Eight Strategies to Reduce Your Risk in the Event of A Data Breach Sheryl Falk December 10, 2013.

Slides:



Advertisements
Similar presentations
You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…
Advertisements

Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Chapter 1 The Study of Body Function Image PowerPoint
RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) Customer Supplier Customer authorizes Enrollment ( )
Document #07-12G 1 RXQ Customer Enrollment Using a Registration Agent Process Flow Diagram (Switch) Customer Supplier Customer authorizes Enrollment.
Document #07-12G 1 RXQ Customer Enrollment Using a Registration Agent Process Flow Diagram (Switch) Customer Supplier Customer authorizes Enrollment.
Document #07-2I RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) (mod 7/25 & clean-up 8/20) Customer Supplier.
Aviation Security Training Module 4 Design and Conduct Exercise II 1.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Human Service Providers and Referrals Chapter 5. Human Service Providers and Referrals 5-2 Objectives Demonstrate the process for entering a Human Service.
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
Webinar: June 6, :00am – 11:30am EDT The Community Eligibility Option.
Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Site Safety Plans PFN ME 35B.
Module 3: Developing Plans
MOSS ADAMS LLP | 1 W HAT I S S ENSITIVE D ATA ? Whats the Risk and What Do We Do About It? Weston Nelson Steve Fineberg Steven Gin.
Privacy Impact Assessment Future Directions TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
P-Card User Guide Standard Profile July RCNJ-BOA Purchasing Card User Guide – Standard Profile Ramapo College and Bank of America VISA Procurement.
Using Family Connection Online Resource for Planning & Advising.
Configuration management
HIGH-RISK: FOREIGN CORRESPONDENT BANKING
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Customer Service.
1 Undirected Breadth First Search F A BCG DE H 2 F A BCG DE H Queue: A get Undiscovered Fringe Finished Active 0 distance from A visit(A)
VOORBLAD.
Checking & Corrective Action
Determining the Significant Aspects
BIOLOGY AUGUST 2013 OPENING ASSIGNMENTS. AUGUST 7, 2013  Question goes here!
Basel-ICU-Journal Challenge18/20/ Basel-ICU-Journal Challenge8/20/2014.
CONTROL VISION Set-up. Step 1 Step 2 Step 3 Step 5 Step 4.
© 2012 National Heart Foundation of Australia. Slide 2.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Understanding Generalist Practice, 5e, Kirst-Ashman/Hull
Functional Areas & Positions
By CA. Pankaj Deshpande B.Com, FCA, D.I.S.A. (ICA) 1.
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
25 seconds left…...
Visual 3.1 Delegation of Authority & Management by Objectives Unit 3: Delegation of Authority & Management by Objectives.
H to shape fully developed personality to shape fully developed personality for successful application in life for successful.
Januar MDMDFSSMDMDFSSS
Week 1.
Internal Control and Control Risk
We will resume in: 25 Minutes.
©Brooks/Cole, 2001 Chapter 12 Derived Types-- Enumerated, Structure and Union.
1 Phase III: Planning Action Developing Improvement Plans.
PSSA Preparation.
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder Fraud Auditing Chapter 11.
Abuse Prevention and Response Protocol.
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
The Zero Hour Phone Call How to Respond to a Data Breach to Minimize your Legal Risk Sheryl Falk April 4, 2013 © 2013 Winston & Strawn LLP.
Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.
LAW SEMINARS INTERNATIONAL CLOUD COMPUTING: LAW, RISKS AND OPPORTUNITIES Developing Effective Strategies for Compliance With the HITECH Act and HIPAA’s.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.
New EU General Data Protection Regulation Conference 2016 Managing a Data Breach Prevention-Detection-Mitigation By Gerard Joyce Dun Laoghaire Feb 24 th.
Investigations: Strategies and Recommendations (Hints and Tips) Leah Lane, CFE Director, Global Investigations, Texas Instruments, Inc.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
E&O Risk Management: Meeting the Challenge of Change
Protection of CONSUMER information
Chapter 3: IRS and FTC Data Security Rules
Red Flags Rule An Introduction County College of Morris
Colorado “Protections For Consumer Data Privacy” Law
Anatomy of a Common Cyber Attack
Presentation transcript:

Eight Strategies to Reduce Your Risk in the Event of A Data Breach Sheryl Falk December 10, 2013

Are you ready for a Data breach? 2

Costs of Data Breach 3

Q: What is a Data Breach? 4 A Data breach is the intentional or unintentional release of secure information to an untrusted environment.

