Biometrics and Privacy Law

A Q&A with Al Saikali of Shook, Hardy & Bacon, LLP

Up until recently class action suits involving the Biometric Information Privacy Act were rare. In the past two years, however, this Illinois statute has become the focus of a trend, with plaintiffs attorneys zeroing in on companies that employ Illinois residents. I spoke with Al Saikali, chair of the data security and privacy practice at Shook, Hardy & Bacon, LLP, about the law and the current landscape of biometric privacy litigation.

Continue Reading

Blockchain and Cyber Risk

A Q&A with Scott Diamond of Chicago Crypto Network, LLC

Blockchain is an emerging technology with the potential to greatly reduce cyber risk and ensure data integrity. To find out more about how it works and why organizations can benefit from rethinking their business processes, I talked to Scott Diamond of Chicago Crypto Network.

Continue Reading

Public Entities and Cyber Security

A Q&A with David Lineman, Information Shield

Public entities are equally at risk for data loss incidents as organizations in the private sector, yet PEs are often far less prepared to handle these events. I spoke to David Lineman, president of Information Shield, about how PEs can strengthen their cyber security posture.

Continue Reading

Key Security Trends in the Verizon Data Breach Investigations Report

A Q&A with David Hylender

2017 marked the tenth year for the Verizon Data Breach Investigation Report, an invaluable resource for understanding the current landscape in cyber security. This year 65 organizations from around the world reported 1,935 confirmed breaches and 42,068 data loss incidents. I asked David Hylender, senior risk analyst at Verizon Business, about the findings and key takeaways from this most recent edition.

Continue Reading

NetDiligence® Security Advisory – KRACK Wi-Fi Exploit

NetDiligence® Security Advisory – October 17th, 2017

KRACK WPA2 Wi-Fi Exploit Status and Protection Tips

This NetDiligence Security Advisory is published for the benefit of our cyber insurance carrier/broker clients and their insureds. We urge clients to take special note of the details included in this Advisory and take preventative/remedial action on a timely basis. Clients are welcomed to distribute this Advisory to their colleagues and others as they see fit, provided it is distributed without modification of its contents.

Continue Reading

Claims Valuation in Cyber Business Interruption

A Q&A with Simon Oddy of RGL Forensics

Business interruption (BI) can be a costly side effect of a cyber-attack, and insurance companies are responding in kind with BI policies. I spoke with Simon Oddy, partner of RGL Forensics, about how insurers assess BI and what organizations can do to avoid it.

Continue Reading

BAD IDEA ALERT: Crisis Communications? Nah, we’ll just figure it out on the fly

Q&A with Zach Olsen of Infinite Global

Let’s face it: PR, and it’s fancier sibling, crisis communications, is the red-headed stepchild of the data breach family. Everyone accepts that you need a seasoned breach coach to help navigate the maze of state-specific disclosure laws and avoid third-party litigation, and we can all agree that a sophisticated forensics shop is key to stopping the bleeding and assessing the damage. But then what? It seems like more often than not, a breach victim’s response to an attack is limited to a very delayed and often-canned press release that leaves customers and employees with more questions than answers. I talked to Zach Olsen, President of Infinite Global and head of the firm’s Crisis Response & Reputation Management Group about where he sees an opportunity for reducing the costs and reputational harm of a breach.

Continue Reading

Hybrid Active Directories: Another Frontier for Data Breaches

A Q&A with Quest

More organizations are adopting Microsoft’s cloud-based Azure Active Directory (AD) but maintaining on premises AD deployments to support legacy systems or applications without internet access. We call this a hybrid Active Directory deployment.  Hybrid ADs may pose a security risk if not managed properly. Unexpected changes to the AD environment, such as changes in user privilege, multiple logins in rapid succession, and logins from unusual locations often provide the first indication of an external or internally initiated breach. We spoke to Keri Farrell, Brad Kirby and Matthew Vinton from Quest about this particular concern for organizations and how they can shore up security measures to avoid data loss.

Continue Reading

No more posts.