Breaches and Sensive Documents: How to Prepare, Respond ... · Breaches and Sensive Documents: How...

Crowell & Moring | 1

BreachesandSensi-veDocuments:HowtoPrepare,Respond,andProtectYourself(andyourCompany)

EvanWolffPartnerandChair,PrivacyandCybersecurityPrac8ceCrowell&[email protected]


EvanWolff,Partner

A unique Washington lawyer, Evan D. Wolff possesses the hands-on experience in the technologies and policies that govern the cybersecurity space and is an authority on cybersecurity and privacy regulations. Evan served as an advisor to the senior leadership at the stand-up of the Department of Homeland Security. He is a highly sought-after lawyer for leading defense, energy and manufacturing companies and a thought leader on federal government initiatives in public and private sector coordination in addressing cyber issues. As Crowell & Moring's Privacy & Cybersecurity Practice Co-chair, Evan advises companies on network security, investigation coordination after intrusions, data breaches, and insurance issues. Evan recognizes that despite best efforts cyber incidents happen, so he takes an innovative approach to developing blended legal, technical, and governance mechanisms so companies are prepared with a rapid and comprehensive response. This includes conducting incident simulations and developing incident response plans. He has advised companies and their boards on more than 100 data breaches, managing the legal, technical, and management aspects of those responses. Evan believes in building a community and is co-chair of the ABA’s Homeland Security Law Institute and senior advisor to the ABA Committee on Law and National Security; advisor to The Chertoff Group; an adjunct professor at George Mason University School of Law; a fellow with the Woodrow Wilson International Center for Scholars; and a member of the Sandia National Lab External Advisory Board, the U.S. Chamber of Commerce National Security Task Force, and the Aspen Institute's Homeland Security Group.


Discovery

INCIDENTIDENTIFIED

ITStaffDetects

ITHelpDeskCall

3rdPartyNo8fica8on

LawEnforcementNo8fica8on

Discovery

Inves8ga8on

Remedia8on&Evidence

Preserva8on

Legal&BusinessRisk/No8fica8on

Analysis

PrepareforRound2

Li8ga8on


Inves-ga-on

ForensicInves8ga8on

LedByCounselInternalTeams3rdPartyExperts(RetainedbyCounsel)

LegalReview

IncidentResponsePlanPrivacyPolicySecurityPolicyDocumentReten8on

ManagementReview

Oversight&ManagementRoles&Responsibili8esCommunica8onStructure

Discovery

Inves-ga-on

Remedia8on&Evidence

Preserva8on


Analysis

PrepareforRound2

Li8ga8on


Remedia-on&EvidencePreserva-on

VerifyDataAccessed

Iden-fy&FixTechnical

Causes

PreserveEvidenceofIncident

Track&RecoverLost

Data

REGAINTRUSTINNETWORKSECURITY

CONDUCTDATAFORENSICS

Discovery

Inves8ga8on

Remedia-on&Evidence

Preserva-on


Analysis

PrepareforRound2

Li8ga8on


Legal&RiskAnalysis/No-fica-on

MANAGINGNOTIFICATIONS

Government

Companies

OthersShareholders

Individuals

NOTIFICATIONCONSIDERATIONSFederal&StateCompliance

WhotoNo8fy?

PreparingMaterials

Timing(Legal,Regulatory,etc.)

LawEnforcement/RegulatorCoordina8on

Media/Messaging

3rdPartyProviders

Documenta-onofIncident&Analysis

Quan-fica-onofExposure

No-fica-onObliga-ons

Discovery

Inves8ga8on

Remedia8on&Evidence

Preserva8on

Legal&BusinessRisk/No-fica-on

Analysis

PrepareforRound2

Li8ga8on


PrepareforRound2

PrepareImmediatelyForFollow-onIncidentResponse

A[erNo-fica-on

HighlyPublicizedTargetsofA]ackTypicallyExperience

FurtherA]acks

Discovery

Inves8ga8on

Remedia8on&Evidence

Preserva8on


Analysis

PrepareforRound2

Li8ga8on


Li-ga-on

ClassAc-ons Negligence BreachofContract

FederalandStateRegulatory

Ac-ons

BreachofPrivacy

StateStatutes–e.g.,CMIA TortClaims Shareholder

Ac-ons

LE/CriminalAc-ons

Interna-onalAc-ons

CAUSESOFACTION

Discovery

Inves8ga8on

Remedia8on&Evidence

Preserva8on


Analysis

PrepareforRound2

Li-ga-on


•  Risk Management is a continual, systematic process of awareness, assessment, action and adapting your plan.

•  Compliance ≠ security spend ≠ risk reduction •  Focus on:

–  Know your data, network and regulations –  Establish governance –  Create clear policies and procedures –  Manage technical and administrative controls


SimplifiedRecommenda-onInProtec-ngyourData

Single-factorauthen-ca-onis

compromisedmoreoXenthananyonevector.Implement

strongerauthen8ca8on

solu8onsanddon’tmakeexcep8ons.

Malwareisnotgoinganywhere.Weassumeyouhaveclient-basedan8-virusrunning,whichisastart.EnrichAVwith

networkmalwaredetec-on,sandboxing

technologiesandapplica-onwhitelis-ng.

Mostbreachesarestar8ngwitha

compromiseduserdevice.Planwith

theassump-onthatauserscreden-al

willbecompromised.Limitthesensi8vedata

distribu8onanduse.Buildmonitoringat

auserlevel.

Knowwhatassetsyouhaveandkeepthempatched.#2mostcompromised

vector.1)fewcompanieshaveanaccurateinventoryofassets,2)theyalmostneverkeepthemproperly

patchedconsistentlyacrossthe

enterprise,and3)oXen,non-

produc8on,cri8calsystemsaren’t

properlypriori8zed

UserAwarenessTrainingand

con-nuousroleplayingiscri-cal.Youcan’tsolvefordumb,butyoucanreduceriskfortheaverageuser.1)trainandtest2)leverageemail

gateways.Stripallexecutablesandmacro-enabled

documents,whereapplicable(excludeforcornercases,notbuildtoo,3)Weedoutthedummies

andaddress

ContainerizeandEncryptallmobiledevices!1)Be

carefultounderstandwhat

MDMsdoanddon’tdo,2)understandBYODtradeoffs,3)

forecast–areckoningiscomingwithinmobile3)containerize

confiden8aldata

ThreatIntelligenceifopera-onalizedispowerful.1)ifitsin

thenews,itsprobablytolate,2)customerspecific

intelandmonitoringiscri8cal,3)Akeyisknowingwhatthenextloomingthreatmightlooklikeand

howtoplan,recognize,respondandmi8gateitas

necessary.

Con-nuallyprogressforwardwithaplan.Iden8fyandpriori8zeknownareaofweaknesses.Haveaplanandexecute…movingforwardisbeaerthanparalysisthroughanalysis


Crowell & Moring LLP is an interna>onal law firm with approximately 500 lawyers represen>ng clients in li>ga>on and arbitra>on, regulatory, and transac>onal maJers. The firm is interna>onally recognized for its representa>on of Fortune 500 companies in high-stakes li>ga>on, as well as its ongoing commitment to pro bono service and diversity. The firm has offices in Washington, D.C., New York, Los Angeles, San Francisco, Orange County, London, and Brussels.

© Crowell & Moring LLP 2017

crowell.com

Breaches and Sensive Documents: How to Prepare, Respond ... · Breaches and Sensive Documents: How...

Documents

Transcript of Breaches and Sensive Documents: How to Prepare, Respond ... · Breaches and Sensive Documents: How...