SlideShare a Scribd company logo

Cyber security and fl data breach

Download as PPTX, PDF
Rob Jackson
Rob Jackson

Basic Cyber Security and the Florida Data Breach Law

Law
1 of 38
CYBER SECURITY & FLORIDA’S DATA BREACH LAW IT’S A BRAVE NEW WORLD
Who are these Geeks? Rob Jackson Randall Garner
Before We Get Started . . . Quick Survey
Outline of Presentation Cyber Security is an Oxymoron I’ve Been Hacked, Now What? What Can You Do
Cyber Security is an Oxymoron • Your kidding me right? • You and your data will never, EVER, be 100% guaranteed safe online. • If connected - vulnerable
Cyber Security is an Oxymoron • Huge, rapidly growing problem • Now No.1 Future Business Threat by CEO’s • 40% believe they are “unavoidable” • “Career ending” Risk
Number of Breaches & Records
Financial Damage from Attacks
School Attacks since 2016 356 since Jan 2016
Schools Not Immune
Even Your School . . .
Resources on Educational Attacks • https://k12cybersecure.com/ • https://www.databreaches.net/category/ breach-reports/education-sector/
Types of Attacks • Brute Force • DDOS • Ransomware • Phishing • Spear Phishing • Man in the Middle
Types of Attacks – Brute Force • Guess your password • Exhaustive Key Search • Don’t use “password” or “123456” • Longer Password – harder to break • Password = access = control
Types of Attacks – DDOS • Distributed Denial of Service • “Take down” a Target with massive Traffic • Relies on the way the internet works • Botnets through malware • Retailers primarily at risk • Education – reputational damage
DDOS attack Traffic to Overwhelm a Website. Best – slow Worse - down
Types of Attacks – Ransomware • Program that encrypts your files • Will send you the key for $$$$ • Encryption is unbreakable • Holding Your Own Data Hostage • Pay or Reinstall Data • Working Back Ups are Critical
Types of Attacks – Phishing • Fake Emails • Designed to Look Reputable • Logos, Language, etc • Get you to Click on a link • Download malware • Keylogger, Ransomware, Adware, etc. . .
Types of Attacks – Spear Phishing • Specifically Targeted Fake Email • Personalized to Victim • Some Prior Research (online) • Goal same - Get you to Click on a link • Download malware • Again, Password = access = control
Types of Attacks – Man in the Middle • Attacker in the “middle” of communications between two other people. Impersonation. • Can gather data or communications • Can watch and monitor, wait to take action • Dangerous - relies on trust • Financial Depts – Wire Fraud
Man in The Middle – Spear Phish
I’VE BEEN HACKED!!! NOW WHAT?
I’ve Been Hacked, Now What? • Incident Response Plan • DOE Reporting Requirements • Florida’s Data Breach Law • Civil Liability • Reputational Damage
Incident Response Plan • Contain the Breach • Identify Type and Scope • Preserve Evidence • Notify Authorities or Insurance as needed • Disclosure, if necessary • Lessons Learned and Training
Disclosure Requirements - Generally • Often Depends on if Data Accessed • Website Hack - doubtful • Ransomware - doubtful • Phishing . Spear phishing - depends • Server Breach - depends
DOE Reporting Requirements • FERPA does not require institutions to adopt specific security controls, it does require the use of “reasonable methods” to safeguard student records (34 CFR § 99.31) • No Disclosure Requirement . . For now
Florida’s Data Breach Law • Passed in 2014 • Florida Statute § 501.171 • Not well known • Protects Personal Information of FL Residents • Coverage includes Gov’t Entities
Personal Information includes: • first name or first initial and last name in combination with: • SSN • DL or ID card number issued by gov’t used to verify identity; • Financial account numbers in combination with any required security code, access code, or password for access • Medical history or Treatments • Health Ins Policy Number • Email in combination with a password or security question
PI Does NOT include: • Information Made Available to Public by a Gov’t Entity • Encrypted Info or Data • Deidentified Info
Florida’s Data Breach Law • Obligation to take “reasonable” measure to protect data • “Reasonable” measure to dispose of data • Fines by State for violations • No Private Cause of Action
Florida’s Data Breach Law - Notice Written Notice to Dept (Legal Affairs) if Breach affecting 500 or more not later than 30 days after discovery • Notice Includes: 1. Synopsis 2. Numbers of persons affected 3. Breach related protection being offered 4. Copy of Notice to Individuals, if required 5. POC
Florida’s Data Breach Law - Notice Must Also Provide to Dept Upon Request: 1. A police report, incident report, or computer forensics report. 2. A copy of the policies in place regarding breaches. 3. Steps that have been taken to rectify the breach.
Florida’s Data Breach Law - Notice • Notice to Individuals Who PI was Accessed Required • Seems to Apply to Even a Single Breach / Person • UNLESS: • after an appropriate investigation and consultation with relevant federal, state, or local law enforcement agencies, the covered entity reasonably determines that the breach has not and will not likely result in identity theft or any other financial harm to the individuals whose personal information has been accessed • Keep written records for 5 years • Notice to Dept still required if over 500
Florida’s Data Breach Law - Fines • Treated as Unfair or Deceptive Trade Practice • Action brought by AG’s Office • Fines not to exceed $500,000, per breach • $1000 / day for first 30 days • $50,000 every month thereafter • Lesson: DON’T DELAY Investigation and Notice
FL Data Breach Law – Bottom Line • Don’t Forget About This Statute • Detailed Reading of Statute Required To Ensure Compliance • Investigate Promptly and Provide Notice as Required • Maintain Appropriate Records of all Actions • No Case Law or AG Opinions Yet
I’ve Been Hacked, Now What? • Civil Liability • Reputational Damage
What Can You Do? • Good IT Department or Consultant • Buy Cyber Insurance • Back Ups – Test Often • Good Policies in Place • Wire Fraud, Financial, Sensitive Data • Employee Training – KnowBe4, others
Cyber Security & Data Breach Questions?

