Chicago Tribune reported, “US says Chinese military behind Equifax breach that stole Americans’ personal data” Data Breach Response Experts Lee Neubecker and Kari Rollins say “Data Breach is inevitable!” They give us advice on how to prepare.
Sedona Conference Incident Response Guide
It is not a question of if you will fall victim to a Data Breach incident, it is when. Organizations large and small need to be ready for when cybercrime strikes. Data Breach Response Experts Lee Neubecker and Kari Rollins know how to prepare for a data breach without breaking the bank. Kari is a partner in the Intellectual Property Practice Group for Sheppard Mullin in New York, and also a member of the Sedona Conference, Working 11 group. Kari describes the Sedona Working 11 as a group of Cyber Breach Experts who design tools and how-to resources that are available to the general public through the Sedona Conference website. The Sedona Conference is a nonprofit research and educational institute that brings together jurists, lawyers, experts, and academics. Kari and Lee share their combined knowledge and talk about the options available to small to midsize companies that may not have the resources in-house necessary to respond to a data breach incident.
Watch Part 1 of our 3 Part Series on Data Breach Readiness follow:
The Video Transcript of Data Breach Response Experts Kari Rollins and Lee Neubecker Follows
Lee Neubecker (LN): Hi, I’m here today with Kari Rollins. She’s the co-managing partner of the New York office of Sheppard Mullins. Thanks for being on the show.
Kari Rollins (KR): Thank you for having me.
LN: And I had Kari, she’s a specialist in the whole area of privacy related litigation involving data breaches and personal information and what not. She’s also a member of the Sedona Conference. Could you tell everyone a little bit about what the Sedona Conference does?
KR: Sure, so the Working Group 11 is the Working Group that is dedicated to helping companies and other practitioners understand some of the hot topics and legal issues in data privacy and cybersecurity today that are rapidly evolving as the laws in that area change. And the Sedona Conference itself is dedicated to pulling together practitioners from private sector, public sector, judges, regulatory authorities who all come to talk about their experiences in these different specialized areas so that it you know, you have a knowledge base with a wide variety of perspectives.
LN: Great and so I asked you to come on to talk a little bit about the data breach incident response guide that the conference came up with. Can you tell us what this is about?
KR: Sure, so as a member of the Working Group 11, several of us at the request of Sedona Conference came together to put together what our views were on how to handle a data breach, or an incident response from the very beginning of the breach life cycle, i.e. planning for and anticipating a breach, through the breach investigation itself and even thinking about issues that may be implicated in a post-breach regulatory inquiry and how companies can best defend themselves and prepare for what is now today, the inevitable, a data incident.
LN: So this is a free resource available to anyone?
KR: It is a resource available to anyone. It’s really a practitioner’s guide. We think this is probably best used by small to midsize companies who may not have the resources or staff in-house, legal staff in-house dedicated to responding to incidents. And it’s, though it can be used by any practitioner, any counsel, any type of company, we do expect that this is probably something that would be useful to small to midsize companies as really a guideline and material to help them issue spot and understand what are the issues in incident response? What should I be concerned about? What are the pitfalls? What am I going to need to be on the lookout for?
LN: Great, and if people want more information about this or want to download the guide, where can they obtain it from?
LN: Great, so in our next segment, we’re going to be talking a little bit about what should be done before a data breach happens.
LN: And then in our third segment, we’ll talk a little bit about okay, the data breach happened or an incident happened, what do you need to do to respond? So watch those segments and tune in again. Thanks Kari for being on.
KR: Thank you.
View Related Articles here
More Information about Kari Rollins and Sheppard Mullin
Does your employer require your fingerprint when you clock in for work? That fingerprint is considered private biometric information. BIPA is the Illinois law that protects its use. Experts Lee Neubecker and David Rownd share how this law affects employers that have Illinois based employees.
Biometric Information Privacy Act (BIPA) is a law that covers the employer’s use of biometric information of its employees. Biometrics are the physiological means to gather an individual’s uniqueness. The oldest most widely used is a fingerprint but other biometric identifiers may be also used such as; facial recognition, photos, retina scan, voice recognition, ear shape, and hand scans all are considered private biometric information. The Illinois BIPA law is designed to govern, secure, store and prohibit the sale of biometric information. Forensic Expert Lee Neubecker and David Rownd from Vedder Price discuss how BIPA may affect employers that have satellite offices in Illinois.
Part 1 of a 3 Part Series on Illinois’ Biometric Information Protection Act
The Video Transcript on BIPA: How It May Affect Employers in Illinois.
Lee Neubecker (LN): Hi I am here again with David Rownd from Vedder Price. Thanks for being on the show David
DavidRownd (DR): Thanks for having me
LN: David is an attorney that specializes in defending class action lawsuits also employment litigation, trade secret theft, and misappropriation. I asked him to come on the show today to talk a little bit about BIPA which is the Illinois Biometric Information Protection Act and specifically he deals with a lot of trading security-related financial services firms and since that law applies to Illinois and many trading firms in New York have satellite offices I wanted him to talk a little bit about the act and some of the concerns that employers should have if they have employees working in Illinois. So, David, can you tell us a little bit about BIPA what it is and what it entails?
DR: Basically it covers the employers use of biometric information of its employees and this can be a retinal scan it can be a fingerprint it can be a number of different things and it can be used for time cards access to the workplace and things like that and employers are using biometric information because its an easy way to keep track of employees. However, it is also a privacy issue and that’s where the BIPA comes in and BIPA is intended to regulate employers ability to utilize biometric information and put certain requirements on them for notifying employees they are using it and notifying employees why they are using it keeping written records of the biometric information and it specifically prohibits the sale of biometric information to third parties.
LN: It’s especially troublesome too because if you lose your biometric unique identifiers you can’t necessarily get those back unlike a social security number you could replace a social security number but if someone is able to copy your retina scan your fingerprints what not it could cause a lot of permanent damage.
DR: That’s true you only get one of those things
LN: So we will be talking later in the series next well be talking a little bit about what employers should do before they land in trouble with BIPA to help protect against finding themselves embroiled in litigation and then finally we’ll talk a little bit about some of the national happenings with Facebook and other entities who have been en snagged in the BIPA trap and we’ll conclude with there so thanks for being on the show today.
DR: Oh thanks for having me.
View related Employment Litigation articles on our website.
Artificial Intelligence (AI) can be used to vastly improve the eDiscovery document review process. Zylab is one of several eDiscovery vendors offering solutions utilizing AI. Lee Neubecker, Computer Forensic Expert, and President & CEO of Enigma Forensics met with Jeffrey Wolff, Director of eDiscovery Solutions at ZyLAB during his visit to the Legal Tech Conference 2020 in New York. Lee and Jeffrey discuss how AI can be used to conduct more effective eDiscovery.
Artificial Intelligence (AI) technology is everywhere. It’s hard to imagine how it’s being used in the legal industry where legal libraries filled with law books and courts filled with black-robed judges reign. In this formal traditional world, AI is now providing smart solutions for today’s electronically stored information or ESI and is streamlining the way the Legal Industry works.
