cybersecurity Archives

Blockchain: Power to the People

August 28th, 2018|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: blockchain, cybersecurity, data privacy, Legal Tech, Privacy|

Dan Solove, co-founder of the Privacy+Security Forum and professor at GW Law School, just posted an interview with Steve Shillingford, Founder and CEO of Anonyome Labs, a consumer privacy software company. Below is part of just one exchange in the interview. SOLOVE: The Internet has made so many things possible that we couldn’t do in an analog world. Yet, in some ways, the online world seems to lack the capabilities of the offline world. In the offline world, it is much easier to have anonymous transactions. This becomes much more challenging online. How can the online world be made more like the offline world in this regard? SHILLINGFORD: Blockchain technology shifts the balance of power back to people—to individuals—and away from tech giants, governments and data miners. It allows you to transact on your terms, just as you do offline. And it’s not just limited to financial transactions. Put anything on the blockchain you want. The blockchain gives a person the ability to publish only the information THEY decide to divulge. Nothing more, nothing less. And no more hidden agendas, no selling personal data without your consent, no worries about privacy. Just like the analogue world, you decide the context, the content, and duration of the information you provide…not the big guys. It can really be that easy. Read the complete interview. See the latest faculty and agenda updates for the Privacy+Security [...]

Courtney Klein on Social Media & Security

August 1st, 2018|Categories: Corporate Compliance, HB Risk Notes, Law Firm Operations|Tags: compliance, cybersecurity, Law Practice Management, Risk Management, social media|

A Restructured Paradigm for Corporate Teamwork By Courtney Klein of Soteria Risk Consultants Social media has become an integral part of everyday life. It’s how some of us get our news, research our opinions, learn about local events, and connect with friends. For the modern western business, it is also immensely important for staying in touch with customers, advertising, and overall visibility. For this reason, many companies employ veritable armies of “Social Media Specialists” that do everything from designing graphics to writing tweets to replying to customer questions and complaints. Some companies interact with each other (such as the hilarious and long-standing Twitter Battle between Wendy’s and McDonald's), and some use it as their primary form of communication. Customers, too, know that social media is a way to get in touch with a company - for good reasons and for bad - and while many companies are aware that they will and do receive threats on social media, very few of them have any kind of protocol in place for how to deal with them – and even fewer still encourage their social media teams to pass this information on to or (better yet) work together with their security team. This sort of blasé attitude to threats – either because “it’s not my job” or “they can’t be serious” – leads to [...]

Francoise Gilbert on Colorado’s New Privacy Law: Are You Ready?

August 1st, 2018|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: compliance, cybersecurity, data breach, data privacy, Privacy|

Effective Sept. 1, 2018, Colorado will require all entities that process or store certain personal information of Colorado residents, regardless of whether the entity is located within or outside of Colorado, to have formal data security and data disposal programs. This is the result of the adoption of Bill 18-1128 “Concerning Strengthening Provisions for Consumer Data Privacy,” signed into law at the end of May 2018, to amend and supplement existing law .... Previously, the definition of “personal identifying information” under the Colorado law was limited to a resident’s first name or initial and last name in combination with the individual’s Social Security, driver’s license, or identification card number, or a credit or debit card or bank account number, combined with a password or access code. The new definition includes additional forms of identification, such as student, military, passport, and health insurance identification number, as well as other types of information, such as medical information or biometric data. It also includes username or e-email address in combination with a password or security question answers that would permit access to an online account .... Organizations that collect personal identifying information of Colorado residents and that do not yet have the written programs necessary to formalize their data protection practices urgently need to focus on compliance. -- Francoise Gilbert, Greenberg Traurig Francoise Gilbert, a partner [...]

A.I. Best Practices: Rules and Policies for Using Artificial Intelligence in Your Business

July 30th, 2018|Categories: HB Risk Notes, Insurance, Technology Law|Tags: cybersecurity, data breach, data privacy, Insurance Companies, Risk Management|