Recommended

Identity thefts
Identity theftsIdentity thefts
Identity theftsHHSome
 
Identity theft
Identity theftIdentity theft
Identity theftEqhball Ghazizadeh
 
Identity theft ppt
Identity theft pptIdentity theft ppt
Identity theft pptCut 2 Shreds
 
Divorce in the Digital Era
Divorce in the Digital EraDivorce in the Digital Era
Divorce in the Digital EraFrederick Lane
 
Computer crime
Computer crimeComputer crime
Computer crimeIbrar Manzoor
 
Identity Theft nigerian fraud cross border fraud
Identity Theft nigerian fraud cross border fraudIdentity Theft nigerian fraud cross border fraud
Identity Theft nigerian fraud cross border fraudMatt Smith
 
Staying Secure Electronically
Staying Secure ElectronicallyStaying Secure Electronically
Staying Secure ElectronicallyJennifer Ellis, JD, LLC
 
Identity Theft: How to Avoid It
Identity Theft: How to Avoid ItIdentity Theft: How to Avoid It
Identity Theft: How to Avoid Ithewie
 

Recommended

Identity thefts
Identity theftsIdentity thefts
Identity theftsHHSome
 
Identity theft
Identity theftIdentity theft
Identity theftEqhball Ghazizadeh
 
Identity theft ppt
Identity theft pptIdentity theft ppt
Identity theft pptCut 2 Shreds
 
Divorce in the Digital Era
Divorce in the Digital EraDivorce in the Digital Era
Divorce in the Digital EraFrederick Lane
 
Computer crime
Computer crimeComputer crime
Computer crimeIbrar Manzoor
 
Identity Theft nigerian fraud cross border fraud
Identity Theft nigerian fraud cross border fraudIdentity Theft nigerian fraud cross border fraud
Identity Theft nigerian fraud cross border fraudMatt Smith
 
Staying Secure Electronically
Staying Secure ElectronicallyStaying Secure Electronically
Staying Secure ElectronicallyJennifer Ellis, JD, LLC
 
Identity Theft: How to Avoid It
Identity Theft: How to Avoid ItIdentity Theft: How to Avoid It
Identity Theft: How to Avoid Ithewie
 
H -Tech frauds of identity theft, Identity cloning and address mirroring
H -Tech frauds of identity theft, Identity cloning and address mirroringH -Tech frauds of identity theft, Identity cloning and address mirroring
H -Tech frauds of identity theft, Identity cloning and address mirroringGAURAV. H .TANDON
 
