The internet as a corporate security resourceDan Michaluk
One hour presentation to in house lawyers at a federally regulated employer. Analysis is based on Canadian federal privacy legislation (PIPEDA) and Ontario Rules of Professoinal Conduct.
1 hours presentation to IT security and law enforcement audience on how access to information legislation and related pressures affect public bodies in Canada.
One hour presentation to Ontario public sector institutions that looks at the privacy and security implications the main information flows associated with COVID-19 workplace health and safety.
Given an outcome, we often exaggerate our ability to predict and therefore avoid the same fate. In cybersecurity, this misconception can lead to a false sense of corporate security, or worse, bury the true causes of incidents and lead to repeated data breaches or business-disrupting cyber incidents.
The internet as a corporate security resourceDan Michaluk
One hour presentation to in house lawyers at a federally regulated employer. Analysis is based on Canadian federal privacy legislation (PIPEDA) and Ontario Rules of Professoinal Conduct.
1 hours presentation to IT security and law enforcement audience on how access to information legislation and related pressures affect public bodies in Canada.
One hour presentation to Ontario public sector institutions that looks at the privacy and security implications the main information flows associated with COVID-19 workplace health and safety.
Given an outcome, we often exaggerate our ability to predict and therefore avoid the same fate. In cybersecurity, this misconception can lead to a false sense of corporate security, or worse, bury the true causes of incidents and lead to repeated data breaches or business-disrupting cyber incidents.
Advantage ppt data breaches km approved - final (djm notes)Dan Michaluk
Presentation to Canadian in-house counsel on data breach response and crises communications. Dan Michaluk and Ian Dick of Hicks Morley and Karen Gordon of Squeaky wheel communications.
A short presentation to college student affairs administrators on managing students at risk in light of recent health and safety amendments in Ontario.
This is a presentation I delivered to lawyers attending the Alberta Law Conference. It's was very conceptual in nature, focusing on some of the broader forces affecting employers and employees. The two topics of substance are "information governance" and social media misuse.
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
This presentation focused on cybersecurity protections for law firms and attorneys' ethical obligation to protect client information. Cybersecurity and data privacy attorney Shawn Tuma presented this continuing legal education session on March 10, 2017. It was delivered live at the TexasBarCLE presents the 8th Annual Course
Essentials of Business Law:Four Modules for a Robust Practice Cosponsored by the Business Law Section of the State Bar of Texas.
Something is Phishy: Cyber Scams and How to Avoid ThemShawn Tuma
Reginald A. Hirsch and Shawn E. Tuma presented this talk at the Annual Meeting of the State Bar of Texas for the Law Practice Management Section of the State Bar of Texas. The date of the talk was June 22, 2018, and the location was Houston, Texas.
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsShawn Tuma
This presentation focused on cyber security protections for businesses and other law firm clients. Cybersecurity and data privacy attorney Shawn Tuma presented this continuing legal education session on March 10, 2017. It was delivered live at the TexasBarCLE presents the 8th Annual Course
Essentials of Business Law:Four Modules for a Robust Practice Cosponsored by the Business Law Section of the State Bar of Texas.
Cybersecurity: The Danger, the Cost, the RetaliationPECB
The discussion will cover the need, urgency and industry direction in deploying solid cyber defense technologies. There will be real world examples of the costs, the danger and the recovery of both cybersecurity offense and defense. There will be a focus on Increase cyber-attack vulnerabilities such as IoT and Cloud Computing, particular to attacks on physical world critical infrastructure. The subject topic will discuss methods of needed rapid development and deployment of cyber defense technologies today with preparation for a Post Quantum Computing Era.
Main points covered:
• Costs and danger of cyber-attacks now compared to major natural disasters
• Nation State threats on critical infrastructure reaching acts of war
• Cyber offense short term and Cyber Defense long term
Presenter:
Larry Karisny is well known in both the public and private sector as a technology innovator, advisor and renowned expert in cyber defense technology. He is a frequent contributor to Government Technology Magazine and has also written for Infosec Island, PenTest, eForencics and is often quoted in other global publications. He is a sought-after speaker at industry summits and conferences as a session lead and moderator covering the subject of cybersecurity. He acts a Director of the cybersecurity think tank, ProjectSafety.org
As Director of ProjectSafety.org, Mr. Karisny independently sought out unique Proof of Concept (POC), Intrusion Prevention System (IPS), Intrusion Detection System (IDS), security technological approaches to current cybersecurity solutions. He targeted these advanced cyber security technologies with a focus on securing critical infrastructure systems and ecosystems.