Explore how cybersecurity breaches impact insurance, risk management, and data privacy with evolving legal and compliance challenges. [one-third-first] DATE: Sept. 27, 2018 TIME: 2 p.m. EDT; 1 p.m. CDT; 12 p.m. MDT; 11 a.m. PDT PLACE: Your computer or mobile device PRICE: $197* per dial-in site *Price is good through Aug. 16. After that it's $247. GROUPS ARE GOOD: Registering qualifies you to multiple attendees at your location. CLE: 1 credit Please send CLE questions to CLE@LitigationConferences.com SPEAKER: John Frank Weaver Attorney McLane Middleton Your registration includes: • A site license to attend this webinar (invite as many people in one location as you can fit around your computer at no extra charge). • Downloadable PowerPoint presentations from our speakers. • The opportunity to connect directly with speakers during the audience Q&A session. • At least one-hour of CLE credit. Produced in collaboration with and their new Journal of Robotics, Artificial Intelligence & Law [/one-third-first] [two-thirds] Nearly every industry is adopting or preparing to adopt artificial intelligence applications into their business practices. That's exciting. However, there are almost no government regulations for their use and few resources providing best practices that anticipate ethical considerations and forthcoming legal requirements. This lack of direction poses a serious problem as A.I. applications become more widespread. Businesses are creating their own ad hoc practices without considering the [...]

Joshua Gold on Cyber Crime and Insurance

July 24th, 2018|Categories: HB Risk Notes, Insurance, Technology Law|Tags: compliance, cybersecurity, data breach, fraud, Insurance Companies|

With the amount of trickery going into thefts and embezzlements these days, crime insurance companies too often use the many steps involved in a fraudulent scheme to argue that losses are indirect and otherwise uncovered. The recent decisions of the Second Circuit and Sixth Circuit on the “direct loss” argument and the scope of computer fraud coverage are important victories for policyholders generally, making clear that where the predominant step in the chain is some type of covered fraudulent misconduct involving a computer, a court is not going to entertain a direct loss defense to excuse the insurance company from paying. As such, policyholders should be familiar with their crime coverage and promptly notify all potentially implicated lines of insurance coverage when a cybercriminal is afoot. -- Joshua Gold, Anderson Kill Read Josh's complete article. Joshua Gold is Chair of Anderson Kill’s Cyber Insurance Recovery Practice and was amicus counsel for United Policyholders in the Medidata Solutions, Inc. v. Federal Insurance Company case before the Second Circuit.

Halligan, Weyland on Cybersecurity, Trade Secret Asset Management and the Defend Trade Secret Act of 2016

July 23rd, 2018|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: Artificial Intelligence (AI), compliance, Corporate & Securities, cybersecurity, data analytics|

"Cybersecurity protection against outsider theft has largely succeeded, if competently crafted business methods are strictly followed. The more intractable problem of insider theft is now the major concern, and traditional cybersecurity methods are unavailing. The ever-higher digital barriers placed around the corporation and its sensitive data are no defense against data theft by people allowed inside the digital walls in the normal course of business." Read their complete post on LinkedIn. R. Mark Halligan is a Partner and Trial Lawyer at FisherBroyles, LLP. Mr. Halligan has taught Advanced Trade Secrets Law in the John Marshall Law School LLM program for 24 years. Richard F. Weyand is the President of the Trade Secret Office, Inc. www.thetso.com See R. Mark Halligan and Richard F. Weyand Trade Secret Asset Management 2018: A Guide to Information and Asset Management Including RICO and Blockchainavailable on Amazon. https://www.amazon.com/dp/0997070986

Willis Towers Watson: Cyber Risk Top D&O Concern

July 22nd, 2018|Categories: Corporate Compliance, HB Risk Notes, Insurance|Tags: cybersecurity, data breach, data privacy, Directors & Officers, Insurance Companies|

Based on their survey, Willis Towers Watson says cyber risk continues to top the list of concerns for directors and officers (right up there with employee claims). As for coverage, while they care about price, things like their relationship with the carriers and how well they handle claims are critical elements. And, maybe one key reason cyber events keep happening: "Only 13% of board members feel that their organizations learn from past cyber mistakes." Read the results of the Willis Towers Watson survey.

