Cybersecurity & Data Privacy

Companies are under constant threat of cyber attack. A business that suffers a data breach incident may incur significant expenses including the cost to investigate and contain the breach, notifying affected individuals, government fines, lawsuits and lost business as a result of damage done to the company’s reputation.

Lindabury’s Cybersecurity & Data Privacy Group advises companies across a broad range of industries on preparing for and responding to data breach incidents. We advise on data protection and privacy laws, including obligations under the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, the Fair Credit Reporting Act (FCRA), the Electronic Communications Privacy Act (ECPA), the Children’s Online Privacy Protection Act, the Federal Trade Commission Act, Dodd-Frank Act, breach notification laws, and other federal and state laws. We employ a proactive approach to assist companies mitigate risks and secure their vital data from both internal and external threats.

Preparedness

Effective cybersecurity and data management begins with understanding that no company’s information is completely secure. However, those who take time to understand the data they collect and maintain will be better positioned to secure and protect that data. Recognizing the type(s) of data your company collects and maintains is instrumental when determining the organization’s legal obligations once a cyber breach takes place.

An ounce of prevention is worth a pound of cure, and our team works with companies to develop or improve data privacy practices and incident response plans. Measures include undertaking an internal risk assessment in order to help companies understand their unique cybersecurity risks as they relate to corporate operations, assets and personnel. Internal risk assessments include conducting network vulnerability assessments followed by identifying and implementing solutions that address vulnerabilities. We work to protect companies both before and after a data breach. In the event of a cyber breach, we provide rapid and comprehensive incident response under the protection of the attorney-client privilege.

The documentation of corporate policies regarding cybersecurity and data privacy should be created in conjunction with procedures that are to be followed should a cyber breach occur. Understanding the rapid technological changes taking place in the market, we maintain regular contact with our clients and assist them in formulating or revising privacy policies so they are compliant with new laws, technologies or changes in business operations.

Employee Training

Your organization’s employees are the first line of defense against a cyberattack. Lindabury offers cybersecurity training for employees that educates staff on how to protect your company’s IT infrastructure from being compromised.

More than half of all cyberattacks are directed at small and midsized businesses costing an affected organization an average of $1.8 million in losses and costs to restore normal operations. Those figures do not account for the 60% of companies who go out of business within six months of a cyberattack. With the proper behavioral changes, organizations can greatly minimize their chances of suffering a devastating blow. It all starts with educating your employees and developing a culture of cybersecurity.

Lindabury’s cybersecurity training program is designed around the concept that everyone has a role to play in protecting the company’s assets, and no role is more important than any other. Our training provides practical advice and guidance on how to identify potential hacking attempts and best practices to report and quarantine suspected hacking attempts. Topics that are covered through cybersecurity training include social engineering, email and social media attacks including malware and Trojan horses, phishing attacks, ransomware, compromised websites, password protection, internal file access, protection and maintenance, usage of personal devices and remote access services. Regular cybersecurity training is the easiest thing that a company can do to protect itself from cyberattack and is a mandate of most cyber insurance policy coverage policies.

Successful cyberattacks have one thing in common: human error. If you would like to learn more about how Lindabury can assist in educating and preparing your employees to identify and prevent attempted cyberattacks click here.

Responding To a Data Breach

Responding to a data breach is a multi-step process to which Lindabury has established a twenty-four hour dedicated response team. When responding to a data breach that exposes the personally identifiable information of a company’s customers and/or employees, the protocol of verification, containment, investigation, notification and eventual process improvement should be implemented. The specific action items for each step of the breach response protocol are documented in a company’s cybersecurity and data privacy policy and procedures manual.

Our team assists in the coordination of criminal, civil, and regulatory responses following a data breach.

Insurance Coverage

A complete understanding of a company’s insurance program is key to maximizing protection against cyber risk. Our team assists companies assess the various cyber risks facing their organization, review the adequacy of existing insurance policies, analyze and compare alternative insurance products, and negotiate cyber insurance policy placements.

Common Cyber Attacks Facing Small and Mid-Sized Businesses

Small and mid-sized businesses may assume that they are not targets of cyber criminals and can avoid cyber attacks. Unfortunately, this is not the case. Multiple industry studies have found that small businesses are a treasure trove of information that cyber criminals seek, and are generally less prepared to thwart an attack. Below are several of the most common cyber attacks perpetrated upon companies. 

  • Social Engineering
  • Ransomware
  • Phishing / Spear Phishing
  • Spoofing
  • Business Email Compromise
  • Cloud Attacks
  • Malware
  • Spam
  • Missing or Stolen Laptops / Storage Devices
  • Compromised Network
  • Loss or Theft of Physical Documents
  • Breach by Third Party Vendor
  • Malicious Employees