Hackbama Cyber Crimes Investigations
Hackbama Cyber Crimes InvestigationsHackbama Cyber Crimes Investigations
Hackbama Cyber Crimes InvestigationsKevin Cedeño, CISM, CISA
 
Identity Theft nigerian fraud cyberbullying
Identity Theft nigerian fraud cyberbullyingIdentity Theft nigerian fraud cyberbullying
Identity Theft nigerian fraud cyberbullyingMatt Smith
 
Data theft
Data theftData theft
Data theftLaura
 
Identity Theft Awareness 101 - Basics
Identity Theft Awareness 101 - BasicsIdentity Theft Awareness 101 - Basics
Identity Theft Awareness 101 - BasicsDeb Vosejpka
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentationcharlesgarrett
 
Why can’t police catch cyber criminals
Why can’t police catch cyber criminalsWhy can’t police catch cyber criminals
Why can’t police catch cyber criminalsChip Thornsburg
 
Breach of Privacy in the Age of Technology
Breach of Privacy in the Age of Technology Breach of Privacy in the Age of Technology
Breach of Privacy in the Age of Technology BriannaPrice5
 
What makes white collar crimes different from others
What makes white collar crimes different from others What makes white collar crimes different from others
What makes white collar crimes different from others Adam Quirk
 
Identity crisis
Identity crisisIdentity crisis
Identity crisisnnguyen10
 
Identity crisis
Identity crisisIdentity crisis
Identity crisisnnguyen10
 
Tips to Protect Your Organization from Data Breaches and Identity Theft
Tips to Protect Your Organization from Data Breaches and Identity TheftTips to Protect Your Organization from Data Breaches and Identity Theft
Tips to Protect Your Organization from Data Breaches and Identity TheftCase IQ
 
Data Breach Response: A Guide for Business
Data Breach Response: A Guide for BusinessData Breach Response: A Guide for Business
Data Breach Response: A Guide for Business- Mark - Fullbright
 
Webinar: Gathering Social Media Evidence
Webinar: Gathering Social Media EvidenceWebinar: Gathering Social Media Evidence
Webinar: Gathering Social Media EvidenceCase IQ
 
Case-Study-Cyber-Investigations-8-5-2015
Case-Study-Cyber-Investigations-8-5-2015Case-Study-Cyber-Investigations-8-5-2015
Case-Study-Cyber-Investigations-8-5-2015Timothy Nolan
 
What makes white collar crimes different from others
What makes white collar crimes different from othersWhat makes white collar crimes different from others
What makes white collar crimes different from othersAdam Quirk
 
IST Presentation
IST PresentationIST Presentation
IST Presentationguest1d1ed5
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Riskduffeeandeitzen
 
Advice iq safeguards against id theft
Advice iq safeguards against id theftAdvice iq safeguards against id theft
Advice iq safeguards against id theftBetter Financial Education
 
Not "If" but "When"
Not "If" but "When"Not "If" but "When"
Not "If" but "When"JoAnna Cheshire
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 

More Related Content

What's hot

H -Tech frauds of identity theft, Identity cloning and address mirroring
H -Tech frauds of identity theft, Identity cloning and address mirroringH -Tech frauds of identity theft, Identity cloning and address mirroring
H -Tech frauds of identity theft, Identity cloning and address mirroringGAURAV. H .TANDON
 
Identity Theft nigerian fraud cyberbullying
Identity Theft nigerian fraud cyberbullyingIdentity Theft nigerian fraud cyberbullying
Identity Theft nigerian fraud cyberbullyingMatt Smith
 
Data theft
Data theftData theft
Data theftLaura
 
Identity Theft Awareness 101 - Basics
Identity Theft Awareness 101 - BasicsIdentity Theft Awareness 101 - Basics
Identity Theft Awareness 101 - BasicsDeb Vosejpka
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentationcharlesgarrett
 
Why can’t police catch cyber criminals
Why can’t police catch cyber criminalsWhy can’t police catch cyber criminals
Why can’t police catch cyber criminalsChip Thornsburg
 
