New York, N.Y. (November 4, 2022) - Throughout October, our Data Privacy & Cybersecurity Team vice chairs helped raise awareness of cybersecurity issues with a series of posts defining key terms in their practice. Philadelphia Partner Richard Goldberg defined "phishing," Dallas Partner Lindsay Nickle defined "ransomware," New York Partner Sarah Rugnetta defined "incident response planning," New York Partner Allen Sattler defined "cyber insurance," and Denver Partner Alyssa Watzman defined "multi-factor authentication." You can see these posts below, and share them on LinkedIn.
Share this definition on LinkedIn.
"At its simplest, phishing is a crook's attempt to scam you out of information for the purpose of stealing from you and your business. The crook sends you a message, which appears to be from someone you know, or on a topic that interests you, in the hope that you will provide your account credentials or download malware. Examples are emails appearing to be from your IT department, or from someone who wants to share a document that requires you to click on a link. Once the crook has your creds, they're exploring your system to see how you move money and where you keep confidential information. The resulting harm may include grabbing incoming or outgoing payments and exposing sensitive company information.
While a lot of phishing is amateurish, some is very sophisticated. Phishing varieties include: Spear phishing (targeting particular people); Whaling (targeting organization leaders); Smishing (sending text or SMS messages); HTTP phishing (sending fragment messages with a link that sends recipients to a malicious website to investigate); and website spoofing (offers that send recipients to fake websites).
Lewis Brisbois' Data Privacy & Cybersecurity Practice assists clients with developing policies and procedures to protect their networks from phishing attacks. We work with companies to create and deliver employee training on preventing malicious actors from gaining access to their email. In the unfortunate event that a client's network is compromised, we lead all aspects of the incident response, including forensic investigations and remediation, as well as consumer and regulatory notifications."
Share this definition on LinkedIn.
"Ransomware is a form of malware used by malicious actors
to encrypt files and systems in a network to render the
victim's computer network unusable and shut down business
operations. In connection with a ransomware attack, the malicious
actor typically demands a ransom in exchange for a decryption tool
or key that will let a business recover encrypted files. Many
ransomware groups also conduct reconnaissance in the victim's
information system prior to the attack and exfiltrate data that
they then threaten to publish on the dark web as a secondary means
of extortion. The malicious actor offers not to publish and delete
the exfiltrated data in exchange for a ransom payment.
Ransomware is one of the major cyber threats businesses face today,
and these attacks are becoming increasingly sophisticated. Because
of the threat that ransomware threat actors will steal data as well
as encrypt a victim's digital environment, it is important to
understand that a ransomware attack presents not only severe
monetary consequences, but also serious legal and compliance
ramifications.
We assist clients every day with responding to ransomware attacks
by facilitating investigations into attacks and assisting with the
restoration and recovery of impacted digital environments. We also
assist our clients with determining legal and compliance
requirements as a result of an attack, including the assessment of
potential legal, regulatory, and contractual notification
obligations. Our team also specializes in helping our clients
protect their systems from potential attacks by ensuring they have
the necessary best practices in place to remediate potential damage
in the event of an attack. We create policies and procedures for
our clients' businesses, facilitate necessary updates to their
systems, and designing and delivering employee awareness
training."
Share this definition on LinkedIn.
"Incident response planning" refers to the process of
designing procedures to be executed in the event of a cyber
incident. First and foremost, incident response planning involves
creating a written playbook that outlines how an organization will
respond in the event of a data breach or security incident. The
purpose of incident response planning is to minimize losses, reduce
recovery time, restore systems, reduce negative publicity, mitigate
risk, and comply with legal obligations. Maintaining and testing an
incident response plan is critical, particularly for organizations
that collect or process sensitive data, including biometrics,
personally identifiable information, and protected health
information. Often, organizations prepare different playbooks to
account for various attack scenarios.
The attorneys in Lewis Brisbois' Data Privacy &
Cybersecurity Practice work closely with clients on all aspects of
incident response planning. Before designing a plan, it is
important to assess applicable laws, existing procedures, and cyber
preparedness. From there, we help clients address vulnerabilities
and design procedures that work for them. We also conduct training
sessions and facilitate tabletop exercises to test the plans in the
context of a simulated incident. Moreover, our team has helped
clients respond to thousands of incidents and we're prepared to
assist clients the moment they learn they may be impacted by
another cyber incident. We manage all aspects of the response,
including facilitating forensics services, notifying consumers and
the appropriate regulatory authorities, and handling any resulting
litigation."
Share this definition on LinkedIn.
"Cyber insurance" can help protect organizations from
losses associated with any data security or data privacy incident,
such as a ransomware attack, business email compromise, social
engineering attack, or litigation arising out of alleged violations
of privacy laws. Cyber insurance policies vary in terms of what
they cover and can be customized to fit a particular
organization's needs. For example, cyber insurance may cover
costs associated with notifying customers that a breach has
occurred, costs associated with credit monitoring offered to
notified customers, recovering compromised data, or repairing
computer networks. In addition, some policies cover litigation
costs, business interruption expenses, and regulatory fines.
Because the losses associated with a ransomware attack or other
event can be potentially devastating for a company, maintaining
adequate cyber insurance coverage is imperative. Cyber insurance
not only provides financial peace of mind, but also increases the
efficiency and efficacy of any response to an incident. The
insurance carrier can connect the organization to the appropriate
resources, including leading cybersecurity attorneys (also called
"breach coaches"), digital forensic firms, PR firms, and
other professionals.
Lewis Brisbois' Data Privacy & Cybersecurity Team manages
all aspects of breach responses, and we work closely with our
insurance partners to help navigate our clients through a breach
response, ensuring the costs incurred in a breach are pre-approved
by the carrier, if those costs fall within the scope of coverage
afforded by the policy. However, the more our clients do prior to a
breach, the better prepared they are when they experience that
breach. To that end, Lewis Brisbois' attorneys provide a suite
of proactive services for clients, such as advising on the type of
cyber insurance that will best protect their businesses and
connecting clients to professionals in the marketplace to procure
that insurance."
Share this definition on LinkedIn.
"Multi-factor authentication," or MFA, is a layered
approach to protecting a network's data. The process requires a
user to provide two or more credentials to verify their identity
and access their organization's network. For example, MFA may
require an authorized user, such as a company employee, to provide
both something they "know," such as a user name and
password, with something they "have," such as a unique
code sent to the employee's smart phone, or something they
"are," such as a fingerprint or other biometric
measurement, in order to gain access to accounts or
databases.
Implementing MFA is one of the most effective ways to defend
information systems. The secondary level of protection that MFA
provides helps prevent malicious actors from hijacking accounts and
data and using them for malicious purposes. That is, even if one
user credential is compromised, malicious actors will still be
unable to satisfy the second authentication requirement. Thus, they
ultimately will not be able to access the network they are
attempting to breach.
Members of Lewis Brisbois' Data Privacy and Cybersecurity Team
advise clients each day as to how they may secure their networks
and protect themselves from malicious actors. Working with clients
to implement MFA is often part of this process. We believe that MFA
is essential and should be deployed as part of an overall
cybersecurity plan."
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.