His current focus is in demonstrating cybersecurity technologies that offer the capability to defend, detect and remediate malware compromises, system defects and administrative errors. His knowledge base spans from current cybersecurity technologies to Post Quantum cyber defense. His best skill set is to understand even the most complicated information in science and making it understandable to all levels of audience. He is currently involved in commercializing multiple levels of cyber defense technologies form POC to global deployment.
Recorded webinar: https://youtu.be/yyVsSj946S4
Advantage ppt data breaches km approved - final (djm notes)Dan Michaluk
Presentation to Canadian in-house counsel on data breach response and crises communications. Dan Michaluk and Ian Dick of Hicks Morley and Karen Gordon of Squeaky wheel communications.
A short presentation to college student affairs administrators on managing students at risk in light of recent health and safety amendments in Ontario.
This is a presentation I delivered to lawyers attending the Alberta Law Conference. It's was very conceptual in nature, focusing on some of the broader forces affecting employers and employees. The two topics of substance are "information governance" and social media misuse.
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
This presentation focused on cybersecurity protections for law firms and attorneys' ethical obligation to protect client information. Cybersecurity and data privacy attorney Shawn Tuma presented this continuing legal education session on March 10, 2017. It was delivered live at the TexasBarCLE presents the 8th Annual Course
Essentials of Business Law:Four Modules for a Robust Practice Cosponsored by the Business Law Section of the State Bar of Texas.
Something is Phishy: Cyber Scams and How to Avoid ThemShawn Tuma
Reginald A. Hirsch and Shawn E. Tuma presented this talk at the Annual Meeting of the State Bar of Texas for the Law Practice Management Section of the State Bar of Texas. The date of the talk was June 22, 2018, and the location was Houston, Texas.
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsShawn Tuma
This presentation focused on cyber security protections for businesses and other law firm clients. Cybersecurity and data privacy attorney Shawn Tuma presented this continuing legal education session on March 10, 2017. It was delivered live at the TexasBarCLE presents the 8th Annual Course
Essentials of Business Law:Four Modules for a Robust Practice Cosponsored by the Business Law Section of the State Bar of Texas.
Cybersecurity: The Danger, the Cost, the RetaliationPECB
The discussion will cover the need, urgency and industry direction in deploying solid cyber defense technologies. There will be real world examples of the costs, the danger and the recovery of both cybersecurity offense and defense. There will be a focus on Increase cyber-attack vulnerabilities such as IoT and Cloud Computing, particular to attacks on physical world critical infrastructure. The subject topic will discuss methods of needed rapid development and deployment of cyber defense technologies today with preparation for a Post Quantum Computing Era.
Main points covered:
• Costs and danger of cyber-attacks now compared to major natural disasters
• Nation State threats on critical infrastructure reaching acts of war
• Cyber offense short term and Cyber Defense long term
Presenter:
Larry Karisny is well known in both the public and private sector as a technology innovator, advisor and renowned expert in cyber defense technology. He is a frequent contributor to Government Technology Magazine and has also written for Infosec Island, PenTest, eForencics and is often quoted in other global publications. He is a sought-after speaker at industry summits and conferences as a session lead and moderator covering the subject of cybersecurity. He acts a Director of the cybersecurity think tank, ProjectSafety.org
As Director of ProjectSafety.org, Mr. Karisny independently sought out unique Proof of Concept (POC), Intrusion Prevention System (IPS), Intrusion Detection System (IDS), security technological approaches to current cybersecurity solutions. He targeted these advanced cyber security technologies with a focus on securing critical infrastructure systems and ecosystems.
His current focus is in demonstrating cybersecurity technologies that offer the capability to defend, detect and remediate malware compromises, system defects and administrative errors. His knowledge base spans from current cybersecurity technologies to Post Quantum cyber defense. His best skill set is to understand even the most complicated information in science and making it understandable to all levels of audience. He is currently involved in commercializing multiple levels of cyber defense technologies form POC to global deployment.
