Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud Examiners Annual Fraud Conference

782 views

Published on

Cybersecurity Law presentation to the Association of Certified Fraud Examiners (ACFE) Annual Fraud Conference.

Published in: Law
  • DOWNLOAD FULL BOOKS INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Thanks for sharing, Shawn. One Denver networker told me his employees posted HIPAA violations, stolen personal information, and defamatory content about someone on social media sites. Sounds more like an employee access problem and user error in sharing private content without the victims' knowledge. I think businesses need to know what Financial Services and Technology firms have honored for years--Privacy Protection and following US data management laws. Not only would re-sharing federally-protected information be criminal, it sure would be negligent, right? Judgment, intent...?
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud Examiners Annual Fraud Conference

  1. 1. Cyber Risk & Fraud 2.0 Shawn E.Tuma Scheef & Stone, LLP @shawnetuma
  2. 2. ShawnTuma Partner, Scheef & Stone, L.L.P. 214.472.2135 shawn.tuma@solidcounsel.com @shawnetuma blog: shawnetuma.com web: solidcounsel.com This information provided is for educational purposes only, does not constitute legal advice, and no attorney-client relationship is created by this presentation. Shawn Tuma is a cyber lawyer business leaders trust to help solve problems with cutting- edge issues involving cybersecurity, data privacy, computer fraud, intellectual property, and social media law. He is a partner at Scheef & Stone, LLP, a full service commercial law firm inTexas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, throughout the world.  Texas SuperLawyers 2015  Best Lawyers in Dallas 2014 & 2015, D Magazine (Digital Information Law)  Chair, Collin County Bar Association Civil Litigation & Appellate Section  College of the State Bar ofTexas  Privacy and Data Security Committee, Litigation, Intellectual Property Law, and Business Sections of the State Bar ofTexas  Information Security Committee of the Section on Science &Technology Committee of the American Bar Association  Social Media Committee of the American Bar Association  NorthTexas Crime Commission, Cybercrime Committee  Infragard (FBI)  International Association of Privacy Professionals  Information Systems Security Association  Contributor, Norse DarkMatters Security Blog  Editor, Business Cyber Risk Law Blog
  3. 3. “There are only two types of companies: those that have been hacked, and those that will be.” –Robert Mueller
  4. 4. 97% - CompaniesTested – Breached in Prior 6 mos.
  5. 5. Odds: Security @100% / Hacker @ 1
  6. 6. www.solidcounsel.com Data Sources Company Data Workforce Data Customer / Client Data Other Parties’ Data 3rd Party Business Associates’ Data Outsiders’ Data
  7. 7. www.solidcounsel.com Threat Vectors Network Website Email BYOD USBGSM Internet Surfing Business Associates People
  8. 8. www.solidcounsel.com Malicious • compete • newco • Sabotage • disloyal insider Negligence • email • usb • passwords Blended • foot out the door • misuse of network • stealing data • negligence with data • violate use policies Hacking / Cracking Social Engineering Malware Stealing Planting Corrupting Outsider & Insider Threats
  9. 9. www.solidcounsel.com data devices misuse?
  10. 10. •Stewardship •Public Relations •Legal
  11. 11. Responding: Execute Breach Response Plan • contact attorney (privilege) • assemble your ResponseTeam • notify Card Processor • contact forensics • contact notification vendor • investigate breach • remediate responsible vulnerabilities • reporting & notification
  12. 12. What does “reporting & notification” mean? • Law Enforcement • StateAttorneys General • pre-notice =VT (14 days), MD, NJ St. Police • FederalAgencies • FTC, SEC, HHS, etc. • Consumers • Fla, Ohio,Vermont = 45 days • Industry Groups • PCI, FINRA, FFIEC • Credit Bureaus • ProfessionalVendors & Suppliers
  13. 13. www.solidcounsel.com first name or first initial last name SSN DLN or GovtID data breach first name or first initial last name Acct or Card # Access or Security Code data breach Info that IDs Individual Health-care, provided, or pay data breach Duty to notify when “unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of sensitive personal information …” Tx. Bus. Comm. Code § 521.053 CIVIL PENALTY $100.00 per individual per day for notification delay, not to exceed $250,000 for single breach § 521.151
