On the morning of Wednesday, July 20th I attended a Cybersecurity and Data Privacy Seminar hosted by Kelley Kronenberg: Attorney’s at Law at the Broward Center for the Performing Arts in Fort Lauderdale, FL. The seminar focused on how businesses can avoid cybersecurity incidents, minimize risk, and identify best practices for protecting their data. This is a critical topic in our industry as there are more than 1.1 million cybersecurity victims every day, nearly 50,000 every hour and 800 every minute. The seminar featured four speakers from various sectors including legal, computer forensics, insurance, and public relations.
The seminar began with Bryan Barnhart, former member of the United States’ Secret Service, Electronic Crimes Task Force. Mr. Barnhart stressed the importance of protecting confidential, financial, personal data, medical, and intellectual property/trade secrets. I know, you’re thinking, “That’s obvious!” But the #1 threat is ransomware, which consists of viruses and malware; hackers will encrypt your data, make it inaccessible to users and then demand a ransom. Attackers will spread this by phishing emails and malicious websites. https://en.wikipedia.org/wiki/Phishing
The #2 threat is…. you guessed it – a Data Breach, which happens every single day. 54% of data breaches go undetected for an average of 168 days. This can lead to regulatory fines, brand damage, lawsuits, increased scrutiny, cost of notification, investigation and remediation, as well as administrative and productivity cost.
But how does all of this happen?
Hackers can access your system though wireless networks or probe requests. DON’T use open wireless networks and make sure to turn off your phone’s Wi-Fi when not in use. Make sure you are not using weak passwords, DO NOT place post-it notes with passwords on your monitor and do not save files with usernames and passwords on your computer. Always use strong passwords and use full disc encryption, in case your computer gets stolen. Refrain from promiscuous USB use; don’t go sticking it where it doesn’t belong! An unknown USB can have malicious payload.
You may be asking, how you can make sure this doesn’t happen to your company, or yourself.
It’s imperative to train your staff and make sure they are always on alert. Ever hear of social engineering? It’s the art of manipulating people to take actions they normally wouldn’t do. This can be accomplished by phishing emails, from a website link, a phone call from “tech support” or a phishing voice solicitation – this is a new and very tricky scam, so watch out!
Here are a handful of steps to make sure this doesn’t happen to you, be proactive and know your vulnerabilities. Be sure to assess risk and have a response plan; don’t just hope for the best. Include your legal counsel, test your plan, rinse and repeat (not just annually).
The next speaker was Valerie Barnhart, Partner at Kelley Kronenberg: Attorney’s at Law. Mrs. Barnhart provided a staggering and upsetting statistic – 45% of businesses have experienced a data breach in the past 2 years across all industries. Here is a five-step defense plan to implement, so you don’t become a statistic. First, have privacy and security policies, train your employees, assess vendor management, establish an incident response plan and create a company cyber policy.
The third speaker, Chris Burgio, is the Vice President at Marsh & McLennan Agency. Mr. Burgio focused on cyber insurance and risk assessment. As you’re applying your plan, ask yourself the following questions: What data do you collect, how and why? Where is it? Who can access it? When do you purge it?
Mr. Burgio strongly suggests assessing your insurance coverage to protect your company and it’s critical assets.
ALWAYS PROTECT – PRESERVE – DEFEND
The final speaker was Todd Templin, Executive VP at Boardroom PR. Mr. Templin reiterated the importance of protecting intangible assets. He stressed that you never want to harm your reputation, brand, or cause loss of business. Don’t let others define the message, don’t let bad news dribble, and don’t avoid the facts.
REMEMBER: Create a plan to protect your company and brand by leveraging experts, put it into action and own it!