Crowell & Moring | 1
BreachesandSensi-veDocuments:HowtoPrepare,Respond,andProtectYourself(andyourCompany)
EvanWolffPartnerandChair,PrivacyandCybersecurityPrac8ceCrowell&[email protected]
Crowell & Moring | 2
EvanWolff,Partner
A unique Washington lawyer, Evan D. Wolff possesses the hands-on experience in the technologies and policies that govern the cybersecurity space and is an authority on cybersecurity and privacy regulations. Evan served as an advisor to the senior leadership at the stand-up of the Department of Homeland Security. He is a highly sought-after lawyer for leading defense, energy and manufacturing companies and a thought leader on federal government initiatives in public and private sector coordination in addressing cyber issues. As Crowell & Moring's Privacy & Cybersecurity Practice Co-chair, Evan advises companies on network security, investigation coordination after intrusions, data breaches, and insurance issues. Evan recognizes that despite best efforts cyber incidents happen, so he takes an innovative approach to developing blended legal, technical, and governance mechanisms so companies are prepared with a rapid and comprehensive response. This includes conducting incident simulations and developing incident response plans. He has advised companies and their boards on more than 100 data breaches, managing the legal, technical, and management aspects of those responses. Evan believes in building a community and is co-chair of the ABA’s Homeland Security Law Institute and senior advisor to the ABA Committee on Law and National Security; advisor to The Chertoff Group; an adjunct professor at George Mason University School of Law; a fellow with the Woodrow Wilson International Center for Scholars; and a member of the Sandia National Lab External Advisory Board, the U.S. Chamber of Commerce National Security Task Force, and the Aspen Institute's Homeland Security Group.
Crowell & Moring | 3
Discovery
INCIDENTIDENTIFIED
ITStaffDetects
ITHelpDeskCall
3rdPartyNo8fica8on
LawEnforcementNo8fica8on
Discovery
Inves8ga8on
Remedia8on&Evidence
Preserva8on
Legal&BusinessRisk/No8fica8on
Analysis
PrepareforRound2
Li8ga8on
Crowell & Moring | 4
Inves-ga-on
ForensicInves8ga8on
LedByCounselInternalTeams3rdPartyExperts(RetainedbyCounsel)
LegalReview
IncidentResponsePlanPrivacyPolicySecurityPolicyDocumentReten8on
ManagementReview
Oversight&ManagementRoles&Responsibili8esCommunica8onStructure
Discovery
Inves-ga-on
Remedia8on&Evidence
Preserva8on
Legal&BusinessRisk/No8fica8on
Analysis
PrepareforRound2
Li8ga8on
Crowell & Moring | 5
Remedia-on&EvidencePreserva-on
VerifyDataAccessed
Iden-fy&FixTechnical
Causes
PreserveEvidenceofIncident
Track&RecoverLost
Data
REGAINTRUSTINNETWORKSECURITY
CONDUCTDATAFORENSICS
Discovery
Inves8ga8on
Remedia-on&Evidence
Preserva-on
Legal&BusinessRisk/No8fica8on
Analysis
PrepareforRound2
Li8ga8on
Crowell & Moring | 6
Legal&RiskAnalysis/No-fica-on
MANAGINGNOTIFICATIONS
Government
Companies
OthersShareholders
Individuals
NOTIFICATIONCONSIDERATIONSFederal&StateCompliance
WhotoNo8fy?
PreparingMaterials
Timing(Legal,Regulatory,etc.)
