What Data? I m A Trucking Company!

Similar documents
DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE

KEY STEPS FOLLOWING A DATA BREACH

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Cyber Self Assessment

Privacy Rights Clearing House

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014

Incident Response. Proactive Incident Management. Sean Curran Director

3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem.

Cyber Insurance Presentation

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

Cyber/Information Security Insurance. Pros / Cons and Facts to Consider

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

How-To Guide: Cyber Security. Content Provided by

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide

Data Breach and Senior Living Communities May 29, 2015

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

Data Security 101. Christopher M. Brubaker. A Lawyer s Guide to Ethical Issues in the Digital Age. cbrubaker@clarkhill.com

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP

CyberEdge. Desired Coverages. Application Form. Covers Required. Financial Information. Company or Trading Name: Address: Post Code: Telephone:

Mitigating and managing cyber risk: ten issues to consider

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach

HIPAA: Bigger and More Annoying

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

Managing Cyber Risk through Insurance

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked

APIP - Cyber Liability Insurance Coverages, Limits, and FAQ

plantemoran.com What School Personnel Administrators Need to know

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

CyberSecurity for Law Firms

Privacy and Data Breach Protection Modular application form

DATA BREACH COVERAGE

Bellevue University Cybersecurity Programs & Courses

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

Cyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group Ext. 7029

Security and Privacy

Attachment A. Identification of Risks/Cybersecurity Governance

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

ACE Advantage PRIVACY & NETWORK SECURITY

CYBER SECURITY SPECIALREPORT

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. rny@crlaw.com Phone: (336)

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Data Security Incident Response Plan. [Insert Organization Name]

Security Management. Keeping the IT Security Administrator Busy

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

ISO? ISO? ISO? LTD ISO?

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

Cybersecurity: Protecting Your Business. March 11, 2015

Data Breach Response Planning: Laying the Right Foundation

The Legal Pitfalls of Failing to Develop Secure Cloud Services

OCR s Anatomy: HIPAA Breaches, Investigations, and Enforcement

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Cyber Security. John Leek Chief Strategist

State of Security Survey GLOBAL FINDINGS

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

Zurich Security And Privacy Protection Policy Application

Privacy / Network Security Liability Insurance Discussion. January 30, Kevin Violette RT ProExec

A Wake-Up Call? Fight Back Against Cybercrime. Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014

Managing Cyber & Privacy Risks

Protecting against cyber threats and security breaches

Senaca Shield Presents 10 Top Tip For Small Business Cyber Security

Internet threats: steps to security for your small business

TODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice

CSR Breach Reporting Service Frequently Asked Questions

HIPAA Security Alert

Discussion on Network Security & Privacy Liability Exposures and Insurance

DATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET

Think STRENGTH. Think Chubb. Cyber Insurance. Andrew Taylor. Asia Pacific Zone Product Manager Chubb Pro PI, Media, Cyber

Data Access Request Service

FACT SHEET: Ransomware and HIPAA

Incident Response. Six Best Practices for Managing Cyber Breaches.

Cybersecurity Workshop

Transcription:

What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West Washington Street, Suite 1100 Greenville, SC 864. 751-7643 rob.moseley@smithmoorelaw.com

WEBINAR ROADMAP Data, What Data? Company Best Practices Preparation Response Cybersecurity Insurance Contracting Considerations

WHAT, ME? I don t have to worry about a data breach because I don t have any data My data is safe, it is in the "cloud" I am a small, local business, not a Target or Sony Nobody will want my data I have a firewall to protect my data I outsource my IT

WHY YOU! The notion that you are too small or too boring is a false sense of security

WHY YOU! Data in any form has value to someone, and no business is immune from a potential breach Hackers compromise nearly 30,000 websites each day. A majority of these breaches result from weaknesses in our collective cyber behavior rather than through nefarious means According to the FBI, 90% of cyber-attacks involve phishing email scams that require employee action to succeed

TRANSPORTATION DATA Data intensive industry Customer Information Capacity Information Pricing Information Fleet maintenance Fleet Management Driver compensation analytics

TRANSPORTATION DATA The collection and use of data is accelerating Optimizing routes Optimizing loads Managing inventory Fleet maintenance Increasing safety

TRANSPORTATION DATA Employee Information Social Security Birthdate Driver s license Address Phone number Wellness Program Personal health information Driver qualification files

TRANSPORTATION DATA E-commerce is growing More and more paper conduits are shifting to electronic Can your business survive without this information?