In this video, Lee Neubecker, Computer Forensic Expert, and President & CEO of Enigma Forensics met with Jeffrey Wolff, Director of eDiscovery Solutions at ZyLAB during his visit to the Legal Tech Conference in New York. Lee and Jeffrey analyze how Artificial Intelligence (AI) develops smarter solutions in the eDiscovery process. Jeffrey shares with Lee that ZyLAB’s mission is to provide automated full-text retrieval using AI, for both on-premise or cloud-based solutions.
Watch Part 1 of a Three-Part Series on Artificial Intelligence (AI) and eDiscovery.
The video transcript of AI Smarter Solutions: eDiscovery follows.
Lee Neubecker: Hi, I have Jeff Wolff, back on the show from ZyLAB. Jeff, thanks for coming back on.
Jeff Wolff: Thank you.
LN: He’s their Director of eDiscovery, and I wanted to ask him some questions as it related to what differentiates ZyLAB from other products out on the market. Some of my clients may want to use this type of artificial intelligence program to help get through their review and see what the results are of using AI verse the traditional e-discovery review process, so.
LN: Jeff, could you tell us what sets ZyLAB apart from other competitors in the marketplace.
JW: Sure, sure, so first, I think ZyLAB is uniquely positioned in the fact we understand the corporate space quite well, as well as the law firm space, but we got our start incorporate, or start in information governance. So we are very vested in search and data science, and that’s really where we’ve put a lot of our focus. We have both on-premise solutions, as well as cloud-based, SaaS solutions like every other next-gen provider. But we really push our interface, our user interface and our user experience, as one of the most unique selling points. And that is, that it is not difficult to start using. Anyone, any legal professional can pick up our product in an hour, from start to finish, and understand really how you utilize it. Drag and drop interfaces for getting data into the system, and immediate color-coding and tagging, easy search, and the ability to really visualize your data and understand what’s in the dataset.
LN: Okay. So, what would you say for a company that has to deal with multiple jurisdictions, they’re in Europe, they’re in the US. JW: Sure. LN: There are some unique challenges posed by all the various regulations out there, like GDPR.
LN: Maybe the have operations in China. How could you help a company that has to deal with various regulatory authorities spanning the globe?
JW: Sure, and that’s another advantage that ZyLAB has, actually, we’re actually a global company, so we’re dual-headquartered in Washington, D.C., here in the US, as well as Amsterdam in the Netherlands, in the EU. And as a result, we have cloud operations in both jurisdictions. So our global customers can actually keep US data in the US, and they can keep the European Union in the EU, and not worry about that issue. But we also have the expertise, consulting expertise, in both environments, both geographic locations. For example, I’m doing a lot of work now with corporations, not so much focused on directly just on e-discovery, because e-discovery is a bit reactive, you know? Or corporations go through peaks and valleys with e-discovery, the litigation, something they have it, sometimes they don’t. What they constantly have though, are internal investigations, regulatory responses, in the highly regulated corporations. And more and more now, data privacy concerns. So, my European colleagues have been dealing with GDPR for a while, we’re now starting to feel it here in the US, with CCPA, the California Consumer Privacy Act. And there are a number of states on the horizon that are going to California’s examples, so corporations need to be able to find, and classify all the data that they have in their organization that has customer information because if those customers request it and they can’t provide it, they’re financially in a lot of trouble.
LN: Do you think that the regulations coming down on companies are going to fundamentally change how companies chose to communicate with their vendors, suppliers, and own employees?
JW: Absolutely. If you look at all the recent data breach situations, it’s typically not the organization that has the problem, and I won’t mention any of the large companies that have recently had data breaches, but it’s typically not the original company that had the issue, it’s one of their suppliers, or one of their vendors that had accesses to the database, and wasn’t protecting it properly, and that’s how the trouble began.
JW: Same thing with data privacy.
LN: The supply chain certainly is a huge point of vulnerability for all types of organizations. The governments, the military,
LN: and even corporations.
LN: So what do you see happening over the next few years with the adoption of AI platforms?
JW: I think the e-discovery market is going to fundamentally change. There’s still always going to be a need for discovery within corporations and law firms, but what you do you with the data is going to become much more important, so it’s going to be about how you can extract value from the data, not just metadata, which we’ve always been able to do for years now, but now more about looking for entity information. People, places, organizations that are mentioned in documents and emails, and collaborative environments, and being able to visualize those, and quickly drill down to what was going on in your organization. You know, if you got people that are going to the dentist three times a week, they’re not doing to the dentist, they’re doing something else, They’re just writing about going to the dentist.
JW: Software like ours that can identify those references in documents are going to be crucial to the success of organizations.
LN: That’s great. So it seems that there’s continued e-discovery service provider consolidation out there.
LN: The companies that are using tools that are more of a channel partner tool to resell.
LN: But as those companies consolidate, do you think that there’s going to be a movement away from those providers where, the company, the firms, directly do their own e-discovery?
JW: Oh, yes. Yeah, very much so. We’ve been seeing that over the last few years. A lot of companies, even small companies that tend to have, in the past, just used outside vendors for e-discovery, are now deciding that they prefer to control, not just the cost, but also their data. They don’t want their data outside of the organization for reasons we’ve already talked about. So they’re purchasing in-house tools that they can use themselves, and then they can invite outside counsel in to make use of, that way they control their costs, they control the efficiency, and they control the data.
LN: Well, this has been great. Thanks a bunch for being on the show.
Lee Neubecker: Thank you again.
LN: Take care.
JW: Bye bye.
View related articles on Artificial Intelligence
View ZyLAB’s for more information on (AI) Smart Solutions: eDiscovery
Behind lifesaving medical devices are Cyber Experts hard at work to secure and protect Patient Health Information (PHI). Check out this video on securing medical devices.
Cutting edge medical devices save lives! Not only do they save lives but they carry a vector of complicated communications and a unique set of security challenges. Cyber Security Expert Lee Neubecker, sits down with Sterling Medical Device’s top engineer, Keith Handler who develops cyber protection and security for their client’s medical devices.
Sterling Medical Devices helps companies design and develop mechanical & electronic medical devices and follows them through FDA approval. The conversation is educational and important to those interested in knowing how medical devices are cyber protected and secured. In this video, they outline the concerns that relate to the control, security, and confidentiality of the patient’s health information (PHI) when using these medical devices.
The transcript of Part 1 of our Series in Medical Device Security
Lee Neubecker: Hi, I have Kieth Handler here on my show from Sterling Medical Devices. Keith is a top engineer here that helps ensure cybersecurity and resilience and protection of medical devices of their clients. They help assist through the FDA certification process. Keith, thank you, thank you for being on my show.
Keith Handler: Thanks for having me, Lee.
LN: So can you tell me a little bit about what your firm does and how it helps clients in cybersphere?
KH: Yeah, sure. Sterling Medical Devices is a 13485 certified product development firm. We help various companies design and develop electro-mechanical medical devices. Pretty much from, anything from concept all the way to submission to the FDA.
LN: So, can you tell everyone what, ISO…?
LN: 13485 Certification means?