Recorded webinar: https://youtu.be/yyVsSj946S4
Where security and privacy meet partnering tips for CSOs and privacy/complian...Compliancy Group
This webinar will identifying challenges in both the privacy and security offices, explaining the necessities of working together, and identify mutual goals, both within their departments and in the context of the rest of the business. It will include solutions and suggestions for working together and case studies/examples showing common mistakes as well as success stories of privacy and IT offices working together.
Panelists:
Gant Redmon, General Counsel and VP of Business Development, Co3 Systems
In This Issue:
1. Your #1 MUST-DO Resolution For 2017
2. Free Report: What Every Small Business Owner Must Know About Protecting And Preserving their Company’s Critical Data And Computer Systems
3. 3 Ways Smart People Blow The Close
4. STAYING ON TOP
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity Logikcull.com
In June, a massive cyberattack brought down one of the country's biggest law firms. DLA Piper, its systems ravaged by the Petya ransomware program, was forced to shut down its phones service, email, and internal computer network--potentially costing millions in lost income. Weeks later, the firm was still digging itself out.
Such attacks are increasingly an existential threat to firms of all sizes: the difference between being billing and nothingness. Join us as we discuss this urgent issue.
The EU’s GDPR is the first major overall of data privacy requirements in the EU since the 1990s and is effective May 25, 2018. The GDPR is more than a regulation; it is a way of integrating data privacy and information security into day-to-day operations. This session will use case studies to bring alive the key issues to be addressed and best practices to address them whether in the EU or not.
Learning Objectives:
1: Understand that the GDPR contains significant food for thought.
2: Learn how organizations can build on previous compliance and policy efforts.
3: Understand why doing business in Europe post-GPDR requires planning and privacy initiatives.
(Source: RSA Conference USA 2018)
P4Six Separate SubmissionsTerry Childs Case Review - write a o.docxkarlhennesey
P4
Six Separate Submissions
Terry Childs Case Review - write a one-page summary of your
Firion Simtray Report – one-page report
Standards, Policies, and Guidelines Definition - two- to three-page comparison report
Profile Matrix - Attached
Case Issues and solutions Template - Attached
Cybersecurity Recommendations Presentation - slide presentation of 10-15 slides
(2 Discussion posts)
Project Scenario
As you go through the morning's e-mail, you notice one from your boss that links to an article about the Terry Childs cyber breach case. Childs, an administrator in the San Francisco IT department who had sole control of the city-wide network, refused to provide passwords to anyone else after a dispute with a city official, effectively locking down the network. "Let's discuss this," says your boss at the end of the e-mail, and you proceed to meet with him in his office.
Your boss points out that the Childs case indicates the vulnerability of any network in which one administrator has too much control. "While that isn't likely to happen here," the boss says, "we need to ensure that we have the proper standards, policies, and guidelines to ensure the safety of our systems."
In addition, your boss points out that even though Childs is an "insider," his actions resemble those of a typical hacker. You realize that understanding what makes hackers "tick" might be a good basis to set up intrusion prevention initiatives at your company.
The boss agrees and asks you to create a presentation. It will include a typical hacker profile, the characteristics of ethical and unethical hackers, and recommendations in the areas of people, technology, and standards/policy, which can be used by the company to ensure the safety of its systems from internal as well as external threats.
When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.
Step 1: Review the Terry Childs Case
Before getting started on the presentation, you will want to first learn about the Terry Childs case. Research the case and write a one-page summary of your findings. Your summary should answer the following questions:
· What led to Childs being charged with a crime?
· How did his employer respond to his actions? What did it do right and/or wrong?
· What could the company have done to better secure its assets?
Your summary should be thorough and include a references page. The information gathered will be used in your final presentation. You will use this summary as Appendix A to your presentation.
Submit the Terry Childs Case Review for feedback. Step 2: Project Practice - SIMTRAY Firion: Day 1
Now that you have been introduced to an actual case of insider threats, you will practice handling insiders in a simulated environment. The world of cybersecurity is populated with diverse people with a diversity of perspectives. Every now and then, individuals may violate certain standards of ...
n the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security.