  14. 14. 2013 Cost (pre-Target)  $188.00 per record  $5.4 million = total average cost paid by organizations 2014 Cost $201 per record  $5.9 million = total average cost paid by organizations “The primary reason for the increase is the loss of customers following the data breach due to the additional expenses required to preserve the organization’s brand and reputation.” –Ponemon Institute 2014 Cost of Data Breach Study Cost of a Data Breach
  15. 15. 2014: 90% Preventable
  16. 16. Blocking &Tackling Theft Lost Passwords Phishing Websites Basic IT Case Stories
  17. 17. Blocking &Tackling You will be breached, but will you be liable? “Must Haves” if you have Computer Data Internet
  18. 18. Blocking &Tackling Approved & Documented Basic IT Security Basic Physical Security Policies & Procedures Focused on Data Security  Company  Workforce (Rajaee v. DesignTech Homes, Ltd.)  Network  Business Associates (Travelers Casualty v. Ignition Studio, Inc.) Implementation & Training Regular Reassessment & Update
  19. 19. www.solidcounsel.com Security Culture Assess, Audit, Gap Analysis Develop Strategic Plan Implement & Execute Plan Manage Response & Conflict Reassess & Update protecting businesses’ information protecting businesses from their information Risk Compliance Program
  20. 20. www.solidcounsel.com Security Culture Assess, Audit, Gap Analysis Develop Strategic Plan Implement & Execute Plan Manage Response & Conflict Reassess & Update protecting businesses’ information protecting businesses from their information Risk Compliance Program
  21. 21. www.solidcounsel.com Security Culture Assess, Audit, Gap Analysis Develop Strategic Plan Implement & Execute Plan Manage Response & Conflict Reassess & Update protecting businesses’ information protecting businesses from their information Risk Compliance Program
  22. 22. www.solidcounsel.com Security Culture Assess, Audit, Gap Analysis Develop Strategic Plan Implement & Execute Plan Manage Response & Conflict Reassess & Update protecting businesses’ information protecting businesses from their information Risk Compliance Program
  23. 23. www.solidcounsel.com Security Culture Assess, Audit, Gap Analysis Develop Strategic Plan Implement & Execute Plan Manage Response & Conflict Reassess & Update protecting businesses’ information protecting businesses from their information Risk Compliance Program
  24. 24. www.solidcounsel.com Security Culture Assess, Audit, Gap Analysis Develop Strategic Plan Implement & Execute Plan Manage Response & Conflict Reassess & Update protecting businesses’ information protecting businesses from their information Risk Compliance Program
  25. 25. www.solidcounsel.com Security Culture Assess, Audit, Gap Analysis Develop Strategic Plan Implement & Execute Plan Manage Response & Conflict Reassess & Update protecting businesses’ information protecting businesses from their information Risk Compliance Program
  26. 26. www.solidcounsel.com Security Culture Assess, Audit, Gap Analysis Develop Strategic Plan Implement & Execute Plan Manage Response & Conflict Reassess & Update protecting businesses’ information protecting businesses from their information Risk Compliance Program
  27. 27. www.solidcounsel.com •Login Credentials •“You don’t drown from falling into the water” •25k v. 40m (T) / 56m (HD)
  28. 28. www.solidcounsel.com Protecting businesses from information Contracts • 3rd party liability • Healthcare (BA) • Software license audit • Permissible access & use in policies, BYOD • EULA / TOS Marketing • FTC Act § 5 • SPAM laws • NLRB rules • CDA § 230 • Website audits • IP issues • Acct ownership Privacy • Privacy policies • Privacy & data practices • Destruction policies • Monitoring workforce • Business intelligence Industry Regulation • PCI (Payment Card Industry) • FFIEC (Federal Financial Institution Examination Council) • FINRA (Financial Industry Regulatory Authority) • SIFMA (Securities Industry and Financial Markets Association)
  29. 29. www.solidcounsel.com 41 protecting misusing responding data devices

×