Breach of Privacy in the Age of Technology
Breach of Privacy in the Age of Technology Breach of Privacy in the Age of Technology
Breach of Privacy in the Age of Technology BriannaPrice5
 
What makes white collar crimes different from others
What makes white collar crimes different from others What makes white collar crimes different from others
What makes white collar crimes different from others Adam Quirk
 
Identity crisis
Identity crisisIdentity crisis
Identity crisisnnguyen10
 
Identity crisis
Identity crisisIdentity crisis
Identity crisisnnguyen10
 
Tips to Protect Your Organization from Data Breaches and Identity Theft
Tips to Protect Your Organization from Data Breaches and Identity TheftTips to Protect Your Organization from Data Breaches and Identity Theft
Tips to Protect Your Organization from Data Breaches and Identity TheftCase IQ
 
Data Breach Response: A Guide for Business
Data Breach Response: A Guide for BusinessData Breach Response: A Guide for Business
Data Breach Response: A Guide for Business- Mark - Fullbright
 
Webinar: Gathering Social Media Evidence
Webinar: Gathering Social Media EvidenceWebinar: Gathering Social Media Evidence
Webinar: Gathering Social Media EvidenceCase IQ
 
Case-Study-Cyber-Investigations-8-5-2015
Case-Study-Cyber-Investigations-8-5-2015Case-Study-Cyber-Investigations-8-5-2015
Case-Study-Cyber-Investigations-8-5-2015Timothy Nolan
 
What makes white collar crimes different from others
What makes white collar crimes different from othersWhat makes white collar crimes different from others
What makes white collar crimes different from othersAdam Quirk
 
IST Presentation
IST PresentationIST Presentation
IST Presentationguest1d1ed5
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Riskduffeeandeitzen
 

What's hot (20)

H -Tech frauds of identity theft, Identity cloning and address mirroring
H -Tech frauds of identity theft, Identity cloning and address mirroringH -Tech frauds of identity theft, Identity cloning and address mirroring
H -Tech frauds of identity theft, Identity cloning and address mirroring
 
Hackbama Cyber Crimes Investigations
Hackbama Cyber Crimes InvestigationsHackbama Cyber Crimes Investigations
Hackbama Cyber Crimes Investigations
 
Identity Theft nigerian fraud cyberbullying
Identity Theft nigerian fraud cyberbullyingIdentity Theft nigerian fraud cyberbullying
Identity Theft nigerian fraud cyberbullying
 
Data theft
Data theftData theft
Data theft
 
Identity Theft Awareness 101 - Basics
Identity Theft Awareness 101 - BasicsIdentity Theft Awareness 101 - Basics
Identity Theft Awareness 101 - Basics
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentation
 
Why can’t police catch cyber criminals
Why can’t police catch cyber criminalsWhy can’t police catch cyber criminals
Why can’t police catch cyber criminals
 
Breach of Privacy in the Age of Technology
Breach of Privacy in the Age of Technology Breach of Privacy in the Age of Technology
Breach of Privacy in the Age of Technology
 
What makes white collar crimes different from others
What makes white collar crimes different from others What makes white collar crimes different from others
What makes white collar crimes different from others
 
Identity crisis
Identity crisisIdentity crisis
Identity crisis
 
Identity crisis
Identity crisisIdentity crisis
Identity crisis
 
Tips to Protect Your Organization from Data Breaches and Identity Theft
Tips to Protect Your Organization from Data Breaches and Identity TheftTips to Protect Your Organization from Data Breaches and Identity Theft
Tips to Protect Your Organization from Data Breaches and Identity Theft
 
Data Breach Response: A Guide for Business
Data Breach Response: A Guide for BusinessData Breach Response: A Guide for Business
Data Breach Response: A Guide for Business
 
Webinar: Gathering Social Media Evidence
Webinar: Gathering Social Media EvidenceWebinar: Gathering Social Media Evidence
Webinar: Gathering Social Media Evidence
 
Case-Study-Cyber-Investigations-8-5-2015
Case-Study-Cyber-Investigations-8-5-2015Case-Study-Cyber-Investigations-8-5-2015
Case-Study-Cyber-Investigations-8-5-2015
 