KH: Yes that is, that is the ISO standard that defines the product development and manufacture of medical devices. It defines all the processes that we generally run our business by.
LN: Okay, so what are some of the concerns that you have as it relates to the patient personalized information, sometimes known as PHI? Is that right?
KH: Yeah, patient help information, that’s correct. Well, you know, our first concern, of course, with any medical device is safe. We want to make sure that the devices are treating patients as intended and not presenting any undue harm to the patient or anybody else. The second thing is the Patient Help Information. It’s very important that we maintain confidentiality for all patients, in any of these systems. Diagnostics, their personal information, all need to be protected.
LN: These devices, they have PHI, they also have, they also are involved with the generation of electronic medical records, known as EMR, that feed into the various hospital systems that are used to provide and deliver healthcare to users. As it relates to this, what are some of the top concerns that you try to address as it pertains to safety for your clients?
KH: Well, when it comes to information or command and control that can be done remotely on a device, it’s again important to maintain the integrity of those communications, and to protect everything there. One of the hardest aspects, I would say, is integrating a medical device into a larger hospital system. We may have control over the confidentiality of the information, and of the commands that are sent and received within a device, but as soon as we connect to an external system we lose control of that data. So, it becomes a unique challenge to try and make sure we are protecting, and not only in our system but also in any system ours might integrate with.
LN: Yeah, and there’s such a myriad of ways devices connect, Bluetooth, wifi–
LN: I’m not sure if medical devices use infrared or–
LN: Near band communication, but there are all these vectors of communication that create new threats and potentials for compromise.
KH: And typically medical hardware is pretty cutting edge, you know, some of the things that they’re trying to treat now still can’t. So all of these things that you’re bringing up, all exist in medical, all need to be protected.
LN: Great, so in our next segment we’ll be talking a little bit more about the FDA, the certification process, and some of the standards that devices might undergo to help ensure adoption by the FDA, and to make them commercially viable to be sold in the United States. And then, in our third segment, we’ll talk more about protecting devices against cyber compromise, the firmware and software that gets embedded into these devices, and other things that should be done to help keep medical devices safe and secure. Thanks for being on the show today.
KH: Thanks again for having me, Lee.
Related Materials on Medical Malpractice
See more about Sterling Medical Devices on their website.
Forensic Experts Lee Neubecker and Cat Casey from DISCO discuss Artificial Intelligence (AI) as it relates to improving Legal technology.
Artificial Intelligence (AI) thinks, learns and problem solves more efficiently than humans. AI is all around us and in almost everything we touch, it is an algorithm that is designed to make our lives easier and is sometimes referred to as machine learning.
In the case of litigation, it can save time and money by streamlining the process of document review, eDiscovery, and preparation for forensic cases. Computer Forensic Expert, Lee Neubecker and Catherine “Cat” Casey who is the Chief Innovation Officer for DISCO discuss how AI works to improve legal technology.
DISCO is a leader in legal technology is a developer of a cloud-native eDiscovery software for law firms designed to automate and simplify error-prone tasks. They provide a myriad of different types of analytics that will supercharge searching data dramatically reducing time and money.
Part 1 of our Three-Part Series on Artificial Intelligence (AI)
The Video Transcript Follows.
Lee Neubecker (LN): Hi, I’m here today with Cat Casey from CS DISCO. Thanks for being on the show.
Cat Casey (CC): My pleasure.
LN: We’re going to talk a little about artificial intelligence as it relates to eDiscovery and document review. Cat, can you tell us just a little bit about what your firm does to help speed up the review process and lower costs for clients.
CC: Absolutely, we’re a cloud-native AI-powered eDiscovery company. And what that means is we’ve got vast amounts of elastic computational power that we can use to run a myriad of different types of analytics on data to supercharge your searching and dramatically reduce the amount of time it takes you to get to that key actionable evidence. So, we’ve kind of flipped everything on its head. Instead of being a question of how quickly can I read through all of this data, it’s how laparoscopically can I surgically find all of that key information. The results that we’re seeing are pretty resounding. Up to 60% reduction in time to get to that key evidence. Freeing up attorneys to get back to what they went to school for, the practice of law. It’s pretty compelling. We’ve had some pretty interesting additions, including even today, we just announced, I think, the first true AI in eDiscovery with AI model sharing. Basically, with each iteration, with each type of case that you conduct with DISCO, our algorithms are getting smarter. We’re extracting insights and building in more robust taxonomy and analytic structure to parse data, which is going to yield better and better results for our clients. It’s truly exciting.
LN: So we’ve come a long way from the early days when the attorneys wanted everything printed and Bates-labeled before they looked at it. To now, moving ahead using TAR, technology-assisted review, like artificial intelligence, which fits into that, correct?
CC: 100%, we have a continual active learning model, so it’s more reinforcement learning than a standard supervised learning model. Basically, from the coding of document one, our algorithm’s getting smarter and making recommendations on highly likely to be similar documents. We battle test the algorithm on an ongoing basis. Whether it is an affirmative or a negative for a suggested document, the algorithm learns more, and because of that, we prioritize the most relevant information quickly and people are able to then accelerate their review speeds by up to, I think we’ve had over 180 docs per hour. So, it’s pretty compelling and this is just the beginning.
LN: So your platform’s all in the cloud, correct? So companies or law firms, they need no infrastructure other than a browser?
CC: 100%, the nice thing, in my prior life, I ran a global discovery program, and I spent hundreds of thousands of dollars a year just to keep pace, just to have storage, just to have basic replication and back up, and all of that. Now, even a small firm, all the way up to an Am Law One firm or a massive Fortune One company, they can have the same robust technology without having to set up a data center, without having to invest a ton of money. It lets everyone level up and has a better experience throughout the discovery process.
LN: One of the challenges a lot of my clients always have is they have a need to understand what the costs are going to be and to be able to communicate to their clients those expectations so they’re not throwing their clients on the eDiscovery rollercoaster of non-controllable bills. How does DISCO help to address those concerns?
CC: Transparency is a major pain point. One of the banes of my existence used to be trying to normalize this pricing model versus this, versus this service provider, versus this technology. We just throw that all out. We charge one flat amount per gig. It includes analytics. It includes processing. It includes everything, and we work with you to get the volume of data that is being applied to that one flat cost per gig down. It eliminates that hide the ball gotcha moment and it gives a lot of transparency. And of course, if someone wants a different model, we’re happy to accommodate that. But in general, straight, simple, honest. It’s really rewarding for our clients.
LN: So, what cases, what types of litigation case matters do you see as having some of the best benefits of being migrated into your platform?
CC: Yeah, I think any case can. If you’re a tiny company, it helps you be David versus Goliath. Even on a small data volume case, you can start getting insights and reduce the amount of time you’re having to spend doing something maybe you can’t chargeback for. For a big massive case, because we are an AWS and we were built on kind of convolutional neural networking, we’re moving, and we have such a robust computational lift, even we’ve had 150 million documents with hundreds of users and we still have sub one second page to page. We are still lightning fast. And so, whether it’s a big case, a simple case, a complex case, there is a value proposition for almost anyone.
