New York, N.Y. (November 4, 2022) - Throughout October, our Data Privacy & Cybersecurity Team vice chairs helped raise awareness of cybersecurity issues with a series of posts defining key terms in their practice. Philadelphia Partner Richard Goldberg defined "phishing," Dallas Partner Lindsay Nickle defined "ransomware," New York Partner Sarah Rugnetta defined "incident response planning," New York Partner Allen Sattler defined "cyber insurance," and Denver Partner Alyssa Watzman defined "multi-factor authentication." You can see these posts below, and share them on LinkedIn.

1248348a.jpg

Share this definition on LinkedIn.

"At its simplest, phishing is a crook's attempt to scam you out of information for the purpose of stealing from you and your business. The crook sends you a message, which appears to be from someone you know, or on a topic that interests you, in the hope that you will provide your account credentials or download malware. Examples are emails appearing to be from your IT department, or from someone who wants to share a document that requires you to click on a link. Once the crook has your creds, they're exploring your system to see how you move money and where you keep confidential information. The resulting harm may include grabbing incoming or outgoing payments and exposing sensitive company information.

While a lot of phishing is amateurish, some is very sophisticated. Phishing varieties include: Spear phishing (targeting particular people); Whaling (targeting organization leaders); Smishing (sending text or SMS messages); HTTP phishing (sending fragment messages with a link that sends recipients to a malicious website to investigate); and website spoofing (offers that send recipients to fake websites).

Lewis Brisbois' Data Privacy & Cybersecurity Practice assists clients with developing policies and procedures to protect their networks from phishing attacks. We work with companies to create and deliver employee training on preventing malicious actors from gaining access to their email. In the unfortunate event that a client's network is compromised, we lead all aspects of the incident response, including forensic investigations and remediation, as well as consumer and regulatory notifications."

1248348b.jpg

Share this definition on LinkedIn.

"Ransomware is a form of malware used by malicious actors to encrypt files and systems in a network to render the victim's computer network unusable and shut down business operations. In connection with a ransomware attack, the malicious actor typically demands a ransom in exchange for a decryption tool or key that will let a business recover encrypted files. Many ransomware groups also conduct reconnaissance in the victim's information system prior to the attack and exfiltrate data that they then threaten to publish on the dark web as a secondary means of extortion. The malicious actor offers not to publish and delete the exfiltrated data in exchange for a ransom payment.

Ransomware is one of the major cyber threats businesses face today, and these attacks are becoming increasingly sophisticated. Because of the threat that ransomware threat actors will steal data as well as encrypt a victim's digital environment, it is important to understand that a ransomware attack presents not only severe monetary consequences, but also serious legal and compliance ramifications.

We assist clients every day with responding to ransomware attacks by facilitating investigations into attacks and assisting with the restoration and recovery of impacted digital environments. We also assist our clients with determining legal and compliance requirements as a result of an attack, including the assessment of potential legal, regulatory, and contractual notification obligations. Our team also specializes in helping our clients protect their systems from potential attacks by ensuring they have the necessary best practices in place to remediate potential damage in the event of an attack. We create policies and procedures for our clients' businesses, facilitate necessary updates to their systems, and designing and delivering employee awareness training."

1248348c.jpg

Share this definition on LinkedIn.

"Incident response planning" refers to the process of designing procedures to be executed in the event of a cyber incident. First and foremost, incident response planning involves creating a written playbook that outlines how an organization will respond in the event of a data breach or security incident. The purpose of incident response planning is to minimize losses, reduce recovery time, restore systems, reduce negative publicity, mitigate risk, and comply with legal obligations. Maintaining and testing an incident response plan is critical, particularly for organizations that collect or process sensitive data, including biometrics, personally identifiable information, and protected health information. Often, organizations prepare different playbooks to account for various attack scenarios.

The attorneys in Lewis Brisbois' Data Privacy & Cybersecurity Practice work closely with clients on all aspects of incident response planning. Before designing a plan, it is important to assess applicable laws, existing procedures, and cyber preparedness. From there, we help clients address vulnerabilities and design procedures that work for them. We also conduct training sessions and facilitate tabletop exercises to test the plans in the context of a simulated incident. Moreover, our team has helped clients respond to thousands of incidents and we're prepared to assist clients the moment they learn they may be impacted by another cyber incident. We manage all aspects of the response, including facilitating forensics services, notifying consumers and the appropriate regulatory authorities, and handling any resulting litigation."

1248348d.jpg

Share this definition on LinkedIn.

"Cyber insurance" can help protect organizations from losses associated with any data security or data privacy incident, such as a ransomware attack, business email compromise, social engineering attack, or litigation arising out of alleged violations of privacy laws. Cyber insurance policies vary in terms of what they cover and can be customized to fit a particular organization's needs. For example, cyber insurance may cover costs associated with notifying customers that a breach has occurred, costs associated with credit monitoring offered to notified customers, recovering compromised data, or repairing computer networks. In addition, some policies cover litigation costs, business interruption expenses, and regulatory fines.

Because the losses associated with a ransomware attack or other event can be potentially devastating for a company, maintaining adequate cyber insurance coverage is imperative. Cyber insurance not only provides financial peace of mind, but also increases the efficiency and efficacy of any response to an incident. The insurance carrier can connect the organization to the appropriate resources, including leading cybersecurity attorneys (also called "breach coaches"), digital forensic firms, PR firms, and other professionals.

Lewis Brisbois' Data Privacy & Cybersecurity Team manages all aspects of breach responses, and we work closely with our insurance partners to help navigate our clients through a breach response, ensuring the costs incurred in a breach are pre-approved by the carrier, if those costs fall within the scope of coverage afforded by the policy. However, the more our clients do prior to a breach, the better prepared they are when they experience that breach. To that end, Lewis Brisbois' attorneys provide a suite of proactive services for clients, such as advising on the type of cyber insurance that will best protect their businesses and connecting clients to professionals in the marketplace to procure that insurance."

1248348e.jpg

Share this definition on LinkedIn.

"Multi-factor authentication," or MFA, is a layered approach to protecting a network's data. The process requires a user to provide two or more credentials to verify their identity and access their organization's network. For example, MFA may require an authorized user, such as a company employee, to provide both something they "know," such as a user name and password, with something they "have," such as a unique code sent to the employee's smart phone, or something they "are," such as a fingerprint or other biometric measurement, in order to gain access to accounts or databases.

Implementing MFA is one of the most effective ways to defend information systems. The secondary level of protection that MFA provides helps prevent malicious actors from hijacking accounts and data and using them for malicious purposes. That is, even if one user credential is compromised, malicious actors will still be unable to satisfy the second authentication requirement. Thus, they ultimately will not be able to access the network they are attempting to breach.

Members of Lewis Brisbois' Data Privacy and Cybersecurity Team advise clients each day as to how they may secure their networks and protect themselves from malicious actors. Working with clients to implement MFA is often part of this process. We believe that MFA is essential and should be deployed as part of an overall cybersecurity plan."

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.