In this session, learn about a few of the simple actions you can take (and some behaviors you must change) to create a more secure Java application for the cloud. The world of the cyber criminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
The Ugly Secret about Third Party Risk Management.pdfBreachSiren
Your current data provider doesn’t have federal, state and industry sources representing more than 75% of the US population and growing… but we do.
BreachSiren provides quality breach data to innovative risk and security companies looking to differentiate themselves from competitors. Contact us to learn more about our data breach database and enterprise API.
Crisis management plansIdentify first response stepsTactCruzIbarra161
Crisis management plans
Identify first response steps
Tactics used in crisis/
issue response
Timing and message
response
Module 5 Overview
This week we address what to do when the storm hits…as we explore how to engage – Give yourself freedom to adjust as needed to what comes your way…
1
Crisis Assessment
Who has keys to the office at 10 PM on Sunday night? Who has passwords to take down website photos, social media posts on Saturday night at Midnight? Do you have numbers for these contacts?
If this is in your Go-Bag you’re already way ahead of what’s coming.
Do you have numbers for these contacts? If this is in your Go-Bag you’re already way ahead of what’s coming. On questions to ask---
Who is in the control tower? What is out there already? What needs to be corrected? Who are hateholders? What are their first, last name, city …comb through social media …google alerts.
2
Crisis Trajectory
This is typically how crisis move….If general the worst heat of a crisis comes in the first 72 hours…after the first week things move from the ICU to rehab--- USUALLY1
3
Natural disasters
Protests
Suicides
Cyber-theft attacks
Sudden deaths leaving vacuum in leadership
Allegations- ‘left field’
Sudden facility closures
Twist in ruling, interpretation
Online smear campaigns
Innocent mistakes
Unexpected, Ambush Crises
Let’s take a quick refresh of the types of crises….
4
Potential
Filed lawsuits
Unhappy employee leaves
Firing of popular employee/executive
Announced investigations, audits
Mergers or acquisitions
Innocent mistakes (accounting errors)
RAINY DAYS
5
Entrenched
Other side has dominated the narrative for a sustained period of time.
You're on defense
Issue dominates online search results of entity's name
Causing continued business disruption, loss of influence
Requires sustained effort to change, re-establish better, accurate image
6
Stop credibility bleeding
Control and or participate in narrative via consistent messaging
Avoid further damage
Restore confidence
Reactive Overcoming
Objectives in Crisis PR
Imagine an accident on a busy highway. Police rush to the scene and cone off the area to protect the injured from oncoming traffic; paramedics arrive and move the injured ASAP…same is true in crisis work: Immediately find out if Comm Policy/Protocols in place. If so, may need to send gentle reminder of where inquirises should be directed. WHY is this Critical? If someone comments who is NOT in the ATC – not aware of the position it can make things explode. Imagine a manager at a Colorado office not knowing what or why the situation occurred at the company’s Nevada office begins to speculate or worse, take blame for whatever occurred. This not only compounds the crisis it now sets the company up for legal liability.
7
Crystal Rockwood () - error signs in saving this doc: Noto sans symbol something not transferring...
Crisis Assessment
Verify ...
Recovering from a Cyber Attack was delivered on February 7, 2018, at the Texas Bar CLE Cybersecurity Workshop course by Todd Hindman, Global Director, Data Breach Response Services of ID Experts Corp. and Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...Financial Poise
Your company has just suffered a data breach – what do you do next? Who do you call for help? Whom do you need to notify of the breach?
Your company may have already implemented its information security program and has identified the responsible parties, including applicable outside experts, to be contacted in the event of a breach. However, now you must assemble your incident response team to investigate the extent of the breach, evaluate the possible damage to your company, and determine whether you must notify your clients or the public of the breach. This webinar gives you an overview of what to do when the worst happens.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/data-breach-response-2018/
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxDan Michaluk
One hour presentation to IT professionals at Ontario school boards. Covers labour issues in MFA rollout, threat information sharing and business e-mail compromises and PHIPA.
Critical Issues in School Board Cyber SecurityDan Michaluk
An hour presentation to school board officials in Ontario on cyber security issues, covering the threat environment, defense, incident response, threat information sharing and vendor issues.
