David Adler continues focus on Cyber Security Conferences

Soem prior conferences:

Data at Risk: Regulatory and Privacy Concerns in a Data Breach. – Enfuse Conference 2018, Las Vegas, NV, May 23, 2018.

Trends in Cyber-Law 2017– ISACA CSX North America 2017, Washington, DC October 2-4, 2017

The Human Side of IT Acquisitions– Assoc. of Technology Acquisition Professionals CAUCUS IT Procurement Summit, New Orleans, LA, November 7-8, 2017

My topic, Assessing and Responding to Cyber Legal Risk,was chosen for presentation at the 2018 New York State Cyber Security Conference. 

#nyscyber 

Advertisements

Three Key Factors That Small Business Owners Must Consider To Enhance Their Cybersecurity

Awareness
Awareness (Photo credit: Emilie Ogez)

By now most small business owners are aware that Cybersecurity is an issue. But, how much time and capital should be spent on cybersecurity protection? This article discusses three key factors that should play into that decision.

Factor #1 Awareness.

According to some experts, the biggest problem that small business owners face is simply awareness of the risk. This includes awareness by employees as well.

Most data leaks and other security incidents are caused by employees who are either unaware of security protocols or indifferent to them. Regardless of the level of security in your data center  or the strength of encrypted communications, the weakest link will almost always be the human beings interacting with the network.

To address this risk, small business owners need to focus on training and awareness for employees. However, company management is usually focused on sales and customer service. Further, owners often lack the time and expertise needed to properly assess security risks. Companies in any industry should look to partner with a third-party security firm to asses risks and develop appropriate training.

Factor #2 Employee Training.

Training is the first line of defense against cyber threats. This training needs to include the entire company, and should cover three key areas: (a) proper password management on all company services and devices, including clear procedures for new and departing employees, as well as day-to-day usage; (b) clear guidelines for the sharing of information with remote employees, partners and third parties; and (c) a plan for monitoring usage and privileges to the company’s digital assets.

Employee training needs to account for how the public will access your company’s products or services. For example, what if a hacker got into a system by pretending to be another user? By rolling out new features slowly, its easier to identify and fix security loopholes.

All stakeholders need awareness of: (a) the type of information you’re transmitting (e.g. payment information), (b) the visibility of information you’re transmitting (e.g. highly-publicized public launch vs. a quiet rollout of some new software), and (c) the level of security inherent in the transmission (e.g. encrypted emails and documents shared via a secure server or data shared publicly through public networks and via social media sites.

Factor #3 Vigilance (Monitoring).

For some companies everything is available and accessed online. Since online relationships are built upon trust, it is critical that the company actively monitor the security and transparency of this relationship. Many tools are available to measure and respond to risk factors and gauge likelihood of an impact to help determine the level of investment required. Resources can be assigned to anything with high likelihood and high impact.

For example, monitoring potentially fraudulent user accounts has an immediate commercial benefit as well as reducing risk.

Unfortunately, a common misconception is that putting up basic defenses like firewalls will protect security vulnerabilities. However, after reinforcing your Cybersecurity defense, the focus should shift to monitoring and alerting. In many cases, this may require up-front investments to enable tracking and alerting to irregularities in network and data activity. Fortunately, in the event of a breach or a loss of data, this monitoring information will be the key factor in addressing the problem and pinpointing the issue. Managers, employees and business partners need to understand that Cybersecurity is an ongoing process. Awareness, training and monitoring will go a long way toward enhancing a small business’ Cybersecurity preparedness.

About the Author:

David M. Adler, Esq. is a partner in the Chicago office of Leavens, Strand, Glover & Adler, LLC, a boutique intellectual property and entertainment law firm in Chicago, Illinois whose mission is providing businesses with a competitive advantage by enabling them to leverage their intangible assets and creative content in order to drive innovation and increase overall business value. The practice is organized around five major substantive areas of law: Intellectual Property Law, Commercial & Finance Law, Entertainment & Media Law, Corporate Law and Contract Law.

Contact us for a free consultation today. Dadler @ lsglegal (dot) com or (866) 734 2568

Will the News of the World voicemail snooping saga accelerate US privacy reform?

The United States is one the few countries in the developed world that lacks a comprehensive law protecting consumer privacy. Geolocation, personalized ads, group-buying deals, tracking cookies and other technologies have a wide range of privacy implications. Incidents like the phone-hacking scandal in the U.K. underscore the growing concern among both the general public and Congress here in the U.S.

Unlike citizens in Europe, Asia and Latin America, U.S. laws addressing rights and obligations surrounding sensitive-information tend to be sector-specific and inconsistent (HIPPA, COPPA, etc.). Notably, the FTC, the federal agency tasked with safeguarding consumers, has taken a largely laissez-faire approach. The result of Guidelines and enforcement actions is essentially a policy of “do as you like, just don’t lie about it.”

While congressional attention has been focused on updating the regulatory regime, the current legislation reflects the piecemeal approach of the past. Here is a break-down of the Five leading government privacy initiatives. Bills starting with H.R. are from the US House, and bills starting with S. are from the US Senate. The numbers are from the 112th Congress: 2011-2012.

H.R. 654: Do Not Track Me Online Act, sponsored by Rep. Jackie Speier [D-CA12] is to direct the Federal Trade Commission to prescribe regulations regarding the collection and use of information obtained by tracking the Internet activity of an individual, introduced Feb 11, 2011. Status: This bill is in the first step in the legislative process.

S. 913: Do-Not-Track Online Act of 2011, sponsored by Sen. John Rockefeller [D-WV] is a bill to require the Federal Trade Commission to prescribe regulations regarding the collection and use of personal information obtained by tracking the online activity of an individual, introduced May 9, 2011. Status: This bill is in the first step in the legislative process.

H.R. 1895: Do Not Track Kids Act of 2011, sponsored by Representatives Edward J. Markey, Massachusetts Democrat, and Joe Barton, Texas Republican, is aimed specifically at internet marketing to minors, introduced May 13, 2011. Status: This bill is in the first step in the legislative process.

S. 413: Cybersecurity and Internet Freedom Act of 2011, associated with the phrase the “internet kill switch” was, sponsored by Sen. Joseph Lieberman [I-CT], introduced Feb 17, 2011. Status: This bill is in the first step in the legislative process.

S. 799: Commercial Privacy Bill of Rights Act of 2011, sponsored by Sen. John Kerry [D-MA] Introduced Apr 12, 2011. Status: This bill is in the first step in the legislative process

Complete text of the various bills is available at GovTrack.us.

ABOUT THE AUTHOR

David M. Adler, Esq. is an attorney, author, educator, entrepreneur and partner at the boutique intellectual property, entertainment & media law firm LEAVENS, STRAND, GLOVER & ADLER, LLC based in Chicago, Illinois. My responsibilities include providing advice to business units and executives on copyright, trademark, ecommerce, software/IT, media & entertainment and issues associated with creating and commercializing innovations and creative content, drafting and negotiating contracts and licenses, advising on securities laws and corporate governance and managing outside counsel. Learn more about me here: http://www.ecommerceattorney.com and here: hLeavens Strand Glover & Adler, LLC