O K A R E S O U R C E F O R A T T O R N E Y S , L A W F I R M S , A N D B U S I N E S S P R O F E S S I O N A L S
  • 26.
  • 27.
  • 28. • Cyber Strategy • Do Training • Make breach plan • Stand Alone Cyber Liability Insurance • Consider if you want to arrange resources in advance
  • 29. Positive Signs for the Future • Major marketing opportunity for your firm to be known as a cutting edge safe firm and extra services • Most of the risk can be handled by an insurance policy

Editor's Notes

  1. Disable wscript.exe to stop JavaScript files (.js files) Disable Microsoft Word macros via GPO to block malicious document files Disable Powershell (restrict to IT personnel only) Deploy Email Filtering to restrict emails that contain unnecessary attachments: .js, .wsf, .zip, .docm, .vbs, .exe, .msi, .dll, and .html.
  2. Offer copy of workbook