LN: In terms of the types of law firms that are using your platform, do you see many smaller, medium-size firms using your–
CC: Tons, actually tons. That was where we got our teeth. Boutique, we started as a boutique law firm. We actually were a bunch of attorneys that were frustrated that all the tools were terrible, and so they built their own. And so, the foundation of DISCO, we had a family of tons of boutique law firms that we were supporting, we still do to this day. The tool we built though, had a longer vision. It was built to be much bigger and more scalable, and as a result, that’s why you’re seeing us with major, the WilmerHales of the world, very large firms and very large corporations because the tool itself can scale up so much.
LN: Great, what are some of the challenges of working, that law firms find that already have entrenched solutions? There are other review products out there and if they really want to make the benefit of your platform, don’t they have to kind of fully use it for the case?
CC: I would say you probably don’t want to split the baby with a case. If you’re processing with another tool, you’re not going to get the same benefit as working with DISCO. But you don’t have to move your entire litigation portfolio to DISCO day one. We’re seeing a lot of people that are sunsetting Legacy Product and Legacy Platforms moving towards DISCO, but it’s not, “I’m going to move every single case today.” It’s going forward, we’re going to start bringing in new cases. There tends to be such an improved experience and improved UI for the attorneys that they start to not want to use the other technology as much.
LN: I know as a computer forensic expert, oftentimes we’re going out initially collecting and forensically preserving the data. But your product sounds like it would be right for a firm that does forensics that needs to collect different data from computers, possibly harvest just an email. Filter the dates and times of the email to a PST and then they can take those PSTs and upload it into your platform, correct?
CC: 100% and we also, we’ve productized some advanced ECA, where we charge a much, much lower rate. So, you get three months no cost hosting. It’s half the usual rate, and you can do ECA for up to three months. And the goal of that is to let’s whittle down to the most surgical, teeny, tiny, laparoscopic piece of data set that you can have. An example was we had a 20 million document case and we were able to run the ECA, get it down to about 5.6 million documents. Run more coaling, run our analytics, get it down to about 200,000 documents. And usually, that would be when you have to review every single one, but we were able to, with our workflow, with CAL, get it down to 140,000 documents. And so, if you think 50 bucks an hour, an attorney can only do 50 docs an hour, the cost savings is monumental.
LN: So as someone uses your platform and they start to tag and prioritize certain documents, your software learns based on that taking. It helps find related concepts to those conversations and what not?
CC: 100%, 100%.
LN: So really, the more that are reviewed as responsive, similar concepts and whatnot so that important links aren’t missed.
CC: 100% and because we do automatic batching, is every new batch of documents a person gets because we’ve applied this artificial intelligence and continual active learning model, it is a more relevant subset of data and people are able to go through it more faster. And sometimes, they will get to a point where they can say, “I’ve hit all my relevant information. “The rest is not relevant. “I’m going to sample it and statistically determine “I don’t have to review those last 100,000 documents “that maybe aren’t relevant,” and it’s pretty cool.
LN: In our next segment, we’re going to be talking What the trends are in the industry impacting law and eDiscovery. And then finally, we’ll talk about some of the pitfalls of what companies, organizations, and law firms face if they don’t embrace artificial intelligence to help make their review process more efficient. Well, thanks for being on the show.
CC: My pleasure.
More Related Articles About Artificial Intelligence (AI) )
View DISO’s website to learn more about AI trends in Legal Industry
Lee Neubecker, President & CEO of Enigma Forensics, sits down with travel expert Robbie Gold. Together they discuss the ins and outs of securing your technical devices when traveling, including devices that may help you in the event of a power outage, and cool tips to help keep your belongings and technology safe. Check out this video that outlines what we believe to be the best practices to travel securely.
This video contains easy important tips to secure your technical devices while traveling.
The video transcript follows
Lee Neubecker (LN): Hi, I have Robbie Gold, President of Travel Center Tours on my show today, to talk a little bit about travel, the travel industry, as well as cyber tips that I’m going to give him to help his clients. Robbie, thanks for being on the show.
Robbie Gold (RG): Thank you, Lee. So, when my clients are traveling out of the United States, what information can you give us on cyber safety that they would need to use while traveling?
LN: Yeah, well, certainly, first you want to make sure that you have all your important documents, including your credit card numbers, the phone numbers to dial, you want to have that information with your travel agent or alternatively, you want to have that documentation put up into the Cloud but encrypted so no one else can get to it but so that you can access it if your bags are stolen and you lose your documents.
RG: And what about if they lose their credit cards, besides reporting them to the credit card company?
LN: Yeah well you know, reporting to the credit card company is important, I, usually, like if you have American Express, they’ll ship you a card next day, in those circumstances, to your hotel but it’s not a bad idea to arrange to have someone on hand, to make sure you have someone on hand that has funds that they can wire to you and what I’d recommend is if you’re going to do that, establish a secret, you know, password in person, don’t text it, don’t email it but give them some phrase or something so that they know that it’s really you asking for it and not a scam by, you know, some type of dubious person trying to impersonate you.
RG: Okay and then what other cyber tips can you give the clients, as far as traveling?
LN: Well, one thing that I’d recommend is getting a VPN, a virtual private network, for your smartphone and your laptop and what this does is it creates a tunnel, if you’re on a hotel network or on a cruise ship, it will create an encrypted tunnel between you and your email or you and your bank provider or your airline or even Netflix and it will let you get that information without the cruise ship or the hotel kind of getting in the middle of your communications.
RG: So, that would make everything secure for you?
LN: It would make it much more secure. Express VPN is one I like, it doesn’t cost much and you can get it for multiple devices and it will also let you often access content that the hotels and the cruise ships purposely try to slow down, so.
RG: Okay, what about for information, once you’re at the destination?
LN: Well, what I’d recommend is, before you get to the destination, there’s a great app called Maps.me and it allows you to download travel guides for your destination and you’re able to have preloaded maps, that even if you don’t have your data plan on, you can still navigate and it will tell you, based on your GPS coordinates, what’s around you and it can help you find a coffee shop, it can help you get back to port and it gives you kind of like a, you know, a navigation but in your hand, without a data plan and that’s really nice, especially if you’re trying to explore and you don’t want to get lost.
RG: And let’s say something happens and we either lose our laptop or our cell phone, is there anything we should have done to make our trip easier?
LN: Well, I’d recommend, before you leave, always back up your laptop and always back up your cell phone and if you’re really paranoid going through security, in some countries, they might randomly inspect your cell phone and the contents and if you work in a sensitive industry or you have patient medical records or other trade secrets or sensitive PII, you want to, you may want to consider wiping the phone after you’ve backed it up and then after you get through a security checkpoint and you have an internet connection, you can then restore your phone back and you won’t have a risk of someone inspecting and getting access to your phone contents.
RG: Okay and I always hear about people having problems when they’ve used bank ATMs or certain things, where people have gone over and they put a shell over them so what kind of safe practices should we use for both our computer and while traveling?