What makes white collar crimes different from others
What makes white collar crimes different from othersWhat makes white collar crimes different from others
What makes white collar crimes different from others
 
IST Presentation
IST PresentationIST Presentation
IST Presentation
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
 
Advice iq safeguards against id theft
Advice iq safeguards against id theftAdvice iq safeguards against id theft
Advice iq safeguards against id theft
 
Not "If" but "When"
Not "If" but "When"Not "If" but "When"
Not "If" but "When"
 

Similar to Cyber security and fl data breach

Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Want a Security Clearance? This Is What You Need to Know
Want a Security Clearance? This Is What You Need to KnowWant a Security Clearance? This Is What You Need to Know
Want a Security Clearance? This Is What You Need to KnowCareer Communications Group
 
Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?Schellman & Company
 
Cyberattacks the-next-healthcare-epidemic
Cyberattacks the-next-healthcare-epidemicCyberattacks the-next-healthcare-epidemic
Cyberattacks the-next-healthcare-epidemicKate Barney
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
BEYA2021 The Top Secret: Applying for and Leveraging a Security Clearance
BEYA2021 The Top Secret: Applying for and Leveraging a Security Clearance BEYA2021 The Top Secret: Applying for and Leveraging a Security Clearance
BEYA2021 The Top Secret: Applying for and Leveraging a Security Clearance Career Communications Group
 
NumaanHuq_Hackfest2015
NumaanHuq_Hackfest2015NumaanHuq_Hackfest2015
NumaanHuq_Hackfest2015Numaan Huq
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
 
NENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social EngineeringNENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social EngineeringJack Kessler
 
Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Amy Purcell
 
FHRBOC Preventing NFP Banking Fraud
FHRBOC Preventing NFP Banking FraudFHRBOC Preventing NFP Banking Fraud
FHRBOC Preventing NFP Banking Fraudtomciolkosz
 
Preventing Nonprofit Banking Fraud and the Tools You Can Use!
Preventing Nonprofit Banking Fraud and the Tools You Can Use!Preventing Nonprofit Banking Fraud and the Tools You Can Use!
Preventing Nonprofit Banking Fraud and the Tools You Can Use!tomciolkosz
 
Want a Security clearance? This is what you need to know
Want a Security clearance? This is what you need to know Want a Security clearance? This is what you need to know
Want a Security clearance? This is what you need to know Career Communications Group
 
Identity Theft: Fallout, Investigation, and Prevention
Identity Theft: Fallout, Investigation, and PreventionIdentity Theft: Fallout, Investigation, and Prevention
Identity Theft: Fallout, Investigation, and Preventionfmi_igf
 
IDSHield Services and Features
IDSHield Services and FeaturesIDSHield Services and Features
IDSHield Services and FeaturesAntonio Muniz Olan
 
ID Shield Services and Features
ID Shield Services and Features ID Shield Services and Features
ID Shield Services and Features Antonia McClammy
 

Similar to Cyber security and fl data breach (20)

Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and Avoidance
 
Want a Security Clearance? This Is What You Need to Know
Want a Security Clearance? This Is What You Need to KnowWant a Security Clearance? This Is What You Need to Know
Want a Security Clearance? This Is What You Need to Know
 
Fraud Awareness
Fraud AwarenessFraud Awareness
Fraud Awareness
 
Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?
 
Cyberattacks the-next-healthcare-epidemic
Cyberattacks the-next-healthcare-epidemicCyberattacks the-next-healthcare-epidemic
Cyberattacks the-next-healthcare-epidemic
 
ASIS Phoenix February Presentation
ASIS Phoenix February PresentationASIS Phoenix February Presentation
ASIS Phoenix February Presentation
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and Avoidance
 
Identity Theft.pptx
Identity Theft.pptxIdentity Theft.pptx
Identity Theft.pptx
 
BEYA2021 The Top Secret: Applying for and Leveraging a Security Clearance
BEYA2021 The Top Secret: Applying for and Leveraging a Security Clearance BEYA2021 The Top Secret: Applying for and Leveraging a Security Clearance
BEYA2021 The Top Secret: Applying for and Leveraging a Security Clearance
 
