Presentation is loading. Please wait.

Presentation is loading. Please wait.

Eight Strategies to Reduce Your Risk in the Event of A Data Breach Sheryl Falk December 10, 2013.

Similar presentations

Presentation on theme: "Eight Strategies to Reduce Your Risk in the Event of A Data Breach Sheryl Falk December 10, 2013."— Presentation transcript:

1 Eight Strategies to Reduce Your Risk in the Event of A Data Breach Sheryl Falk December 10, 2013

2 Are you ready for a Data breach? 2

3 Costs of Data Breach 3

4 Q: What is a Data Breach? 4 A Data breach is the intentional or unintentional release of secure information to an untrusted environment.

5 1. External Threats: Cybercriminals/ Hackers 5

6 2. External Threats: Vendors/Subcontractors 6

7 3. Insider Threat: Employee Theft 7

8 Examples of Trade Secret information marketing strategies manufacturing techniques manufacturing materials computer algorithms a new invention (for which a patent application has not yet been filed) a formula for a sports drink survey methods used by professional pollsters Customer lists and information 8

9 Lost laptop or device containing company data, turning off encryption, not updating security patches, leaving computer on at night, simple passwords, use of public WiFi, stolen laptop, ing company information to home address, unnecessary use of social security numbers, use of social media at work, clicking on unfamiliar links, failure to monitor URL address, using found USB stick, outsourcing data to vendor without security due diligence, using company guest WiFi to access secure information from personal devices, failure to follow security policies, sharing passwords, misdirected s with PII, foolishness, falling for phishing, written passwords next to computer. 4. Insider Threat: Negligent Employees 9 35%

10 10

11 Data Breach Detection 11 Less than 2% of breaches are detected in the first 24 hours Less than 46% of breaches are detected in the first 30 days 60% of breaches have data exfiltrated in first 24 hours Over 92% of breaches are discovered by a third party Less than 40% are contained within a week of discovery 2012 Verizon Data Breach Report

12 12

13 13 1 Follow your Data Breach Response Plan

14 Develop a written Plan Assemble your Team Identify your vendor partners Test your Plan Plan your Data Breach Response 14

15 15 2 Conduct a Privileged Investigation

16 Investigation Steps Identify all affected data, machines and devices Preserve Evidence Understand how the data was protected Develop the Record Conduct interviews with key personnel Document evidence and findings carefully Quantify the exposure of data compromised Track your costs 16

17 17 3 Assess Notification Obligations

18 Federal or State authorities Depends type of information at issue/threshold numbers affected SEC Report Requirement Impacted individuals Applicable law is where individual resides International Considerations Legal implications of failing to properly notify Who do you have to Notify? 18

19 Texas Bus. & Com. Code A person who conducts business in this state and owns or licenses computerized data that includes sensitive personal information shall disclose any breach…to any individual whose sensitive personal information…believed to have been acquired by an unauthorized person. Texas Data Breach Statute Extraterritorial Application Civil penalty up to $250,000 per breach 19

20 20 4 Cooperate with Regulators/AGs

21 Responding to the AG/Regulators 21 Maintain your credibility Negotiate terms of requests Circulate a hold for document destruction Advocate your story

22 22 5 Develop Communications Strategies

23 Effectively Communicate about Breach Have a Breach Communications Plan Communicate breach facts accurately and quickly –Understand and follow breach notification timetables –Stay focused and concise –Be prepared to update with new information What you might offer: –Information about security freezes and credit monitoring –Contact information for credit reporting agencies, FTC or state authorities –Central ombudsman for all questions –Credit monitoring or identity restoration services –Coupons or gift certificates 23

24 24 6 Check Privacy/Data Security Policies

25 Good to Know We aim to provide you with the worlds strongest security and privacy tools. Security and privacy matter to us, we know how important they are to you and we work hard to get them right. What have you represented you would do? 25

26 26 7 Check for Potential Insurance Coverage

27 Do you have insurance coverage? 27

28 28 8 Assess the Effectiveness of your Response

29 How did the team respond? What can be improved in response/investigation? What security issues can be tightened up? Modify your plan/procedures if necessary After Action Event Review 29

30 30 SUMMARY 1Follow your Data Breach Response Plan 2Conduct a Privileged Investigation 3Assess Notification Obligations 4Cooperate with Regulators/AGS 5Develop Communication Strategies 6Check Privacy/Data Security Representations 7Check for potential insurance Coverage 8Assess the Effectiveness of Your Response

31 Sheryl Falk

Download ppt "Eight Strategies to Reduce Your Risk in the Event of A Data Breach Sheryl Falk December 10, 2013."

Similar presentations

Ads by Google