Author: Edward Dunham

For many businesses, the COVID-19 pandemic has drastically and negatively affected their security due to issues arising from permitting or directing many, if not all, of their employees to work remotely from home or elsewhere to avoid virus transmission.

In this work structure, technology has become more important than ever. Unfortunately, all too often remote activity is not a ‘cyber-safe’ working environment since remote-working individuals do not often enjoy the inherent protections afforded them at their place of business.

Some of the major factors contributing to critical cyber security threats in a remote work environment include:

  • Bring Your Own Device (“BYOD”) policies for phones, tablets and laptops. Businesses can meet this issue effectively for employees by instituting Corporate Owned Personally Enabled (“COPE”) policies.
  • Human error, prevalent before COVID-19, is greater now as a cyber security issue. Human error can be addressed in many ways including time-outs in key information systems and automated controls.
  • Remote-working employees untrained in enhanced cyber security issues.
  • Increased activity of cyber criminals targeting less secure remote systems and usage.

What can you do to help your business combat increased, COVID-enhanced cyber security risks? Begin with the importance of risk assessment as a necessary first step in dealing with cyber and COVID-19 exposures.

Your risk assessment must be thorough and comprehensive, price effective and have a rapid turnaround. This is particularly important now with the exposures changing rapidly in scope, kind and numbers.

To be useful to your business, any thorough assessment report must include recommended remediations and check lists. For flexibility, the process yielding a report should be algorithm-based. A full report should be ready for you in a matter of days, not weeks or months.

An effective process will assist underwriters in placing the right coverage and assist claims folks in determining if a claim is covered, all of which will likely save you a lot of time and expense.

An informed and well-crafted process will allow you to make informed decisions as to whether to fix, ignore or transfer given exposures.

If you have any questions regarding the foregoing, please contact Edward M. Dunham Jr. at (215) 241-8802 or edunham@sgrvlaw.com

0

In this day of rampant hacking, coordinated cyber security is an absolute must.  Recognizing the importance of an organized effort, the Democratic National Committee (DNC) unveiled an updated cyber security checklist earlier this year designed to thwart continued attempts to hack their systems during the election cycle.  Although more of a consumer-level checklist, the list is practical guidance for any company or organization looking to promote enhanced cyber security, regardless of political affiliations or inclination.

According to The Hill, concerns over cyberattacks have been a priority for political groups in recent years, particularly after the 2016 hack of the DNC that resulted in the release of sensitive emails ahead of that year’s presidential election. This new version of the checklist comes as political groups gear up for the 2020 presidential election amid concerns they could face cyberattacks from U.S. adversaries.

The DNC Device and Account Security Checklist includes the following guidance on securing your devices:

  • Keep your laptops, phones and tablets, as well as the applications on them, updated. For example, most operating system updates contain numerous security updates. Adversaries frequently take advantage of devices that have not been updated recently. Always apply your updates as soon as they come out!
  • Laptop disk encryption. Encrypting your laptop can keep your data safe even when it is lost or stolen. Disk encryption is easy to enable and does not take much time.
  • Web encryption. Some websites do not properly enable encryption for all connections. Luckily, there is something you can do to make sure your internet connections are secure.  In your web browser, you should install the HTTPS Everywhere extension.  HTTPS Everywhere is a Firefox, Chrome and Opera extension that strengthens the encryption between your device and major websites.
  • Secure your mobile phones and tablets. Some phone carriers allow you to set a login PIN.  If your carrier supports this feature, you should enable the feature because having a pin makes it harder for attackers to take over your account.  Even if they guess your name and password, they will still need to obtain the PIN to access your account.

The DNC’s checklist is exactly that: a list of steps to complete and then check off.  At Spector Gadon Rosen Vinci P.C., we provide IT and non-IT assessment and remediation through our Cyber Exposure Analysis process.  Our advanced algorithms enable us to issue a cost-effective, attorney-client privileged report in short order and enables informed cyber risk management decision-making as to whether to fix or transfer by way of insurance specific risks.  To learn more about developing a comprehensive strategy for remediation, contact Edward M. Dunham, Jr., Chair, Cyber Security Group, at (215) 241-8802, or edunham@sgrvlaw.com.

0

By every measure, the incident rates of cyber-attacks and confidential information disclosure across all businesses are increasing exponentially. Spector Gadon & Rosen, P.C. emphasizes pre-breach services to assist our clients in preventing breaches in the first place. Because breaches are costly, intrusive and not going away, we developed the Cyber Exposure Analysis process (CEA) to combat cyber exposures head-on. CEA is straightforward, easy to use and generates a detailed cyber risk exposure profile report based on information furnished by our clients in CEA’s assessment survey.

CEA addresses the issues that keep CEOs, General Counsel and Risk Managers awake at night by targeting the major cyber-risk areas including:

  • Breach of privacy claims, including non-consensual, misuse and misappropriation of personal data, identity theft and contravention of international privacy laws applicable to online businesses
  • Contractual exposures inherent in the use of cloud computing
  • Copyright, patent and trademark infringement claims
  • The advantages and risks associated with the use of social media in an organization
  • Non-Compliance with local, state, federal and foreign regulations pertaining to the safeguarding of privacy information
  • Liability arising from systems failures and outages, viruses, worms and data corruption, hacking and other vulnerabilities in online offerings
  • Trade secret protection, including questions of encryption, e-mail, extraordinary intercept measures, social media, discussion groups and Internet acquisition and distribution of trade secrets.

In the CEA process, we process the clients’ information feedback and issue a report that includes detailed responses to the clients’ answers, exposure evaluations keyed to the individual responses in the areas surveyed, graphical comparisons of the exposure areas surveyed, remediation check lists and an executive summary. Our proprietary algorithm-based technology makes possible the delivery of the report within five business days. Importantly, when the client retains us for the CEA process, what the client tells us in answering the questionnaire and what we recommend in the report is attorney-client privileged. The CEA report enables our clients to make informed cyber risk management decisions as to whether to fix the exposures, ignore them or transfer them by way of cyber risk insurance. We can assist our clients in carrying out whatever decisions they make.

For further guidance in this area, please contact Ned Dunham, Esquire, at 215-241-8802 or edunham@lawsgr.com.

0