LN: Yeah, well, what’s nice, when you travel in Europe, usually, they don’t take the credit card away from you, they bring the reader to you and you get to see everything happen there. You might want to consider, though, getting a temporary credit card from your credit card company and certainly notifying them where you’re traveling, that’s important because, if you don’t let them know that you’re traveling to a certain country, there’s a good chance your card will be shut off and you know, you can also use some of those preloaded gift cards as a way to you know, protect your account but you know, monitoring is key, if you’re checking your account balances if you set up alerts with your bank, a lot of times, you can get a daily email or an email every time a transaction hits and then you’ll know if something’s happened.
RG: Well and one of the other things I know I’ve done is I’ve put on that there can only be one or two transactions per day and then put the dollar amount on so I would have to call the bank to open it up if I was making a major purchase.
LN: So, when you go to the casino in Las Vegas.
LN: You have your bank on speed dial?
RG: Exactly, now what about doing some of these things where I need a charger or you know, I’m getting ready to plug in my computer into one of the USB ports, is that safe or?
LN: Yeah, well, it’s possible that those USB charging stations you see in the airports, especially in some foreign countries, that when you plug it in, your phone could get injected with spyware. So, I’d recommend that you’d travel with your own power brick, you know, one of the things I highly recommend is this solar charging, it’s a battery pack and flashlight so you can use it to signal and you can keep it with you in your backpack and if you’re going out to the beach or sitting on a cruise by the pool, you can lay it out, get sun and you can charge multiple devices with it, without having to plugin. But certainly, bring your power brick as well and I like these, they have these combination cords that have all three of the popular tips so it’s, you know, one less of the cords to carry.
RG: Oh, it’s very convenient.
LN: So, this device, I’d recommend, it’s the HI-S025 solar charger, that’s really nice and then if you’re also looking at gadgets and other things, this won’t keep you cyber secure but it might help you sleep at night if you’ve got someone snoring. It’s an OontZ speaker, Bluetooth speakerphone that’s also shower-proof so that’s kind of nice.
RG: Okay, so let’s recap all the things that you said. We should bring copies of our documents and make sure they’re in the Cloud, we should have a contact where we might want to wire money to us and have a secret phrase, install a VPN, if you’re looking for local things once you arrive, you want to download Maps.me, backup your laptop and your cell phone–
LN: And make sure, Maps.me, that you load the cities you’re going to before you get there so that you have the maps preloaded.
RG: Okay, perfect and you want to back up your laptop and your cell phone and if you do have secure information on there, you might consider wiping it clean and then reloading it once you’ve been through security, you want to make sure you’re practicing with a safe USB and consider an alternate solar-power source, in case you need to charge your phone or your laptop.
LN: And one last thing, if you haven’t heard of these, they’re called Tiles and you can attach them to your key chain, you can also put ’em inside of your bags so if someone were to grab your bag with your important documents and you had this inside, you can go to the local authorities and you might have a chance of actually recovering the bag so this is another proactive measure, these are, you can get four of them for somewhere around 100 dollars.
RG: I think these are great tips, thank you.
LN: Thank you, Robbie, it’s been great having you on.
Experts Lee Neubecker and Dr. Nicole Konkel make suggestions that will help make your LinkedIn profile look attractive to to an employer.
Prospecting for a new career can be a daunting task. Suddenly, you’re overcome by a huge tsunami of anxiety by just knowing a prospective employer will be looking at your social media presence. Take a deep breath, your new career will be within reach after you watch this video.
President & CEO Lee Neubecker and Human Resource Executive, Dr. Nicole Konkel offer responsible social media tips that will polish your LinkedIn profile and make you stand out. Their tips will help you establish a digital resume that will catapult you to a new career.
Part 3 in our Three-Part Series on Social Media Do’s and Dont’s
The video transcript follows
Lee Neubecker: Hi I’m back again with Dr. Nicole Konkel who’s an organizational development expert. And I asked her to come on to continue our earlier series talking about social media do’s and don’ts as it relates to being an employee. And so thanks for being on the show again, Nicole.
Nicole Konkel: Oh, no problem my pleasure Lee. Thanks for having me.
LN: So we talked a little bit about some of the things that you shouldn’t do. Can you tell people who are in an active job search mode, hoping to maybe work at your firm or some other firm? What are the things that you would suggest that they do as it relates to making their LinkedIn profile look attractive to an employer?
NK: Sure. So I always will tell people when you’re looking, actively searching for employment, make sure your LinkedIn page is open. I would caution you if you’re currently employed not to have a situation where you are shown as actively looking or actively interested in recruiters contacting you because obviously your current employer can see that. But what I want to make sure of is that your page is professional. Professional means no spelling and grammar errors. Professionalism also means outlining what your accomplishments have been. One of the things that people do when they’re looking for jobs is we want to talk about results, and not just job duties, but results. And so to make a big focus on that on your LinkedIn page.
LN: And certainly not having typos.
NK: Please no typos. No typos, no grammatically incorrect sentences, speak about yourself in the first person. You are selling yourself on LinkedIn, essentially and you want people to read that and say, “I want to contact this person.”
LN: And speaking of contact, what would you recommend people do with regard to the contact information tip?
NK: Well, I really, really encourage people to have a professional email address. So nothing with any sort of sexual innuendos. I would also say nothing that’s related to your birthday. Unfortunately age discrimination is is something that is real. And so we don’t want to have that be out there. And so I would just say my email address is Nicole, my former name [email protected] That’s what I wanted people to see. And so that’s what email I use when I’m in a job search.
LN: Now, what about the photo? What are your thoughts on what you’ve seen with LinkedIn photos, what’s worked, what hasn’t worked?
NK: What doesn’t work is a picture of your dog. What doesn’t work are selfies. I think that in this day and age, we all have the opportunity to have a professional headshot. There is no other type of photo that should be on LinkedIn In my opinion, other than a professional headshot. Even if you have to do it with your own iPhone or Android device, we are able to do that. But you should be in professional clothing, you should look like you are going on a job interview in that photo.
LN: And if you’re on a budget, you can use services like Upwork and find a photographer, that if you’re patient and flexible, you should be able to get a professional headsetset.org or even go to, one of the department store.
NK: Absolutely, I mean, you can easily do a professional headshot for $20 easily.
LN: And the other thing too is you can actually hire people who are professionals in HR to help edit your LinkedIn and give you that critique.
NK: Yes. Yes. I do believe there’s value in that. I do think that you should work with people that are reputable. Not everybody that says that they look at LinkedIn profiles and resumes should be and so I think you should look at some examples of work that they’ve done in the past to see if that’s something that will be beneficial to you moving forward. But in no time should you go into that thinking if this person does my resume or does my LinkedIn page, I’m automatically going to get a job. It’s still putting your best foot forward out there with all different types of aspects that are necessary for the job search.
LN: I’d like to see certification.
NK: For sure
LN: Papers, I especially like to see that the person can write.
LN: That’s not appropriate for all positions, but it’s helpful.
NK: For sure. Even if there is maybe you’re not the perfect grammatical person, you should be in your LinkedIn profile.
LN: You can get someone who has to check your page.
NK: Yes, exactly. And so there’s really not a reason why that should not be happening.
LN: What are your thoughts about, what’s your opinion when you see an employee that has reviews and how would you advise people to approach the review section?
