Presentation is loading. Please wait.

Presentation is loading. Please wait.

TOP 5 CYBERSECURITY ISSUES CFOS NEED TO KNOW IN A CONNECTED, MOBILE WORLD BRAD FRAZER | PRESENTED ON 06/08/16.

Published byLaura Warner Modified over 8 years ago

Similar presentations

Presentation on theme: "TOP 5 CYBERSECURITY ISSUES CFOS NEED TO KNOW IN A CONNECTED, MOBILE WORLD BRAD FRAZER | PRESENTED ON 06/08/16."— Presentation transcript:

1 TOP 5 CYBERSECURITY ISSUES CFOS NEED TO KNOW IN A CONNECTED, MOBILE WORLD BRAD FRAZER bfrazer@hawleytroxell.com | 208.388.4875 @bfrazjd PRESENTED ON 06/08/16 TO: Treasure Valley CFO Forum

2 BRAD’S TOP FIVE… 1.Data Breach, Privacy and Your Reporting Obligations (Your Cybersecurity Response Plan) 2.Inoculating the Enterprise Against Social Engineering Hacks (phishing, new gTLDs) 3.Legal Issues with Moving to the Cloud and Engaging with a Cloud Vendor 4.Cyberliability Insurance 5.Cybersecurity Implications of the Move to Mobile

3 TODAY’S PREMISE? YOU’VE BEEN HACKED. Now what? The typical stages: –Denial –Dawning awareness –Anxiety –Panic –Desperation

4 TODAY’S PREMISE? WHY IS THIS NOT JUST AN IT OR LEGAL PROBLEM? CONSIDER: 1. What is being stolen? –Financial data –Insider information –Trade secrets –Intellectual property 2. Financial harm to the enterprise

5 TODAY’S PREMISE? EXAMPLES: Actual hack (tools and brute force) Website defacement Social engineering hack (or, open port) Ransomware Compromised sites Spear phishing

6 DATA BREACH, PRIVACY AND YOUR REPORTING OBLIGATIONS Your cybersecurity response plan assumes you are going to be hacked. NOW WHAT? It is incorrect to assume that because your data is in the cloud it is the cloud vendor’s problem. It remains your problem unless you’ve contracted it away, and you haven’t.

7 IMMEDIATE LEGAL IMPLICATIONS If you get hacked, you could be sued civilly for breach of contract (NDA, privacy policy, warranty) or statutory cause of action. If you get hacked, you could receive an enforcement action from a state AG. If you get hacked, statutory remedies under e.g., HIPAA, GLB or Massachusetts’ law might be imposed.

8 SUGGESTED RESPONSE PLAN 1.Close the security hole or shut down the site to stop the accrual of new losses. 2.Keep and preserve all server logs before and after the hack. 3.Report the hack to your web hosting company and review your contract with it to see what warranties were made regarding data security.

9 SUGGESTED RESPONSE PLAN (CONT’D) 4.Be aware of regulatory environment i.Privacy (HIPAA, GLB) ii.Security 5.Be IMMEDIATELY cognizant of your data breach reporting obligations. 6.Contact local police and the FBI to report the hack.

10 SUGGESTED RESPONSE PLAN (CONT’D) 7.Be prepared to report the event to your insurance company under your cyberliability coverage. 8.Be prepared to offer remediation to affected customers. 9.Review your data security practices and identify any potential security gaps. 10.Call your lawyer.

11 INOCULATING THE ENTERPRISE AGAINST SOCIAL ENGINEERING HACKS Top-down mandate at enterprise level HR, Legal and IT must be in harmony Training is critical Penalties for non-compliance must be enforced Example: Recent rise in CEO spear phishing attacks: discuss

12

13

14 LEGAL ISSUES WITH MOVING TO THE CLOUD AND ENGAGING WITH A CLOUD VENDOR Termination rights Privacy –What happens when there is a hack? –Sharing (physical or virtual) Security –Physical and network security? –What happens when there is a hack?

15 Data Ownership and Storage (“Big Data”) –Who owns the data? What Regulatory Laws Apply and How Will They be Met? (e.g., HIPAA, GLB, COPPA) How Will Migrating Data be Handled? Warranty (SLA) LEGAL ISSUES WITH MOVING TO THE CLOUD AND ENGAGING WITH A CLOUD VENDOR

16 Cannot give what you do not have— policies and warranties Indemnification –What happens if you get sued? Limitation of Liability Venue and Choice of Law Data Breach Reporting—whose job? LEGAL ISSUES WITH MOVING TO THE CLOUD AND ENGAGING WITH A CLOUD VENDOR

17 CYBERLIABILITY INSURANCE Hard to find Typically expensive Should cover: –Data Breach Reporting Obligations –Online advertising injury –Intellectual property infringement allegations –Related privacy lawsuits against you –Theft of IP

18 CYBERSECURITY IMPLICATIONS OF THE MOVE TO MOBILE See next two slides

19 CYBERSECURITY IMPLICATIONS OF THE MOVE TO MOBILE

20

21 Increased opportunities for mischief Contract modifications IP infringements Defamation Just numerically, more access points into the enterprise E.g., foreign travel example from FBI

22 PROACTIVE SUGGESTIONS AND KEY TAKE-AWAYS 1.Make sure you own your data—ALL your data. 2.You should be actively monitoring for hacks and not relying on cloud vendor. 3.Negotiate the best contract you can. 4.Get good insurance. 5.DBRO—Data Breach Reporting Obligations 6.Implement employee policies and training. 7.Encrypt your data. 8.Response plan in place.

23 THANK YOU! BRAD FRAZER bfrazer@hawleytroxell.com | 208.388.4875 @bfrazjd

Download ppt "TOP 5 CYBERSECURITY ISSUES CFOS NEED TO KNOW IN A CONNECTED, MOBILE WORLD BRAD FRAZER | PRESENTED ON 06/08/16."

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
1 TOP TEN LEGAL OVERSIGHTS THAT CAN SHUT DOWN YOUR WEBSITE © 2007 Brett J. Trout www.bretttrout.com.

1 TOP TEN LEGAL OVERSIGHTS THAT CAN SHUT DOWN YOUR WEBSITE © 2007 Brett J. Trout
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Basics of Liability Liability Issues and Coverage.

Basics of Liability Liability Issues and Coverage.
BLG E-COMMERCE RISKS: RISK MANAGEMENT IN PROFESSIONAL INDEMNITY KIT BURDEN PARTNER, BARLOW LYDE & GILBERT KIT BURDEN PARTNER, BARLOW LYDE & GILBERT.

BLG E-COMMERCE RISKS: RISK MANAGEMENT IN PROFESSIONAL INDEMNITY KIT BURDEN PARTNER, BARLOW LYDE & GILBERT KIT BURDEN PARTNER, BARLOW LYDE & GILBERT.
Section 34.2 Handling Business Risks

Section 34.2 Handling Business Risks
1 Social Media: Strategy and Implementation Are you protected? Amy D. Cubbage & Cynthia L. Effinger.

1 Social Media: Strategy and Implementation Are you protected? Amy D. Cubbage & Cynthia L. Effinger.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Recent Trends and Insurance Considerations March 2015

Recent Trends and Insurance Considerations March 2015
Copyright 2014 TOP TEN LEGAL ISSUES WITH. NUMBER 10: Are we friends?

Copyright 2014 TOP TEN LEGAL ISSUES WITH. NUMBER 10: Are we friends?
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius 4444 50% Hiscox 33 50% to May 2010, replaced.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.

Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.
Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan.

Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan.
Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

Similar presentations

Ads by Google