LawEnforcement/RegulatorCoordina8on
Media/Messaging
3rdPartyProviders
Documenta-onofIncident&Analysis
Quan-fica-onofExposure
No-fica-onObliga-ons
Discovery
Inves8ga8on
Remedia8on&Evidence
Preserva8on
Legal&BusinessRisk/No-fica-on
Analysis
PrepareforRound2
Li8ga8on
Crowell & Moring | 7
PrepareforRound2
PrepareImmediatelyForFollow-onIncidentResponse
A[erNo-fica-on
HighlyPublicizedTargetsofA]ackTypicallyExperience
FurtherA]acks
Discovery
Inves8ga8on
Remedia8on&Evidence
Preserva8on
Legal&BusinessRisk/No8fica8on
Analysis
PrepareforRound2
Li8ga8on
Crowell & Moring | 8
Li-ga-on
ClassAc-ons Negligence BreachofContract
FederalandStateRegulatory
Ac-ons
BreachofPrivacy
StateStatutes–e.g.,CMIA TortClaims Shareholder
Ac-ons
LE/CriminalAc-ons
Interna-onalAc-ons
CAUSESOFACTION
Discovery
Inves8ga8on
Remedia8on&Evidence
Preserva8on
Legal&BusinessRisk/No8fica8on
Analysis
PrepareforRound2
Li-ga-on
Crowell & Moring | 9
• Risk Management is a continual, systematic process of awareness, assessment, action and adapting your plan.
• Compliance ≠ security spend ≠ risk reduction • Focus on:
– Know your data, network and regulations – Establish governance – Create clear policies and procedures – Manage technical and administrative controls
Crowell & Moring | 10
SimplifiedRecommenda-onInProtec-ngyourData
Single-factorauthen-ca-onis
compromisedmoreoXenthananyonevector.Implement
strongerauthen8ca8on
solu8onsanddon’tmakeexcep8ons.
Malwareisnotgoinganywhere.Weassumeyouhaveclient-basedan8-virusrunning,whichisastart.EnrichAVwith
networkmalwaredetec-on,sandboxing
technologiesandapplica-onwhitelis-ng.
Mostbreachesarestar8ngwitha
compromiseduserdevice.Planwith
theassump-onthatauserscreden-al
willbecompromised.Limitthesensi8vedata
distribu8onanduse.Buildmonitoringat
auserlevel.
Knowwhatassetsyouhaveandkeepthempatched.#2mostcompromised
vector.1)fewcompanieshaveanaccurateinventoryofassets,2)theyalmostneverkeepthemproperly
patchedconsistentlyacrossthe
enterprise,and3)oXen,non-
produc8on,cri8calsystemsaren’t
properlypriori8zed
UserAwarenessTrainingand
con-nuousroleplayingiscri-cal.Youcan’tsolvefordumb,butyoucanreduceriskfortheaverageuser.1)trainandtest2)leverageemail
gateways.Stripallexecutablesandmacro-enabled
documents,whereapplicable(excludeforcornercases,notbuildtoo,3)Weedoutthedummies
andaddress
ContainerizeandEncryptallmobiledevices!1)Be
carefultounderstandwhat
MDMsdoanddon’tdo,2)understandBYODtradeoffs,3)
forecast–areckoningiscomingwithinmobile3)containerize
confiden8aldata
ThreatIntelligenceifopera-onalizedispowerful.1)ifitsin
thenews,itsprobablytolate,2)customerspecific
intelandmonitoringiscri8cal,3)Akeyisknowingwhatthenextloomingthreatmightlooklikeand
howtoplan,recognize,respondandmi8gateitas
necessary.
Con-nuallyprogressforwardwithaplan.Iden8fyandpriori8zeknownareaofweaknesses.Haveaplanandexecute…movingforwardisbeaerthanparalysisthroughanalysis
Crowell & Moring | 11
Crowell & Moring LLP is an interna>onal law firm with approximately 500 lawyers represen>ng clients in li>ga>on and arbitra>on, regulatory, and transac>onal maJers. The firm is interna>onally recognized for its representa>on of Fortune 500 companies in high-stakes li>ga>on, as well as its ongoing commitment to pro bono service and diversity. The firm has offices in Washington, D.C., New York, Los Angeles, San Francisco, Orange County, London, and Brussels.
© Crowell & Moring LLP 2017
crowell.com