NK: On LinkedIn?
LN: On LinkedIn.
NK: I honestly as an employer, don’t really pay attention much to the review section. But when I have, I’ve looked at the person that’s actually writing the review. I’ve actually gone in and clicked on their profile to see what role they actually have, how that person has interacted in the past. If it’s a former employer, that’s always good, for you to have a former boss or, supervisor or colleague, but it should definitely be a professional review. If you want to go have your friends to review so make sure they’re professional and they’re talking about work.
LN: I agree with that it when I look at the reviews if the reviews are written from people who clearly were a peer review helps as well.
LN: If it’s a supervisory review it means more, but I also look at the quality and caliber of the writing of the reviewers. So you don’t want to have someone writing a review on your page that has grammatical doesn’t really speak well.
LN: But I also look to see if It’s a review swap. Because essentially, the effective way to get a review is to write one. So I’ll look at the profiles to see that as well.
NK: Right. I think that that’s true. I think the most valuable review is from a former supervisor or a current supervisor that’s talking about your current work. When people are reviewing they should be talking about the results that you’ve done. It’s you know, John is a great person, is great, but it doesn’t tell a potential employer anything about how you’re going to be for them if they hire you.
LN: Something like John came in, took over our factory project, realigned the team, achieved a 20% growth and sales and 10% improvement and profitability that’s kind of action-oriented.
NK: Action-oriented is really what is going to get you noticed. When we’re talking about reviews when we’re talking about your resume when we’re talking about LinkedIn.
LN: Are there any other thoughts you have before we wrap up? NK: I just want people to know that LinkedIn is a great tool. But the best tool for actually getting whatever opportunity that you want and keeping it or being successful is being the best you, whether you’re in private or in social media. And so always keep that in mind. We are always under a radar, somebody is always looking at
NK: And so how do you want that to be viewed in the future
LN: Great. Well thank you so much for being on the show.
NK: Thank you for having me, Lee.
Watch Part 1 and 2 of our Social Media Do’s and Don’t Series
Hiring Managers are looking at your social media history so candidates should be doing the same. Everyone should be doing their homework. Lee Neubecker and Dr. Nicole Konkel discuss the how to use social media reconnaissance techniques to prepare for your next interview.
Keys to using social media reconnaissance before your interview
Social media is a valuable research tool to discover key hiring decision-makers when preparing to interview for your dream job. Matchmaking for that ideal employer-employee fit is now a two-way street. Hiring managers are looking at your LinkedIn, Facebook and other social media sites. Career seekers should be doing the same to prepare for that next interview. Job seekers are also looking at various websites to get a better understanding of the company’s culture, people and expectations. Performing your own homework including looking at online reviews from current and past employees can provide you a leg up on the day of your interview. Social media sites such as GlassDoor.com, Linkedin.com and even Facebook.com or Twitter.com may provide you with important insights that will enable you to ask thoughtful questions that demonstrate a deeper understanding of the prospective hiring organization.
President & CEO of Enigma Forensics, Lee Neubecker and Human Resource Executive, Dr. Nicole Konkel urge everyone to use all the social media tools to your best ability. Performing advanced social media reconnaissance of your prospective employer’s social media profile as well as your likely interviewers can provide you a leg up when you arrive for your interview. Listen to these important interview prep tips for seasoned experts in HR and online social media reconnaissance.
Lee Neubecker: Hi I’m back again with Dr. Nicole Konkel who’s an organizational design and development expert.
Nicole Konkel: Sure, yep, hi Lee. Great to be here again.
LN: And glad to have you on. I’ve asked Nicole to provide some insight to people out there on my network, as well as hers, that are looking for a job, in terms of what they should be doing to before they apply to their position, to make sure they’re well-prepared and they get off on the right foot. And that it’s a good fit.
NK: Sure, so Lee, I think it’s really important for you as a job seeker to interview and research the company that you’re applying for or applying to just as much as they’re going to do for you or to you. And so that means looking at social websites which will give you employee reviews and listen and not every review, most people don’t go to reviews to write good things. So we have to look at that and say who is giving this review? But look for patterns, look for employees saying the same things over and over again. That may not be any part of a culture that you would want to be in. Look for trends, look for better business bureau scores. Look for information on their current employees and look them up, look up their leadership teams.
LN: Now, I understand at least from reading that one of the most important determinants of someone’s happiness in a role in the relationship with their supervisor.
NK: For sure. LN: So would you recommend trying to find out who’s hiring for the role you’re applying for?
NK: Absolutely, you should definitely know who your potential supervisor is going to be. You should know if it’s a replacement position, why the last person left. You should ask these questions to every person that you interview with. Because what I can guarantee you is, in job searches that I do, I’m interviewing with multiple executives and companies. And every one of them is going to give you a somewhat different answer. While it may get you to the same place, it’s going to be a different answer and it’s going to give you a lot of insight.
LN: Well, I know too there are premium subscriptions you can sign up for, like in Linked In, that will give you more options where you can do the searching. And it might be helpful for you to know, who’s working at ACME Corp.?
NK: For sure.
LN: If you pay a little bit more you can see the employees you can tell who’s a second-degree connection, a third-degree connection.
LN: And if you happen to know someone in common, especially if you reach out to them before
LN: You can get intel on the person or the people working there that can really bolster your chances I’d think.
NK: Right, definitely a connection is going to be a really good step in getting you in the door for an interview. Versus just sending your resume like the other four hundred and ninety-nine people and hope that someone sees it. Most of the time they don’t get past the first 30. So I definitely feel, I don’t necessarily think you have to pay for additional services, I think a lot of that is out there for us to see for free. But definitely some benefits if you have the means to do so to get that additional information.
LN: Well, one of the things that people might not know about is that if you paid for the premium membership then you’ve already applied for a job at ACME Corp. you can see who’s clicking on your profile.
LN: And then you can tell who’s likely going to interview you. So without them even having to disclose who’s going to interview you you might be able to find out their interests, what shows they like.
LN: There’s a website called PQ, you can dig, you might be able to get details on their social media. The more homework you do, it always impresses people, you just don’t want to creep them out.
LN: It’s okay to say “I looked online, I’m interested in your company” “I understand you do this and that.”
LN: But it’s okay to say, “Oh I looked online probably the better that interview will go.
NK: Absolutely, I think it is very important to have details on those individuals are really like, “Oh wow. You looked me up?” Now, I wouldn’t necessarily say, “Hey, I saw it on Facebook “that you and your three kids went on vacation last week.” But I would keep it to the more professional accomplishments. If they have any reviews on Linked In that people have written for them, bring those things up because that only helps you.
LN: I recommend too that everyone consider making their own branded blog, like Dr. Nicole or I’ve got Leeneubecker.com because from time to time you move from company to company or you might sell a firm like I sold my firm, and someone wants to connect with you. NK: Exactly.
LN: When that happens, you have to be accessible.
LN: And sometimes you lose control over your old workplace email, which raises another important point. Do no use your company email on your Linked In account.
NK: Please don’t.
LN: Because you might find yourself suddenly severed from your job and you’ll lose all your connections.