Here's a one hour presentation to Canadian municipal lawyers on the union right of access to information that arises under labour law and how it has fared against employee privacy claims.
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
45 min prez to compliance professionals at Canadian financial institutions. A survey presentation covering privacy, data security and anti-spam (CASL).
I hate the term "breach" - please call it a "security incident" - but the term "breach coach" is certainly ingrained. Posting today's presentation on the role of the coach as I step out the door to an insurance sector event.
Who is the "health information custodian" when an institution with an educational mandate provides health care? PHIPA gives institutions choice. Here's a presentation i gave yesterday in which I argue that the institution (and not its practitioners) should assume the role of the HIC.
Student Conduct Investigations - Examining Evidence and Determining CredibiliityDan Michaluk
A one hour presentation to student conduct investigators at colleges and universities in Canada. Support for the "hard" cases in which credibility is at issue, including hard sexual violence cases.
Privacy and breaches in health care - a legal updateDan Michaluk
A 45 minute presentation to hospital administrators in Ontario. A state of the nation address on the legal environment related to data security incidents.
Presentation to Canadian in-house counsel on data breach response and crises communications. Dan Michaluk and Ian Dick of Hicks Morley and Karen Gordon of Squeaky Wheel Communications.
Lifting the Corporate Veil. Power Point Presentationseri bangash
"Lifting the Corporate Veil" is a legal concept that refers to the judicial act of disregarding the separate legal personality of a corporation or limited liability company (LLC). Normally, a corporation is considered a legal entity separate from its shareholders or members, meaning that the personal assets of shareholders or members are protected from the liabilities of the corporation. However, there are certain situations where courts may decide to "pierce" or "lift" the corporate veil, holding shareholders or members personally liable for the debts or actions of the corporation.
Here are some common scenarios in which courts might lift the corporate veil:
Fraud or Illegality: If shareholders or members use the corporate structure to perpetrate fraud, evade legal obligations, or engage in illegal activities, courts may disregard the corporate entity and hold those individuals personally liable.
Undercapitalization: If a corporation is formed with insufficient capital to conduct its intended business and meet its foreseeable liabilities, and this lack of capitalization results in harm to creditors or other parties, courts may lift the corporate veil to hold shareholders or members liable.
Failure to Observe Corporate Formalities: Corporations and LLCs are required to observe certain formalities, such as holding regular meetings, maintaining separate financial records, and avoiding commingling of personal and corporate assets. If these formalities are not observed and the corporate structure is used as a mere façade, courts may disregard the corporate entity.
Alter Ego: If there is such a unity of interest and ownership between the corporation and its shareholders or members that the separate personalities of the corporation and the individuals no longer exist, courts may treat the corporation as the alter ego of its owners and hold them personally liable.
Group Enterprises: In some cases, where multiple corporations are closely related or form part of a single economic unit, courts may pierce the corporate veil to achieve equity, particularly if one corporation's actions harm creditors or other stakeholders and the corporate structure is being used to shield culpable parties from liability.
In 2020, the Ministry of Home Affairs established a committee led by Prof. (Dr.) Ranbir Singh, former Vice Chancellor of National Law University (NLU), Delhi. This committee was tasked with reviewing the three codes of criminal law. The primary objective of the committee was to propose comprehensive reforms to the country’s criminal laws in a manner that is both principled and effective.
The committee’s focus was on ensuring the safety and security of individuals, communities, and the nation as a whole. Throughout its deliberations, the committee aimed to uphold constitutional values such as justice, dignity, and the intrinsic value of each individual. Their goal was to recommend amendments to the criminal laws that align with these values and priorities.
Subsequently, in February, the committee successfully submitted its recommendations regarding amendments to the criminal law. These recommendations are intended to serve as a foundation for enhancing the current legal framework, promoting safety and security, and upholding the constitutional principles of justice, dignity, and the inherent worth of every individual.
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordinary And Special Businesses And Ordinary And Special Resolutions with Companies (Postal Ballot) Regulations, 2018
Responsibilities of the office bearers while registering multi-state cooperat...Finlaw Consultancy Pvt Ltd
Introduction-
The process of register multi-state cooperative society in India is governed by the Multi-State Co-operative Societies Act, 2002. This process requires the office bearers to undertake several crucial responsibilities to ensure compliance with legal and regulatory frameworks. The key office bearers typically include the President, Secretary, and Treasurer, along with other elected members of the managing committee. Their responsibilities encompass administrative, legal, and financial duties essential for the successful registration and operation of the society.