BEST PRACTICES PREPARATION Data security is not an IT issue, it is a company issue IT may manage the nuts and bolts of network systems; however, all employees must be responsible for the use and protection of information Improper use or disclosure of information will impact the company, not IT What are your client or customer expectations? Ignoring data security issues outside of IT is a recipe for disaster

BEST PRACTICES PREPARATION Potential sources of a data breach Employee error Phishing and malware scams Stolen, lost, or unattended computer Stolen, lost, or unattended smartphone or tablet Hacking incidents Malicious employee Unknown intrusions

BEST PRACTICES PREPARATION Minimize Your Risk of Exposure Establish policies and procedures Identify what data you have Know where that data is stored Identify all individuals with access to your data Determine what and when data can be destroyed Proactively monitor and train employees Designate a data security officer Conduct periodic security testing and compliance

BEST PRACTICES PREPARATION What Data Do You Have? Employee Customer Not all data is created equally Prioritize data Essential to business operation Regulated industry information HIPAA Data subject to state reporting requirements

BEST PRACTICES PREPARATION Where Is Your Data Stored? Desktop or laptop Servers Cloud Smartphones/Tablets Company or personal Third parties

BEST PRACTICES PREPARATION Who Has Access To Your Data? Employees Drivers Third Parties Employee and third party access to data should be controlled Data must be protected Educate and train Policies and procedures

BEST PRACTICES PREPARATION Destruction of data If you don t need it, don t have it Case by case analysis of what data can be destroyed Must consider statutory and regulatory document notification and preservation requirements Litigation considerations Statutory considerations State statutes that regulate how and when destroyed Transportation industry specific regulations

BEST PRACTICES PREPARATION Steps that you should be taking now Start with your employees Can be your best line of defense Educate and train Unattended devices in public Passwords Safeguard sensitive data through encryption

BEST PRACTICES PREPARATION Educate on phishing and malware attacks Working remotely The employee role in responding to a cyberattack Employee education and training

BEST PRACTICES PREPARATION Driver shortage and job satisfaction Drivers are provided laptops, tablets, and smartphones Do employees access network systems remotely? Public Wi-Fi is just that public There should be no expectation of privacy or security when connected to public Wi-Fi Required to use a VPN connection (Virtual Private Network) The information transmitted via a VPN connection is private and secure and allows an employee to work as if they are directly connected to the network

BEST PRACTICES RESPONDING Goals For Responding To A Data Breach

BEST PRACTICES RESPONDING Have A Go To Team In Place 24 Hour Access The clock starts ticking when the breach occurs Management IT Compliance/HR Attorney 3 rd Party/External consultant (Forensics & Media) After a breach has occurred is not the time to begin preparing

BEST PRACTICES RESPONDING Alert and activate everyone on the response team Management IT Compliance/HR Attorney 3 rd Party/External consultant Insurance Media consultant Make sure the response team knows their roles and duties and has necessary contact information

BEST PRACTICES RESPONDING Secure the premises around the area where the data breach occurred to help preserve evidence Accident scene investigation Preservation of information Factual information Equipment Witnesses/participants Control access

BEST PRACTICES RESPONDING Stop additional data loss Allow forensics team to analyze Take affected machines offline Do not attempt to analyze yourself Know whether you can or should shut down your system Will shutting down system cause loss of information? Spoliation issues

BEST PRACTICES RESPONDING Document everything about the breach Who discovered it Who reported it To whom it was reported Who knows about it What type of breach occurred