RSA’s Zulfikar Ramzan on Blockchain

July 21st, 2018|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: Artificial Intelligence (AI), Crypto, cybersecurity, data privacy, Information Technology Law|

Is blockchain as impenetrable as people think? Or as necessary? It's not predicated on the same type of cryptographic security that we've seen historically, but if someone has enough money and enough motivation -- like a nation state -- couldn't they severely compromise a system? Is blockchain the only way transactional protections can become so secure, or could traditional technologies be employed and with less effort? RSA Security's Chief Technology Officer Zulfikar Ramzan, Ph.D., spoke at our Cyber Sector Risk: Blockchain Security in April 2018 in New York. Hear what he had to say about this much-heralded technology. Related content https://litigationconferences.com/www-litigationconferences-comprivacysecurity-forum-2018-2/ https://litigationconferences.com/international-cyber-risk-management-conference/ https://litigationconferences.com/video-the-urgency-of-cyber-threats-to-u-s-and-global-critical-infrastructures/

Judy Selby on Improving Cyber and Privacy Board Reporting

July 19th, 2018|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: compliance, cybersecurity, Directors & Officers, Information Technology Law, Risk Management|

"While general awareness of cyber risks among corporate boards is increasing, even the most motivated and knowledgeable directors cannot effectively fulfill their duties without receiving appropriate data about the organization’s risk profile. Unfortunately, however, there appears to be a disconnect between management and boards when it comes to cyber risk reporting . . . In order for directors to effectively discharge their duty of active, informed, and engaged oversight, the information they receive must be relevant, understandable, reliable, and objective." Judy Selby, JD Judy Selby Consulting Read the full article and Judy's tips for improving board reporting. Judy Selby of Judy Selby Consulting

BitSight Releases eBook on Use of A.I. & Big Data in Continuous Cyber Risk Monitoring

July 18th, 2018|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: compliance, cybersecurity, data breach, data privacy, Risk Management|

"With every reported data breach or cyberattack, the cyber risk landscape gets a little more complex. Cyber criminals create new attack vectors, cybersecurity professionals develop new controls to protect their systems, the criminals get to work circumventing the controls, and so on.The result of this back and forth is that cyber risk professionals have a huge variety of risk factors to worry about. In response, risk managers and security specialists need to develop extremely complex cybersecurity programs to make sure all of their bases are covered. "With so many cybersecurity risks to consider, it’s inevitable that some will receive less attention than they deserve. Unfortunately, these overlooked risk factors could play a role in your next cyberattack, and if your financial services firm isn’t prepared, that could be extremely costly." Read more. We're looking forward to seeing the BitSight team in Bermuda Dec. 6-7, 2018, at the International Cyber Risk Management Conference.

Crowell & Moring on D&O Corporate Liability for Cyber Claims

July 17th, 2018|Categories: Complex Business Litigation, HB Risk Notes, Insurance|Tags: cybersecurity, data breach, Directors & Officers, Errors and Omissions (E&O), Insurance Companies|

"Although many commentators have noted the potential exposure for cyber claims in the form of shareholder actions under D&O coverage, little attention has been given to the risks of cyber exposure under Side C [D&O corporate liability] coverage," write Laura A. Foggan and Thomas Kinney of Crowell & Moring LLP. "D&O policies contain many exclusions and coverage limitations that should protect against undue, unintended expansion of such policies to encompass cyber risks. However, as this case illustrates, courts may not always agree that those coverage limitations fully address cyber breach exposures."

Insurance Coverage and GDPR: What’s Your Financial Exposure? –Linda Kornfeld, Blank Rome

May 28th, 2018|Categories: Corporate Compliance, HB Risk Notes, Insurance|Tags: compliance, cybersecurity, data privacy, insurance claims recovery, Insurance Companies|

In her recent article -- GDPR Is Finally Here: It’s Time to Make Sure Your Current Cyber Policy Will Protect against New Financial Exposures -- Blank Rome insurance coverage partner Linda Kornfeld wrote: Companies can face large financial exposure for GDPR “fines or penalties.” Are they covered under currently worded cyber policies? The answer is, maybe not if your policy, e.g., covers regulatory proceedings addressing only failures to protect private information, as opposed to GDPR proceedings that may address broader noncompliant data collection and use practices. Additionally, coverage for GDPR fines or penalties may be more restricted under the laws of many European countries than the laws of certain states in the United States. Your insurer may agree to choice of law language in your policy that will increase the chances of coverage. On behalf of all of us at HB -- Congratulations to Linda on her move to Blank Rome! Now Vice Chair of the firm's Insurance Recovery Practice Group, Linda is one of the nation’s most prominent insurance recovery attorneys, representing corporate policyholders in high-stakes litigation for more than 25 years. Using strategic, creative approaches in her trial and appellate practice, Linda assists her clients in the recovery of hundreds of millions of dollars in insurance assets. She is a strategic adviser to senior executives and in-house counsel on mitigating risk [...]