On Wednesday, June 14th 2017, Optimum Networking, USI and Armstrong and Teasdale partnered on a cyber-security panel discussion to a group of invited guests.
Optimum was represented by Art Gamino our Security Compliancy Expert and Tracy Huntzinger, Chief Security Information Officer (CSIO). They were joined by Monica Minkel, Senior VP of the Management and Professional Services practice group at USI; and Daniel Nelson, a litigator and co-leader of the Privacy and Data Security practice area at Armstrong Teasdale. This distinguished panel of professionals discussed the necessity of a balanced approach to the ever present and growing threat of cyber-attacks.
Dan Nelson emphasized the human element of the threat. Dan is uniquely qualified to speak on this, as he is one of the few attorneys in the U.S. to hold the title of Certified Ethical Hacker (C|EH) and Certified Information Privacy Professional (CIPP/US). He made the point that no matter how strong and secure your network infrastructure is, there is always the chance that a breach could occur through human error or malicious intent. Dan described the need to have well thought out policies and vender contracts in place to mitigate this risk.
Art Gamino presented the importance of a layered approach to cybersecurity. Starting at the “human” layer, companies need to increase their employee’s awareness of cyber threats and how they can avoid them. At the desktop, server, and network layer level, there are several defenses, including antivirus/malware, updates and patching, strong user passwords/policies, hard disk encryption and best practices. Optimum Networking has partnered with Webroot–a Colorado company with international acclaim for their antivirus product. At the network level, we offer next generation firewalls, secure switches, server and domain policies and active network security monitoring. Additionally, it is critical to have a managed backup process in place that is monitored and tested regularly. To bring all these critical elements together and ensure their effectiveness, most firms will need an experienced, trusted IT provider like Optimum Networking.
Monica Minkel relayed her expertise on cybersecurity liability insurance and its importance. Monica has 15+ years of experience including participation in the 2003 underwriting of the very first generation of Cyber Liability products at AIG. Monica described various threats including phishing scams, crypto locker, social engineering and more. Once firms have been infected by a cyber-attack, the cost to the organization can multiply quickly and exponentially. Beyond the loss of hard data and/or money, the impacted firm may be required to offer effected clients compensation. In addition, there are typically costs associated with public relations to restore a firm’s industry reputation. Most of this exposure is not covered in standard policies, and most CXO’s are not aware of the implications, so having an expert partner Monica and USI is vitally important.
After the presentations, the panel opened the floor to questions. Questions ranged from understanding the nature of cyber-attacks to several participants wanting to know the most important policies, technologies and coverages for their businesses. The consensus was that the “bad guys” out there are smarter and more nimble than the current authorities (local law enforcement, FBI, international agencies, etc.). It is up to individual firms to take matters into their own hands and protect their companies with a balance approach of policy, IT infrastructure and liability protection.
To summarize, it was generally agreed that firms must take the time to understand their potential exposure, develop a realistic multi-layered security strategy, and develop a timeline plus budget to implement the strategy.