BEST PRACTICES RESPONDING Document everything about the breach What was stolen How was it stolen What systems are affected What devices are missing Allow counsel to direct the collection of information

BEST PRACTICES RESPONDING Assess priorities and risks based on what you know about the breach Bring in your forensics firm to begin an in-depth investigation Analyze the immediate ramifications of the breach Evaluate and understand the cause of the incident Identify who was affected and what information compromised

BEST PRACTICES RESPONDING What is likely to happen to the compromised data Are other systems a possible target What are the possible legal implications Notification requirements Reporting requirements Litigation risks

BEST PRACTICES RESPONDING Identify Legal Obligations Revisit state and federal regulations governing your industry and the type of data lost State or federal law HIPAA, the Fair Credit Reporting Act, etc Litigation considerations Class action litigation, consumer protection/unfair and deceptive acts, misrepresentation re security of data, negligence, invasion of privacy, breach of express or implied contract, etc

BEST PRACTICES RESPONDING Notify law enforcement After consulting with legal counsel and upper management Determine whether law enforcement or other agencies must be notified by law N.C. Gen. Stat. 75-65 Notify the Consumer Protection Division of the Attorney General s office without unreasonable delay if notice is given to individuals Additional reporting requirements if notice is given to more than 1,000 individuals

BEST PRACTICES RESPONDING Continue Working with Forensics Determine if any countermeasures were enabled when the compromise occurred Analyze backup, preserved or reconstructed data sources Begin to align compromised data with customer names and addresses for notification

BEST PRACTICES RESPONDING Fix the Issue that Caused the Breach Rely on your forensics team to delete hacker tools Determine if you have other security gaps or risks Put clean machines online in place of affected ones Educate your employees Ensure same type of breach will not happen again Passwords Encryption of data If it happens once, you are now on notice if it happens again

INSURANCE CONSIDERATIONS Cost of responding to a breach increasing What is your current insurance coverage Non-cyber policies You may not be covered Cyber insurance is changing Exclusions Stand alone policies

INSURANCE CONSIDERATIONS Business disruption/lost revenue Loss of intellectual property Infrastructure damage Reputational/brand damage Employee concerns Regulatory investigations and sanctions Litigation exposure Remediation and increased protection costs Management distraction Lower stock price

INSURANCE CONSIDERATIONS What options are available? Buffett style First-party coverage Business interruption Remediation coverage Fines and penalties coverage Risk management services coverage Media relations Extortion Third-party coverage

INSURANCE CONSIDERATIONS What should you do? Identify gaps in coverage Work closely with your insurance broker to determine what coverage you have and don t have Make sure you are aware of changes that are taking place CGL policy may no longer provide protection Determine whether other policies may provide protection E & O policy Officers & Directors policy

CONTRACT CONSIDERATIONS Do you share your data? With whom do you share your data? Carriers Brokers Customers Third party IT What are you sharing? Billing information Social security numbers Are these third parties protecting your data?

CONTRACT CONSIDERATIONS Contract Considerations Allocation of risk Indemnification Who does data belong to? Who is responsible for the safeguarding data? Cyber security policies and procedures Should be consistent with your standards Access to information Ability to conduct audit of third party s compliance Insurance

WHAT ELSE CAN YOU DO Third Party Forensic Companies Ethical hacking Penetration test Proactive attack of network Managed security testing Preventative technology Data loss prevention Data breach response 24 hour response teams Data recovery/remediation

Internet of Things Big Data Increased efficiency Interconnectivity Cargo Pallets Fleets Example WHAT IS NEXT? Lights at a terminal monitoring traffic Real time analytics

CLOSING THOUGHTS Technology continues to evolve Everyday we gather more and more data If there is money to be made, those seeking to obtain the data will continue to evolve You must have an ongoing assessment of technology and data What works today may not work tomorrow Must adapt to emerging technology and threats

What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West Washington Street, Suite 1100 Greenville, SC 864. 751-7643 rob.moseley@smithmoorelaw.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information