Protecting against cyber threats and data loss can sometimes feel like a thankless task. If you succeed few will notice and it is almost impossible to avoid all risk. In this area though, failing to prepare really will mean you are preparing to fail. But where to begin? Even for large organisations the myriad of threats, changing every day can make the job feel daunting. So whether you have done nothing at all, or you are wondering if you have done enough, let us take you through the issues you need to consider to make sure that cyber threats don’t keep you awake at night.
In this five-part webinar series we were joined by special guests to look at cyber security and breach management issues from a variety of angles. Starting with what happens if you find yourself in the thick of a cyber incident. We then looked at communicating and protecting reputation during and post crisis, managing employee risk, and data disputes, including group litigation. For the last session, we circled back to look at what you can do in advance to reduce your organisation's exposure to data risks and how to mitigate the effects if the worst does happen.
Crisis: the big bang. Managing initial reactions in conjunction with FTI Consulting
When a cyber incident comes to light it can be overwhelming. In our first webinar Jo Joyce and Michael Yates were joined by Oliver Price of FTI Consulting to look at initial responses to attacks.
We look at what should be prioritised and how an effective team response can take the pain out of the process, consider the things you need to think about when appointing your internal team and external lawyers and forensics specialists, as well as insurance considerations and regulatory reporting requirements.
The insider threat
Employees are the secret weapon of many an organisation but when it comes to protecting data and confidential information, they can also be an Achilles' heel.
In our second webinar Ed Spencer was joined by employment Partner Helen Farr and together they discuss the risk to data security posed by both deliberate and accidental employee actions and how organisations should handle the risk from within. Ed and Helen also talk about the duty to keep employee data secure and address the often-overlooked risk that employee personal data loss can pose.
The long tail: group litigation
Whether it is a claim you bring against an IT provider or a subcontractor, or the claims you receive from affected individuals, most major cyber incidents will now lead to litigation (or the threat of litigation) of some kind. For many organisations this might mean handling parallel cases in multiple countries.
In our third webinar of the series, we were joined by special guests Otto Sleeking (Taylor Wessing Netherlands), Benjamin Znaty (Taylor Wessing France), and Carolin Monsees (Taylor Wessing Germany) to talk about data litigation across Europe.
The conversation touches on a wide range of issues, including passing on liability to sub-contractors, the threat of group litigation and the changing landscape of information law claims, along with recent case law.
Managing your reputation following a cyber-attack
Whether we like it or not, reputation is a vital asset for any successful business. When a cyber attack or breach takes place, managing the message – both internally and externally – as well as protection information and reputation is essential.
In our fourth session Michael Yates was joined by PR and communications specialist, Heather Vernon of Woburn Partners. They talk and answer questions about how organisations can protect their reputations before, during and after an incident as well as how to effectively manage and control communications with all stakeholders involved. As well as traditional press issues, they consider the game-changing impact of social media and provide tips on how to preserve (or even enhance) reputation following a crisis.
The Mitigation Game: preparing for the worst
Having heard about the many challenges that organisations face when responding to cyber incidents, you will (we hope) be ready to assess your own position and take steps to create, or improve, your organisation's cyber breach plan.
In our final session Jo Joyce and special guest Bruce Keeble from Booz Allen Hamilton talk about the steps needed to prepare a breach preparedness plan and make sure that you are ready and able to put it into practice. Jo looks at the work that the Information Commissioner's Office (and other regulators) will expect to see and how you make sure you have evidence that will satisfy regulator queries.
Since many organisations invest time and effort in preparing a plan but never test it, we discuss approaches to stress testing your breach plan so you can rest easy knowing it will hold up in a crisis.
About controlling genies
by Dr. Christian Frank, Licencié en droit (Paris II / Panthéon-Assas)
Ransomware demands – should you pay up to save your business in the face of growing state disapproval?
Jo Joyce looks at the main considerations when facing a ransomware attack.
by Jo Joyce
1 of 7 Insights
The UK's Product Security and Telecommunications Infrastructure Act
Matt Quezada looks at what the UK's PSTI Act means for the security of the Internet of Things.
6 of 7 Insights
Global Data Hub
Bringing you the latest insight, guidance and news on data protection issues.Visit Global Data Hub