Cybersecurity & Data Privacy

Companies are under constant threat of cyber attack. A business that suffers a data breach incident may incur significant expenses including the cost to investigate and contain the breach, notifying affected individuals, government fines, lawsuits and lost business as a result of damage done to the company’s reputation.

Lindabury’s Cybersecurity & Data Privacy Group advises companies across a broad range of industries on preparing for and responding to data breach incidents. We advise on data protection and privacy laws, including obligations under the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, the Fair Credit Reporting Act (FCRA), the Electronic Communications Privacy Act (ECPA), the Children’s Online Privacy Protection Act, the Federal Trade Commission Act, Dodd-Frank Act, breach notification laws, and other federal and state laws. We employ a proactive approach to assist companies mitigate risks and secure their vital data from both internal and external threats.

Preparedness

Effective cybersecurity and data management begins with understanding that no company’s information is completely secure. However, those who take time to understand the data they collect and maintain will be better positioned to secure and protect that data. Recognizing the type(s) of data your company collects and maintains is instrumental when determining the organization’s legal obligations once a cyber breach takes place.

An ounce of prevention is worth a pound of cure, and our team works with companies to develop or improve data privacy practices and incident response plans. Measures include undertaking an internal risk assessment in order to help companies understand their unique cybersecurity risks as they relate to corporate operations, assets and personnel. Internal risk assessments include conducting network vulnerability assessments followed by identifying and implementing solutions that address vulnerabilities. We work to protect companies both before and after a data breach. In the event of a cyber breach, we provide rapid and comprehensive incident response under the protection of the attorney-client privilege.

The documentation of corporate policies regarding cybersecurity and data privacy should be created in conjunction with procedures that are to be followed should a cyber breach occur. Understanding the rapid technological changes taking place in the market, we maintain regular contact with our clients and assist them in formulating or revising privacy policies so they are compliant with new laws, technologies or changes in business operations.

Responding To a Data Breach

Responding to a data breach is a multi-step process to which Lindabury has established a twenty-four hour dedicated response team. When responding to a data breach that exposes the personally identifiable information of a company’s customers and/or employees, the protocol of verification, containment, investigation, notification and eventual process improvement should be implemented. The specific action items for each step of the breach response protocol are documented in a company’s cybersecurity and data privacy policy and procedures manual.

Our team assists in the coordination of criminal, civil, and regulatory responses following a data breach.

Insurance Coverage

A complete understanding of a company’s insurance program is key to maximizing protection against cyber risk. Our team assists companies assess the various cyber risks facing their organization, review the adequacy of existing insurance policies, analyze and compare alternative insurance products, and negotiate cyber insurance policy placements.

Common Cyber Attacks Facing Small and Mid-Sized Businesses

Small and mid-sized businesses may assume that they are not targets of cyber criminals and can avoid cyber attacks. Unfortunately, this is not the case. Multiple industry studies have found that small businesses are a treasure trove of information that cyber criminals seek, and are generally less prepared to thwart an attack. Below are several of the most common cyber attacks perpetrated upon companies. 

  • Social Engineering
  • Ransomware
  • Phishing / Spear Phishing
  • Spoofing
  • Business Email Compromise
  • Cloud Attacks
  • Malware
  • Spam
  • Missing or Stolen Laptops / Storage Devices
  • Compromised Network
  • Loss or Theft of Physical Documents
  • Breach by Third Party Vendor
  • Malicious Employees