Cyber Security Basics for Administrative Professionals

Agenda

Trends in Online Malicious Activity: An Explanation of the Scope and Severity of the Organizational Risks Associated With Data Security Incidents

• Extortionate Attacks - Ransomware and Encryption
• Social Engineering Attacks - Data Monetization Through Fraudulent Wire Transfers, Direct Deposit Redirects, and the Theft of Human Resources Information
• Malicious Use of Networks - the Theft of System Resources for Cryptomining, and the Storage of Stolen Information

The Dark Web: An Explanation of the Various Services Sold on the Dark Web and the Scope of Criminal Behavior Used to Attack Business Information Systems

• Hosting Services = Servers Used to Host Malicious Computer Code, Botnets, and Criminally Derived Property
• Anti-Virus Services - to Check Malicious Code to Determine Whether It Will Be Detected by Anti-Virus Products
• Digital Payment Services - With Over 1300 Denominations of Digital Currency to Choose From

Trends in the State and Federal Regulatory Environments to Explain the Consumer and Regulatory Notification Obligations That May Arise From Data Security Incidents and the Sense of Urgency an Organization Must Have to Comply With Them

• Expansion of the Definition of Personal Information
• Expansion of Imposition of Time Limits Within Which Consumer and Regulatory Notification Must Be Provided
• Expansion of Assessments on Businesses to Fund State Operations Budgets

Review of the Financial Implications of a Data Breach to Explain the Economic Risks of a Data Breach

• First Party Costs
• Third Party Costs
• Remediation Costs
• Fines and Penalties

Best Practices in Preparing for and Responding to Data Security Incidents

• Ransomware Attacks and Business Email Compromises
• Incident Response Planning and Table Top Exercises
• Third Party Contract Review to Reduce Liability

Credits

Faculty

Sean B. Hoar

Constangy Brooks Smith & Prophete LLP

Sean Hoar

• Partner in Constangy’s Portland office
• Serves as chair of the Constangy Cyber Team
• Manages responses to complex data breaches and works with information security personnel and corporate executives in managing and mitigating cyber risk
• Background includes almost 25 years of experience with data privacy and information security matters
• Former cyber attorney for the U.S. Department of Justice, where he served as the lead cyber attorney for the U.S. Attorney’s Office in Oregon and worked with the Computer Crime & Intellectual Property Section in Washington, D.C., working closely with the FBI, the Secret Service, and other federal agencies in prosecuting complex white collar and high-tech cybercrime
• Honored twice with the Director’s Award, one of the highest awards bestowed upon Assistant U.S. Attorneys
• Has been recognized for his leadership in the data privacy and cybersecurity space, having been named by the Cybersecurity Docket as one of the best and brightest data breach response lawyers in the United States
• Credentials include being a Global Information Security Professional (GISP), a Certified Information Systems Security Professional (CISSP), and a Certified Information Privacy Professional for United States law (CIPP/US)