Cyber Security Basics for Administrative Professionals

Agenda

Trends in Online Malicious Activity

Full-Scale Extortionate Criminal Business Models

• Business Development
• Research and Development
• Marketing and Communications
• Accounts Receivable/Collections

Effective Execution of Attacks

• Thorough, Persistent, Patient Reconnaissance
• High-Value Targets: Managed Service Providers, Critical Supply Chain Providers
• Expertise With Multiple Attack Vectors
• Customized Malware and Legitimate Applications Used for Malicious Purposes

Sophisticated Attacks

• Extortionate Encryption/Exfiltration Attacks
• Extortionate Email Compromises
• Email Compromise

The Dark Web

• Hosting Services
• Anti-Virus Services
• Digital Payment Services

Trends in the State and Federal Regulatory Environments

• Expansion of the Definition of Personal Information
• Expansion of Imposition of Time Limits Within Which Consumer and Regulatory Notification Must Be Provided
• Expansion of Assessments on Businesses to Fund State Operations Budgets

Review of the Financial Implications of a Data Breach to Explain the Economic Risks of a Data Breach

• First-Party Costs
• Third-Party Costs
• Remediation Costs
• Fines and Penalties

Best Practices in Preparing for and Responding to Data Security Incidents

• Ransomware Attacks and Business Email Compromises
• Incident Response Planning and Table
• Third-Party Contract Review to Reduce Liability
• Resources Available Through Cyber Insurance Policy
• Develop Preventive Cybersecurity Measures
• Develop Comprehensive Data Backup and Restoration System
• Establish a Culture of Security

Credits

Faculty

Sean B. Hoar

Constangy Brooks Smith & Prophete LLP

Sean Hoar

• Partner in Constangy’s Portland office
• Serves as chair of the Constangy Cyber Team
• Manages responses to complex data breaches and works with information security personnel and corporate executives in managing and mitigating cyber risk
• Background includes almost 25 years of experience with data privacy and information security matters
• Former cyber attorney for the U.S. Department of Justice, where he served as the lead cyber attorney for the U.S. Attorney’s Office in Oregon and worked with the Computer Crime & Intellectual Property Section in Washington, D.C., working closely with the FBI, the Secret Service, and other federal agencies in prosecuting complex white collar and high-tech cybercrime
• Honored twice with the Director’s Award, one of the highest awards bestowed upon Assistant U.S. Attorneys
• Has been recognized for his leadership in the data privacy and cybersecurity space, having been named by the Cybersecurity Docket as one of the best and brightest data breach response lawyers in the United States
• Credentials include being a Global Information Security Professional (GISP), a Certified Information Systems Security Professional (CISSP), and a Certified Information Privacy Professional for United States law (CIPP/US)