NumaanHuq_Hackfest2015
NumaanHuq_Hackfest2015NumaanHuq_Hackfest2015
NumaanHuq_Hackfest2015
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
 
NENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social EngineeringNENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social Engineering
 
Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013
 
FHRBOC Preventing NFP Banking Fraud
FHRBOC Preventing NFP Banking FraudFHRBOC Preventing NFP Banking Fraud
FHRBOC Preventing NFP Banking Fraud
 
Preventing Nonprofit Banking Fraud and the Tools You Can Use!
Preventing Nonprofit Banking Fraud and the Tools You Can Use!Preventing Nonprofit Banking Fraud and the Tools You Can Use!
Preventing Nonprofit Banking Fraud and the Tools You Can Use!
 
Want a Security clearance? This is what you need to know
Want a Security clearance? This is what you need to know Want a Security clearance? This is what you need to know
Want a Security clearance? This is what you need to know
 
Identity Theft: Fallout, Investigation, and Prevention
Identity Theft: Fallout, Investigation, and PreventionIdentity Theft: Fallout, Investigation, and Prevention
Identity Theft: Fallout, Investigation, and Prevention
 
IDSHield Services and Features
IDSHield Services and FeaturesIDSHield Services and Features
IDSHield Services and Features
 
ID Shield Services and Features
ID Shield Services and Features ID Shield Services and Features
ID Shield Services and Features
 

More from Rob Jackson

Cai employment law crash course - short
Cai employment law crash course - shortCai employment law crash course - short
Cai employment law crash course - shortRob Jackson
 
Legal trends shrm
Legal trends shrmLegal trends shrm
Legal trends shrmRob Jackson
 
Robs Rules for dentists 2017
Robs Rules for dentists 2017 Robs Rules for dentists 2017
Robs Rules for dentists 2017 Rob Jackson
 
Bay County Chamber Employment Town Hall 2016
Bay County Chamber Employment Town Hall 2016 Bay County Chamber Employment Town Hall 2016
Bay County Chamber Employment Town Hall 2016 Rob Jackson
 
Seminar dental contracts
Seminar dental contractsSeminar dental contracts
Seminar dental contractsRob Jackson
 
Rob's Rules - Employment Rules to Live By
Rob's Rules - Employment Rules to Live ByRob's Rules - Employment Rules to Live By
Rob's Rules - Employment Rules to Live ByRob Jackson
 
Finding a Cure for your Collections - Bays Medical Society
Finding a Cure for your Collections - Bays Medical SocietyFinding a Cure for your Collections - Bays Medical Society
Finding a Cure for your Collections - Bays Medical SocietyRob Jackson
 

More from Rob Jackson (7)

Cai employment law crash course - short
Cai employment law crash course - shortCai employment law crash course - short
Cai employment law crash course - short
 
Legal trends shrm
Legal trends shrmLegal trends shrm
Legal trends shrm
 
Robs Rules for dentists 2017
Robs Rules for dentists 2017 Robs Rules for dentists 2017
Robs Rules for dentists 2017
 
Bay County Chamber Employment Town Hall 2016
Bay County Chamber Employment Town Hall 2016 Bay County Chamber Employment Town Hall 2016
Bay County Chamber Employment Town Hall 2016
 
Seminar dental contracts
Seminar dental contractsSeminar dental contracts
Seminar dental contracts
 
Rob's Rules - Employment Rules to Live By
Rob's Rules - Employment Rules to Live ByRob's Rules - Employment Rules to Live By
Rob's Rules - Employment Rules to Live By
 
Finding a Cure for your Collections - Bays Medical Society
Finding a Cure for your Collections - Bays Medical SocietyFinding a Cure for your Collections - Bays Medical Society
Finding a Cure for your Collections - Bays Medical Society
 

Recently uploaded

Trial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionTrial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionNilamPadekar1
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书SD DS
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书SS A
 
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书Fir L
 
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptFINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptjudeplata
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书Fir sss
 
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一st Las
 
Why Every Business Should Invest in a Social Media Fraud Analyst.pdf
Why Every Business Should Invest in a Social Media Fraud Analyst.pdfWhy Every Business Should Invest in a Social Media Fraud Analyst.pdf
Why Every Business Should Invest in a Social Media Fraud Analyst.pdfMilind Agarwal
 
