Examining the Recently Introduced New York Department of Financial Services Regulation

A Q&A with Alice Kane and Philip Goldstein of Duane Morris, LLP

Acknowledging the degree to which cyber theft poses a threat to the insurance industry, the New York Department of Financial Services (NYDFS) issued a proposed cybersecurity regulation in September. We talked to Alice Kane and Philip Goldstein, attorneys at Duane Morris, LLP about the regulation and its implications for the insurance industry.

Continue Reading

A Closer Look at the 2016 Cyber Claims Study

 Guest Author: Dane Greisiger

dane

A Q&A with Patrick Florer and Heather Goodnight-Hoffmann

The annual NetDiligence® Cyber Claims Study examines reported claims by leading insurers to assess the true costs of data breaches. As we unveil the 2016 study, I spoke with Patrick Florer and Heather Goodnight-Hoffmann of Risk Centric Security who compiled the data and analyzed its results.

Continue Reading

Mitigating Phishing Threats

A Q&A with Bob Bell and Luke Emrich of RSM US; Sudhir Bhati of Symantec; and Ondrej Krehel of LIFARS

Once a crude way for hackers to gain access to sensitive data, phishing attempts have now become increasingly sophisticated and more commonplace. Most concerning, this attack vector relies almost completely on human error, making it a difficult challenge to stamp out. We spoke with several experts—Bob Bell and Luke Emrich of RSM US, Sudhir Bhatti of Symantec and Ondrej Krehel of LIFARS—about how organizations can better arm themselves to avoid phishing scams. Their recommendations fell into three basic categories: training, technology and a combination of training and monitoring.

Continue Reading

Breach Coach® 101

A Q&A with Chris DiIenno, Esq. of Lewis Brisbois

Breach Coach® (es) are first responders on the scene of a data loss event and companies are increasingly hiring these cyber security experts to help manage their incident response. We asked Chris DiIenno about his work in this area and his advice to companies facing a data breach.

Continue Reading

Law Firms and Data Breaches: Sensitive Data and Dangerous Practices

A Q&A with Jay Edelson of Edelson PC

Hacking incidents at law firms have led to major data breach events in recent months. Even as all law firms store and handle sensitive client data, many of the smaller organizations tend to lack robust cybersecurity policies and procedures. I spoke with attorney Jay Edelson of Edelson PC about the cases he is bringing on behalf of plaintiffs and what law firms should be doing to avoid or minimize these events.

Continue Reading

Ransomware v2: Facing the Latest Cyber Security Threats

A Q&A with Winston Krone of Kivu Consulting

There’s no doubt that ransomware attacks are on the rise and they’re becoming more insidious. I spoke with Winston Krone, global managing director of Kivu Consulting about what the latest version of ransomware looks like and what risk managers should do if it strikes their organization.

Continue Reading

Mobile Payments: How Much Risk Is Too Much?

 

NFC - Near field communication, mobile payment

A Q&A with David Herron, Chief Legal Officer of Hyperwallet

In a 2015 ISACA survey of cybersecurity experts, almost 50 percent of respondents stated that they believed mobile payments are not secure, citing issues like wi-fi, stolen devices and weak passwords as the most prominent worries. I spoke with David Herron, chief legal officer of Hyperwallet, about the reality of mobile payment security and what risk managers should be doing to protect their organizations.

Continue Reading

Ransomware Dos and Don’ts

A Q&A with John Mullen of Lewis Brisbois

In recent months, ransomware attacks have become more frequent, particularly in the healthcare space. While these attacks with their demand for payment give their victims few options for responding, companies can still prepare themselves to act quickly and effectively. Better yet, they can avoid ransom-seeking malware in the first place with sound security policies. I spoke with attorney John Mullen of Lewis Brisbois about best practices.

Continue Reading

Forecasting the Impact of the GDPR

A Q&A with Hans Allnutt of DAC Beachcroft, LLP

Adopted in May, the sweeping General Data Protection Regulation (GPDR) replaces the E.U.’s long-outdated Directive 95/46/EC. The privacy regulation, which takes effect after a two-year transition period, calls for steeper sanctions and fines for violations. To find out more about what its adoption will mean for risk managers, I spoke with Hans Allnutt of DAC Beachcroft, LLP.

Continue Reading

A New Legal Approach to Defending Email Privacy

A Q&A with Ray Gallo of Gallo LLP

In January, University of California Berkley students brought a claim against Google alleging that the company was violating the Electronic Communications Privacy Act by using college emails to target ads to the students. I asked attorney Ray Gallo about his work on behalf of the students and how this case, which is currently focused on individuals and not a large class action, is different from its predecessors both in scope and strategy.

Continue Reading

No more posts.