NK: Right, you in any social media that is yours, you should be using your own information, not your company.
LN: That’s right, oh, I think we’ve got a like on our Linked In. Well, thanks a bunch for being on the show, this is great
Think twice before you post anything. This is just a tidbit of advice discussed with Forensic Expert Lee Neubecker and Human Resource Executive Dr. Nicole Konkel.
People are an organization’s most important resource. These same people spend a large part of their day posting to social media. Pew Research reports 69% of adults use Facebook on a daily basis making Facebook the most used social media platform. So, it’s no surprise that employers keep tabs on current employees and research potential candidates by viewing social media accounts. Human Resource Executive, Dr. Nicole Konkel, and Lee Neubecker, President & CEO of Enigma Forensics talk about the appropriate use of social media sites and the workplace. Watch this video to learn more about how employers interpret your social media activity.
The video transcript follows
Lee Neubecker (LN): Hi I’m here today with Dr. Nicole Konkel. Dr. Nicole, thanks for being on the show.
Nicole Konkel (NK): Thanks for havin’ me Lee.
LN: Dr. Nicole is a specialist in organizational design and she helps organizations manage one of their most important resources, their people.
LN: So, Dr. Nicole, I asked you to come on today to talk a little bit about what should happen in the workplace with regards to appropriate use of social media while at work.
NK: Yes, get rid of it all. I’m kidding. Kidding of course. Well, you know, I happen to have had an opportunity to be in leadership positions in a lot of different roles. And, in those roles, I’ve noticed some best practices that, ya know, employees and people who are looking to get a job should and should not do. And, one of the best pieces of advice that I can give people is if you have to pause for one second to think if this should be on social media, don’t put it on social media. Everybody is looking at social media, potential employers, your current employer, managers when you’re calling out sick . To see if you actually are sick or if you’re pulling a “Ferris Ferris Bueller’s Day Off for those of us old enough to know what that means . And, at the Cubs came or whatever the case may be. And so, I would just tell people to always be thinking about what you want your professional history on social media to be like. Not today, but five years from now, 10 years from now, how ever long you plan on working.
LN: I think we had a conversation many years back where it went something like, oh well “but Lee I had my Facebook locked down.
LN: And I said to ya at the time, you just got to assume that anything ya post might get out there.
LN: In fact, events that happened.
LN: Hopefully that advice was helpful.
NK: Yeah, so it was funny because I really argued you down about that. But, today, maybe it’s probably seven to 10 years later I’m in 100% agreement. I never post anything about my work. I never post anything about the day I’ve had at work. I never post anything that could be negatively construed.. By my company, by a competitor. And so, I make a conscious effort to make sure that my posts are pretty much meaningless.
NK: And don’t have anything to do with my career.
LN: But there’s also things that people should do. doesn’t see them.
NK: For sure.
LN: And you have to be careful because Facebook changes. Especially if you choose to post something publicly, I have to remember to go back and change the setting back..
LN: To be private.
NK: Yes, and the other thing Lee is, whatever platform you’re using, go back monthly and see what they might have changed. You just never know. I have put things as private and then a month or two months or three months later I go and look and it’s public.
LN: How does it make you feel.
NK: It’s like oh my gosh I did not want this public Facebook that’s why I had it private first. And that’s not to pick on any one social media.. Outlet But, they change things all the time. It’s social media, they’re trying to make things.. User friendly for all of us. And, ya know, be able to share as much information or as little as possible. But, check that. And make sure that what you want out there for the public is out there for the public and what you don’t is not.
LN: Another thing too that you might want to do as well is you can lock yourself down so that people can’t find you. I recommend that people have their children use sudo names if they’re going to be on Facebook.
NK: Right so their real names aren’t out there. Because, the stuff gets archived. There’s websites like PeekYou that find ways of seeing your stuff..
LN: And can get your archives that you think are locked down.
NK: Yeah. And one other thing I think is very beneficial to people that are searching for employment is that you make your profiles completely private when you’re searching for a job.
LN: And, don’t use a Email name that sounds sexualized.
LN: I mean, honestly.
NK: Sexy kitten 1995 is probably not going to get you that job. But just be mindful that, and I have done this before as an employer I’ve gone to social media to see what people’s presence has been to determine if there was anything there that would keep me for key positions and roles that I hire for keep me from wanting to hire that person.
LN: So, the dates and times of your posts matter to. If you’ve got regular posts on social media that don’t somehow tie into your work there’s a problem. Now sometimes you got to post stuff on LinkedIn..
LN: To help market..
LN: Your firm and their mission. And that’s one thing but just, ya know, ask those questions and think about does this show that I’m a diligent worker if I’m commenting and Tweeting..
NK: All day
LN: All day on entertainment websites..
LN: And things that don’t relate to your position.
NK: Right. And one thing that I have said I’ve never heard anyone else say this so I’m going to go ahead and say that it’s my quote. Facebook is not LinkedIn and LinkedIn is not Facebook. If the profiles of the people that you have on both of those match you’re doing something wrong . Where LinkedIn is for your professional, ya know, world and Facebook isn’t. And, there are some people I’m Facebook friends with who have sent me LinkedIn in requests that I’m not connected to because that’s not the way I want to be connected to those people. And, you absolutely have the right to do that because it’s your social media
LN: Yeah, and unfortunately, the people you connect to you can be judged against who your friends are. And, that’s always a dilemma because we can’t control our family all the time. All we can do is drop them .
NK: I’ve had to do that a couple times.
LN: But, ya know, it’s unfortunate sometimes when extended family or people that you might not be checkin’ in with post things in their profile inappropriate pictures or whatnot.
LN: That could potentially reflect adversarially on you. And the thing is, if you’re interviewing me for a job you’re doing the digging you’re not telling me what you’re looking at are ya.
NK: Of course not.
LN: But you’re looking to see is this going to be a problem for me if I hire this person.
NK: Right. And I’ll give a quick example of, ya know, something that was problematic for me when I was doing research. I did see that someone I was potentially hiring had a person on their friend list that was making racists and sexist comments.
LN: And, I think everyone out there has a friend like that. Which is exactly why you should be locking down and hiding your friends so people can’t..
LN: Find out.
NK: Yeah so, if you go and search me right now you won’t see much and you certainly won’t see my friend list. But, the other side of that is, ya know, if I have people on my page that are making those types of remarks, guess what, they’re gone. I don’t care if it’s my mother, I don’t care who it is. Because, that is not any type of social media conversation that I want had on my page nor do I want to be a part of it.
LN: Well, thanks so much for being on this show Nicole. It’s been great having you.
NK: Thanks for having me Lee!
To learn about the policy for social media for the U.S. Office of Personnel Management click on the link below.
Energy is vital to our everyday life. Companies face a competing demand to preserve data and at the same time continue to function. Experts Lee Neubecker and Geary Sikich give advice on how to overcome these challenges.
