Breach Coach® 101

A Q&A with Chris DiIenno, Esq. of Lewis Brisbois

Breach Coach® (es) are first responders on the scene of a data loss event and companies are increasingly hiring these cyber security experts to help manage their incident response. We asked Chris DiIenno about his work in this area and his advice to companies facing a data breach.

Continue Reading

Law Firms and Data Breaches: Sensitive Data and Dangerous Practices

A Q&A with Jay Edelson of Edelson PC

Hacking incidents at law firms have led to major data breach events in recent months. Even as all law firms store and handle sensitive client data, many of the smaller organizations tend to lack robust cybersecurity policies and procedures. I spoke with attorney Jay Edelson of Edelson PC about the cases he is bringing on behalf of plaintiffs and what law firms should be doing to avoid or minimize these events.

Continue Reading

Ransomware v2: Facing the Latest Cyber Security Threats

A Q&A with Winston Krone of Kivu Consulting

There’s no doubt that ransomware attacks are on the rise and they’re becoming more insidious. I spoke with Winston Krone, global managing director of Kivu Consulting about what the latest version of ransomware looks like and what risk managers should do if it strikes their organization.

Continue Reading

Mobile Payments: How Much Risk Is Too Much?

 

NFC - Near field communication, mobile payment

A Q&A with David Herron, Chief Legal Officer of Hyperwallet

In a 2015 ISACA survey of cybersecurity experts, almost 50 percent of respondents stated that they believed mobile payments are not secure, citing issues like wi-fi, stolen devices and weak passwords as the most prominent worries. I spoke with David Herron, chief legal officer of Hyperwallet, about the reality of mobile payment security and what risk managers should be doing to protect their organizations.

Continue Reading

Ransomware Dos and Don’ts

A Q&A with John Mullen of Lewis Brisbois

In recent months, ransomware attacks have become more frequent, particularly in the healthcare space. While these attacks with their demand for payment give their victims few options for responding, companies can still prepare themselves to act quickly and effectively. Better yet, they can avoid ransom-seeking malware in the first place with sound security policies. I spoke with attorney John Mullen of Lewis Brisbois about best practices.

Continue Reading

Forecasting the Impact of the GDPR

A Q&A with Hans Allnutt of DAC Beachcroft, LLP

Adopted in May, the sweeping General Data Protection Regulation (GPDR) replaces the E.U.’s long-outdated Directive 95/46/EC. The privacy regulation, which takes effect after a two-year transition period, calls for steeper sanctions and fines for violations. To find out more about what its adoption will mean for risk managers, I spoke with Hans Allnutt of DAC Beachcroft, LLP.

Continue Reading

A New Legal Approach to Defending Email Privacy

A Q&A with Ray Gallo of Gallo LLP

In January, University of California Berkley students brought a claim against Google alleging that the company was violating the Electronic Communications Privacy Act by using college emails to target ads to the students. I asked attorney Ray Gallo about his work on behalf of the students and how this case, which is currently focused on individuals and not a large class action, is different from its predecessors both in scope and strategy.

Continue Reading

Paying Ransom

RansomwareA Q&A with Luke Emrich of RSM

Recently, a lawyer contacted us, inquiring about how to find and obtain bitcoins for a client’s data that was being held ransom. As ransomware becomes more common, more organizations will need to ask hard questions about how and when to pay off criminals to protect their data. I spoke with Luke Emrich, security and privacy supervisor at RSM US about this growing phenomenon and what organizations need to know.

Continue Reading

FCC’s Privacy Protections for Telecommunications Carriers

A Q&A with Sara Hutchins Jodka of McDonald Hopkins

The Federal Communications Commission alerted telecommunications and interconnected VolP service providers that the annual privacy certification for Customer Proprietary Network Information (CPNI) was due on March 1, 2016, and also warned that similar obligations would soon be required of broadband providers. I spoke with Sara Hutchins Jodka, senior counsel at McDonald Hopkins, about the implications for the telecommunications industry, and what companies can do to shore up their privacy protections.

Continue Reading

Delving Into California’s Data Security Report

CaliforniaA Q&A with Tanya Forsheit of BakerHostetler

In February California Attorney General Kamala Harris released her state’s data breach report and outlined “reasonable” security measures that companies should employ to avoid enforcement actions. I talked to litigator Tanya Forsheit about the AG’s recommendations and how companies should address them.

Continue Reading

No more posts.