如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书Fir L
 
Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126Oishi8
 
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书FS LS
 
Offences against property (TRESPASS, BREAKING
Offences against property (TRESPASS, BREAKINGOffences against property (TRESPASS, BREAKING
Offences against property (TRESPASS, BREAKINGPRAKHARGUPTA419620
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书SD DS
 
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书Fs Las
 
Arbitration, mediation and conciliation in India
Arbitration, mediation and conciliation in IndiaArbitration, mediation and conciliation in India
Arbitration, mediation and conciliation in IndiaNafiaNazim
 
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSVIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSDr. Oliver Massmann
 
A Short-ppt on new gst laws in india.pptx
A Short-ppt on new gst laws in india.pptxA Short-ppt on new gst laws in india.pptx
A Short-ppt on new gst laws in india.pptxPKrishna18
 

Recently uploaded (20)

Old Income Tax Regime Vs New Income Tax Regime
Old Income Tax Regime Vs New Income Tax RegimeOld Income Tax Regime Vs New Income Tax Regime
Old Income Tax Regime Vs New Income Tax Regime
 
Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...
Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...
Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...
 
Trial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionTrial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 sedition
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书
 
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
 
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptFINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书
 
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
 
Why Every Business Should Invest in a Social Media Fraud Analyst.pdf
Why Every Business Should Invest in a Social Media Fraud Analyst.pdfWhy Every Business Should Invest in a Social Media Fraud Analyst.pdf
Why Every Business Should Invest in a Social Media Fraud Analyst.pdf
 
如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书
 
Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126
 
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
 
Offences against property (TRESPASS, BREAKING
Offences against property (TRESPASS, BREAKINGOffences against property (TRESPASS, BREAKING
Offences against property (TRESPASS, BREAKING
 
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
 
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
 
Arbitration, mediation and conciliation in India
Arbitration, mediation and conciliation in IndiaArbitration, mediation and conciliation in India
Arbitration, mediation and conciliation in India
 
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSVIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
 
A Short-ppt on new gst laws in india.pptx
A Short-ppt on new gst laws in india.pptxA Short-ppt on new gst laws in india.pptx
A Short-ppt on new gst laws in india.pptx
 

