Cybersecurity & Data Protection
No business is immune from data breaches or cyber hacks. Data privacy and cybersecurity are at the forefront of today’s business concerns. Data breaches are not new; they have occurred since companies and individuals began storing private data in any form. Public data breaches are escalating as technology advances and electronic data grows exponentially. According to the Privacy Rights Clearinghouse, over 8,000 data breaches involving at least 10.3 billion records have been reported in the U.S. since 2005, including international breaches which affected individuals in the U.S. As use of the cloud for storing and sharing information continues to rise, the risk of data breaches increases.
The most common potential data breaches for businesses include:
- Hacking
- Stealing or misusing credentials – weak or stolen passwords
- Phishing/malware/ransomware – clicking on email from unknown email address, clicking on an infected attachment or link, or accessing website that downloads malicious software
- Software and network vulnerabilities – not keeping software applications and network systems updated
- Accidental/inadvertent breach – not knowing or following data security protocols
- Lost devices
- Insider – careless or disgruntled employees/former employees or independent contractors with access to confidential data or whose access was not disabled upon termination
- Social engineering
- Business email compromise
- CEO fraud
- W2 fraud
CYBERSECURITY AWARENESS AND CYBERSECURITY - On Demand Video Webinar
At Danna McKitrick, our Cybersecurity team assists clients to create and implement practical strategies and effective solutions to data privacy, usage, and cybersecurity protection obligations related to the client’s business and industry. Our team is experienced in health care law, intellectual property, telecommunications industries, and related regulatory requirements. We also engage other trusted providers including forensic firms, IT management companies, accountants, government officials (Secret Service and FBI), public relations experts, and insurance brokers.
HOW WE CAN HELP BEFORE A BREACH
Data Breach Data Protection and Cybersecurity
- Data privacy and cybersecurity risk management
- Risk assessments
- Remediation recommendations (risk mitigation specialists)
- Data protection and security policies, protocols, and procedures to bar unauthorized access to electronic and hard copy information
- Audits of secure data processing procedures and protected transfer of personal information by cybersecurity team
- Regulatory and statutory compliance and guidance: HIPAA/HITECH; COPPA; FACTA
- Incident response policies and procedures, including identifying a list of cybersecurity experts and federal, state, and/or local authorities to be notified
- Employee data privacy and cybersecurity training
- Employee social media policies
- Whistleblower guidelines
- Privacy and cookies policies
- Terms of use for company websites
- Vendor negotiation
- Contracts
- Cybersecurity protection
- Cybersecurity and privacy risks in M&A transactions
- Analysis of cybersecurity insurance policies
HOW WE CAN HELP AFTER A BREACH
Data Breach or Compromise
- Incident response coordination with designated personnel
- Investigation of breach with a team of cybersecurity experts
- Coordination with public relations
- Notification obligations to state and local authorities, clients, vendors, and customers
- Review/analyze information through forensic images, backups, and data; establish chain of custody
- Compliance with U.S. and EU security incident and data breach response procedures
- Defense of breach-related litigation
- Coordination of insurance claims
- Identification of revisions needed after data compromise or breach:
- Incident response protocols and procedures
- Data protection