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...Massimo Talia
This guide aims to provide information on how lawyers will be able to use the opportunities provided by AI tools and how such tools could help the business processes of small firms. Its objective is to provide lawyers with some background to understand what they can and cannot realistically expect from these products. This guide aims to give a reference point for small law practices in the EU
against which they can evaluate those classes of AI applications that are probably the most relevant for them.
A "File Trademark" is a legal term referring to the registration of a unique symbol, logo, or name used to identify and distinguish products or services. This process provides legal protection, granting exclusive rights to the trademark owner, and helps prevent unauthorized use by competitors.
Visit Now: https://www.tumblr.com/trademark-quick/751620857551634432/ensure-legal-protection-file-your-trademark-with?source=share
How to Obtain Permanent Residency in the NetherlandsBridgeWest.eu
You can rely on our assistance if you are ready to apply for permanent residency. Find out more at: https://immigration-netherlands.com/obtain-a-permanent-residence-permit-in-the-netherlands/.
1. Third Annual CICMA – CIAA – CDL – Joint Seminar
November 14, 2017
Toronto
Cyber Insurance
and Incident
Response Practice
2. Third Annual CICMA – CIAA – CDL – Joint Seminar
November 14, 2017
Toronto
Not like any other
Monday
3. A hello from pr1m4 donn4
You’re the CAO of a mid-sized law firm. You’ve let your mail
build-up over the weekend and are working though your
inbox. There it is.
Someone identifying herself as “pr1m4 d0nn4” says she’s got
2TB of the firm’s information. She’s attached a spreadsheet
that shows all employee salaries. You quickly check and it
matches what you have exactly. pr1m4 donn4 says that you
have seven days pay 20 bitcoin (about $183,000) or your
information will be released on the dark web.
4. A. The managing partner
B. The police
C. Your broker
D. Your breach coach
E. You mommy
Who do you call first?
5. Congrats! You have an IRP
Shortly after breaking the bad news to the managing partner,
you consult your incident response policy. It identifies the
response team as involving the managing partner, the CIO,
the CFO (who is responsible for risk management) as
members of the lean and mean incident response team.
You call a breach coach from the firm of Bourk-Juneau-
Michaluk – one of three pre-vetted firms listed in your
policy.
6. A. Order a global password reset
B. E-mail all partners to see if they have had any
suspicious contact that might be the cause
C. Assess network vulnerabilities
D. Hire an IT forensic provider
E. Hire a crises management communicator
What’s the 1st thing the coach tells
you to do?
7. At this point, what first party costs
can you expect bear?
8. And the investigation shows…
You’ve had a stellar response from your forensic IT provider.
It’s only three days in and the vendor has confirmed that,
indeed, 2TB of information was “exfiltrated” from an HR
shared drive, a drive containing a wide range of employee
personal information (including salary info by year, SIN
numbers, DOB). The problem arose based on a phishing
attack that exploited an un-patched sever vulnerability.
The vendor has given its qualified opinion that the network
is now secure and that no other information was likely
taken by pr1ma4 donn4.
9. How do you deal with the hacker?
A. Ask her some questions and try to buy time
B. Bargain a reduction in price
C. Pay the ransom
D. Don’t pay the ransom
E. Wait for contact and don’t reach out
10. And the investigation shows…
You’ve decided not to pay the ransom or talk to the
hacker at all. That gives you a whole four days before
the information could be dumped on the dark web.
11. What do you do in anticipation of the
deadline?
13. Angry Bob…
Well done. Your response went over very well with the employees
(and the Law Society). You had a series of town halls and the
messaging was very forthright and clear. Now six months post
incident no employees have reported any identity problems to
you. Employee surveys show your employees trust you and are
grateful for your approach to the incident.
Unfortunately, a former employee (Angry Bob) had an outstanding
wrongful dismissal against the firm has amended and sued for
“breach of privacy”. He’s also threatened to “go public”.