Cyber security and fl data breach

  • 1. CYBER SECURITY & FLORIDA’S DATA BREACH LAW IT’S A BRAVE NEW WORLD
  • 2. Who are these Geeks? Rob Jackson Randall Garner
  • 3. Before We Get Started . . . Quick Survey
  • 4. Outline of Presentation Cyber Security is an Oxymoron I’ve Been Hacked, Now What? What Can You Do
  • 5. Cyber Security is an Oxymoron • Your kidding me right? • You and your data will never, EVER, be 100% guaranteed safe online. • If connected - vulnerable
  • 6. Cyber Security is an Oxymoron • Huge, rapidly growing problem • Now No.1 Future Business Threat by CEO’s • 40% believe they are “unavoidable” • “Career ending” Risk
  • 7. Number of Breaches & Records
  • 9. School Attacks since 2016 356 since Jan 2016
  • 12. Resources on Educational Attacks • https://k12cybersecure.com/ • https://www.databreaches.net/category/ breach-reports/education-sector/
  • 13. Types of Attacks • Brute Force • DDOS • Ransomware • Phishing • Spear Phishing • Man in the Middle
  • 14. Types of Attacks – Brute Force • Guess your password • Exhaustive Key Search • Don’t use “password” or “123456” • Longer Password – harder to break • Password = access = control
  • 15. Types of Attacks – DDOS • Distributed Denial of Service • “Take down” a Target with massive Traffic • Relies on the way the internet works • Botnets through malware • Retailers primarily at risk • Education – reputational damage
  • 16. DDOS attack Traffic to Overwhelm a Website. Best – slow Worse - down
  • 17. Types of Attacks – Ransomware • Program that encrypts your files • Will send you the key for $$$$ • Encryption is unbreakable • Holding Your Own Data Hostage • Pay or Reinstall Data • Working Back Ups are Critical
  • 18. Types of Attacks – Phishing • Fake Emails • Designed to Look Reputable • Logos, Language, etc • Get you to Click on a link • Download malware • Keylogger, Ransomware, Adware, etc. . .
  • 19. Types of Attacks – Spear Phishing • Specifically Targeted Fake Email • Personalized to Victim • Some Prior Research (online) • Goal same - Get you to Click on a link • Download malware • Again, Password = access = control
  • 20. Types of Attacks – Man in the Middle • Attacker in the “middle” of communications between two other people. Impersonation. • Can gather data or communications • Can watch and monitor, wait to take action • Dangerous - relies on trust • Financial Depts – Wire Fraud
  • 21. Man in The Middle – Spear Phish
  • 23. I’ve Been Hacked, Now What? • Incident Response Plan • DOE Reporting Requirements • Florida’s Data Breach Law • Civil Liability • Reputational Damage
  • 24. Incident Response Plan • Contain the Breach • Identify Type and Scope • Preserve Evidence • Notify Authorities or Insurance as needed • Disclosure, if necessary • Lessons Learned and Training
  • 25. Disclosure Requirements - Generally • Often Depends on if Data Accessed • Website Hack - doubtful • Ransomware - doubtful • Phishing . Spear phishing - depends • Server Breach - depends
  • 26. DOE Reporting Requirements • FERPA does not require institutions to adopt specific security controls, it does require the use of “reasonable methods” to safeguard student records (34 CFR § 99.31) • No Disclosure Requirement . . For now
  • 27. Florida’s Data Breach Law • Passed in 2014 • Florida Statute § 501.171 • Not well known • Protects Personal Information of FL Residents • Coverage includes Gov’t Entities
  • 28. Personal Information includes: • first name or first initial and last name in combination with: • SSN • DL or ID card number issued by gov’t used to verify identity; • Financial account numbers in combination with any required security code, access code, or password for access • Medical history or Treatments • Health Ins Policy Number • Email in combination with a password or security question
  • 29. PI Does NOT include: • Information Made Available to Public by a Gov’t Entity • Encrypted Info or Data • Deidentified Info
  • 30. Florida’s Data Breach Law • Obligation to take “reasonable” measure to protect data • “Reasonable” measure to dispose of data • Fines by State for violations • No Private Cause of Action
  • 31. Florida’s Data Breach Law - Notice Written Notice to Dept (Legal Affairs) if Breach affecting 500 or more not later than 30 days after discovery • Notice Includes: 1. Synopsis 2. Numbers of persons affected 3. Breach related protection being offered 4. Copy of Notice to Individuals, if required 5. POC
  • 32. Florida’s Data Breach Law - Notice Must Also Provide to Dept Upon Request: 1. A police report, incident report, or computer forensics report. 2. A copy of the policies in place regarding breaches. 3. Steps that have been taken to rectify the breach.
  • 33. Florida’s Data Breach Law - Notice • Notice to Individuals Who PI was Accessed Required • Seems to Apply to Even a Single Breach / Person • UNLESS: • after an appropriate investigation and consultation with relevant federal, state, or local law enforcement agencies, the covered entity reasonably determines that the breach has not and will not likely result in identity theft or any other financial harm to the individuals whose personal information has been accessed • Keep written records for 5 years • Notice to Dept still required if over 500
  • 34. Florida’s Data Breach Law - Fines • Treated as Unfair or Deceptive Trade Practice • Action brought by AG’s Office • Fines not to exceed $500,000, per breach • $1000 / day for first 30 days • $50,000 every month thereafter • Lesson: DON’T DELAY Investigation and Notice
  • 35. FL Data Breach Law – Bottom Line • Don’t Forget About This Statute • Detailed Reading of Statute Required To Ensure Compliance • Investigate Promptly and Provide Notice as Required • Maintain Appropriate Records of all Actions • No Case Law or AG Opinions Yet
  • 36. I’ve Been Hacked, Now What? • Civil Liability • Reputational Damage
  • 37. What Can You Do? • Good IT Department or Consultant • Buy Cyber Insurance • Back Ups – Test Often • Good Policies in Place • Wire Fraud, Financial, Sensitive Data • Employee Training – KnowBe4, others
  • 38. Cyber Security & Data Breach Questions?