1. External Threats: Cybercriminals/ Hackers 5

2. External Threats: Vendors/Subcontractors 6

3. Insider Threat: Employee Theft 7

Examples of Trade Secret information marketing strategies manufacturing techniques manufacturing materials computer algorithms a new invention (for which a patent application has not yet been filed) a formula for a sports drink survey methods used by professional pollsters Customer lists and information 8

Lost laptop or device containing company data, turning off encryption, not updating security patches, leaving computer on at night, simple passwords, use of public WiFi, stolen laptop, ing company information to home address, unnecessary use of social security numbers, use of social media at work, clicking on unfamiliar links, failure to monitor URL address, using found USB stick, outsourcing data to vendor without security due diligence, using company guest WiFi to access secure information from personal devices, failure to follow security policies, sharing passwords, misdirected s with PII, foolishness, falling for phishing, written passwords next to computer. 4. Insider Threat: Negligent Employees 9 35%

10

Data Breach Detection 11 Less than 2% of breaches are detected in the first 24 hours Less than 46% of breaches are detected in the first 30 days 60% of breaches have data exfiltrated in first 24 hours Over 92% of breaches are discovered by a third party Less than 40% are contained within a week of discovery 2012 Verizon Data Breach Report

12

13 1 Follow your Data Breach Response Plan

Develop a written Plan Assemble your Team Identify your vendor partners Test your Plan Plan your Data Breach Response 14

15 2 Conduct a Privileged Investigation

Investigation Steps Identify all affected data, machines and devices Preserve Evidence Understand how the data was protected Develop the Record Conduct interviews with key personnel Document evidence and findings carefully Quantify the exposure of data compromised Track your costs 16

17 3 Assess Notification Obligations

Federal or State authorities Depends type of information at issue/threshold numbers affected SEC Report Requirement Impacted individuals Applicable law is where individual resides International Considerations Legal implications of failing to properly notify Who do you have to Notify? 18

Texas Bus. & Com. Code A person who conducts business in this state and owns or licenses computerized data that includes sensitive personal information shall disclose any breach…to any individual whose sensitive personal information…believed to have been acquired by an unauthorized person. Texas Data Breach Statute Extraterritorial Application Civil penalty up to $250,000 per breach 19

20 4 Cooperate with Regulators/AGs

Responding to the AG/Regulators 21 Maintain your credibility Negotiate terms of requests Circulate a hold for document destruction Advocate your story

22 5 Develop Communications Strategies

Effectively Communicate about Breach Have a Breach Communications Plan Communicate breach facts accurately and quickly –Understand and follow breach notification timetables –Stay focused and concise –Be prepared to update with new information What you might offer: –Information about security freezes and credit monitoring –Contact information for credit reporting agencies, FTC or state authorities –Central ombudsman for all questions –Credit monitoring or identity restoration services –Coupons or gift certificates 23

24 6 Check Privacy/Data Security Policies

Good to Know We aim to provide you with the worlds strongest security and privacy tools. Security and privacy matter to us, we know how important they are to you and we work hard to get them right. What have you represented you would do? 25

26 7 Check for Potential Insurance Coverage

Do you have insurance coverage? 27

28 8 Assess the Effectiveness of your Response

How did the team respond? What can be improved in response/investigation? What security issues can be tightened up? Modify your plan/procedures if necessary After Action Event Review 29

30 SUMMARY 1Follow your Data Breach Response Plan 2Conduct a Privileged Investigation 3Assess Notification Obligations 4Cooperate with Regulators/AGS 5Develop Communication Strategies 6Check Privacy/Data Security Representations 7Check for potential insurance Coverage 8Assess the Effectiveness of Your Response

Sheryl Falk

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.