The Energy Sector provides the global economy with oil, gasoline, electricity, wind and natural gas. An Energy Industry incident could be a physical attack on a power grid or a cyber attack that stops a company from functioning. The properly planned and orchestrated energy sector incident response will minimize or reduce recovery time and loss. Potentially saving lives! Enigma Forensics CEO & President, Lee Neubecker and Geary Sikich, Principal at Logical Management Systems, Corp. strongly urge all companies to create an incident response plan.
This is the final segment in the four-part series on Energy Sector Cyber Insecurity.
Energy Sector Incident Response video transcript follows
Lee Neubecker: Hi I’m here again with Geary Sikich, and we’re continuing with our final fourth part segment in this discussion about global cyber insecurity as it relates to the energy sector. And in this segment, we’ll be telling you a little bit more about some of the things that need to happen, related to the incident response of a data breach, for the energy sector. Geary, thanks for coming back.
Geary Sikich: Thanks Lee for having me. I think this is, probably one of those areas that are challenging to talk about.
LN: Yeah, certainly, and at the forefront, when things first go wrong, there’s a need to immediately take action to help preserve the data, and collect data so that it can be analyzed. But at the same time, there’s a competing demand for wanting the organization to function. And sometimes those two needs, create conflicts.
GS: Yeah, they sort of butt heads if you will. Yeah, I think the issue for a number of organizations, and I’ve experienced being in the kind of command center if you will, of organizations where their website had gone down. And it was, one of these where a lot of stuff was processed through the portals that they had there. Suddenly there was this pressure to get things back up, and then to look at, what is this costing us? Because now our customers cannot execute their orders and whatnot. And that becomes a challenge because it’s the urgency issue. The other aspect is that when we look at incident response, and this is a little bit different from the typical natural disaster incident response. If I’ve been breached in a cyber incident, how long is it before I actually realize that I’ve been breached? It may not happen very quickly, it could be very subtle. And things could be manipulated, and suddenly I’m in a situation like some of the big companies that had data hack, where all the sudden personal accounts of cardholders are exposed. Now, what do I do? So there’s a lot of not the only rapid response that’s needed, but a lot of consequence analysis that’s really needed.
LN: Is it?
GS: How do you do that and yet maintain, as you were saying, and begin to look at that.
GS: From, not really a legal standpoint, but, from a defensive standpoint.
LN: Yeah, well there’s a lot that needs to happen in a short period of time, you have the collection and preservation. Which, forensic professionals are often called in, such as myself. To collect the data. Firewalls, servers, logs. Then you also have the analysis of that data to determine, what are the motivations of the attacker? Was it an attacker? Was it negligence? You know, oftentimes things go down, people assume it’s a cyber attack, external. It could be an internal attack, it could just be something as innocent as, I’ve seen a new system coming online that’s supposed to help back up and provide redundancy, actually reformat a storage NAS array, that it was supposed to help protect. So, these things can happen. And quickly understanding, making sure that data doesn’t disappear that could be used to rebuild is important And that’s where bringing in the outsider’s important because someone new coming in doesn’t have skin in the game. And, you really need that objective party, to help you figure out what’s happening.
GS: But I think that in that respect when you bring in someone from outside, they also have a vested interest in making sure that, from not only a reputation standpoint but also from the standpoint of the viability of their services, making sure that they’re helping to alleviate the issue. And to bring back some, equilibrium if you will. So there’s this issue of consequence management that comes to bear on those–
LN: And you have some conflicts that happen with having the people that were, kind of in charge of watching over the equipment, do the investigation. And that can cause some, serious problems to the organization. And it may be very well that, the attack wasn’t the fault of the people responsible for managing it. But, if for instance there was, an action that took place that might show some carelessness or mishandling of events by the people in charge of IT, there’s a real risk there that, that person might take actions that could result in further data destruction. In an effort to cover up, what had happened.
GS: So now in that respect, we need to protect, we need to begin to look at how we manage the data collection post-incident, or during an incident, if you will. There obviously some legal ramifications.
LN: Yeah well whoever does this might have to testify. And that’s another reason why having a third party come in to do this work is important. Because you may want, legal may want to know, “well before we put an expert up to testify in this, “just tell us what happened and how do we respond? “How do we get ahead of this?” If it was a problem with a vendor, you want to know that. Because the clocks ticking. You know from the time a data breach is confirmed, it is a real data breach and known, to the time it has to be reported, oftentimes its thirty days. So there’s not a lot of time, to wait around If your data breached before you get in your expert, your forensic expert to inspect.
GS: Okay, so we’ve got a legal consideration, that has to be looked at. Insurance today has changed in a lot of respects. So, business interruption insurance. Obviously, that’s a critical area because if you want to file a claim–
LN: Yeah you have to report it to the carrier, or even if you have cyber coverage, it might not be covered if you failed to notify the insurance company of the incident.
GS: So, when I look at that aspect and say, “I’ve got a business interruption policy,” you mention cyber. And now I know that there are other writers to those policies. Like for terrorism and things like that today. If I don’t have a cyber writer, which is a contingent business interruption issue, my business interruption insurance may not cover me, on something like that. So it really becomes more incumbent to have one, the knowledge, two, to be able to look at the legal considerations, three, to begin to understand insurance laws, what do I have from a coverage standpoint? Which is where the traditional risk management group comes into play. But IT’s got to coordinate with them, to ensure all that.
LN: Exactly, and I had Todd Rowe on my show, who’s an insurance cyber attorney, that deals with these coverage issues. So, that’s an excellent video to watch that delves into that more. The other things though with incident response, you know you have the potential PR issues that relate to being data breached. So really, you need to assemble your team, your in-house legal, your HR, your media advisor. Preferably you have a PR firm that has dealt with data breaches before. And then, you’ve got to put together a plan. And all this stuff needs to be going on in parallel. So while that’s happening, your internal people are probably trying to work on, getting their disaster recovery systems restored. You might even have an outside IT provider come in and help bring those systems back up online. The workload that happens when a data breach has occurred, is such that it really isn’t pragmatic or practical to try to have internal IT do all the work. And it also isn’t covered by insurance typically. The outside providers will usually be covered, but not the internal people.
GS: So, if from a structural standpoint, and I’ll draw this to the areas that I worked in many years back after some of the events in the energy industry. Oil spills and things like that. Where industries adopted what they called an incident command system. The United States now has the National Incident Management System. So with cyber though, the composition, in terms of that team, is not necessarily the same that we would see in a typical, incident command system as is generally presented. So from a functional standpoint, I think that there are some things that I would look at. One, somebody’s got to be in charge. Two, somebody’s got to look at planning. What’s going on, and future planning, what do we do? Three, operationally, what’s effected what’s not affected? How do we keep it from cascading? Four, a communications perspective. Internal and external. An administrative function, which looks at the financial aspects. An infrastructure function, which again, internal-external infrastructure. And then, the aspect of, you know, bringing this all together as a team. Your HR people, all these other things. So, yeah.
LN: That was an excellent wrap-up Geary. I really appreciate you being on the show. If you liked this video, please share it. And check out the other segments we did as well. Thanks again Geary for being on the show.
GS: Thank you, Lee. Very challenging to present on this topic. So much.
LN: Be safe.
Watch the other segments in our Cyber Insecurity in the Energy Sector Series.