Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

NLC provides member cities with access to two such programs: TULIP

advertisement 
NetDiligence Cyber & Privacy Liability Conference, June 2-3, 2015
Contact: Claire Reiss, NLC-RISC Program Director
creiss@nlcmutual.com or 202-626-3165
NetDiligence, an NLC-RISC partner and developer of the eRisk Hub used by many NLCRISC member pools as well as commercial insurers, held its annual East Coast Cyber and
Privacy Liability Conference in Philadelphia on June 2-3, 2015. Panels comprised of
experienced professionals presented a packed agenda that included sessions on cyber
claims and litigation, cyber insurance coverage, hacker approaches, breach response,
the status of efforts to enact a federal notification law, evolving PCI requirements, and
vulnerabilities associated with third party vendors.
@NLC-RISC tweeted salient points throughout the conference, but in case you missed
them, here are some of the key points made by the presenters.
•
•
•
•
•
•
Increasingly clients are concerned about the security of their information in the
hands of third parties, so organizations (including pools and insurers) that can
demonstrate that they are providing good security may have a competitive
advantage.
Although cloud users can contract for security services from their providers, they
remain ultimately responsible for the security of their data. They need to ensure
that they are using a cloud provide that has state of the art security, with a
contact that ensures the provide will be cooperative in the event of a breach.
In October 2015, organizations that take credit cards, including small and
medium sized local governments, will be faced with a shift in the responsibility
for fraudulent card present transactions from the issuers to merchants that have
not implemented chip enabled terminal technology. It’s a good reason for all
organizations that accept credit cards to implement the new technology.
There is new federal data breach notification legislation being considered by
Congress: H.R. 1770, the Data Security and Breach Notification Act of 2015.
Although passage is never certain, this one has a better chance than many of its
predecessors.
According to state attorney general office representatives, it is very important to
have a breach response plan before a breach occurs. The attorney general’s
office will ask for it if it becomes involved. Pools may be able to help their
members by providing information about how to create such a plan.
Using unsecured public wireless internet in hotels, airports, etc. can be very
dangerous. It is easy to get onto the wrong site because it can sometimes be
difficult to determine which is the genuine wireless site offered by the venue.
Wifi pineapples can enable a hacker to insert themselves between the user and a
legitimate wifi connection. Public charging stations, especially those that operate
•
•
•
•
•
•
•
by providing usb connections rather than electrical plugs, can result in lost data
and loading of malware onto the device.
BYOD is a major risk to employers if employee devices connect to the network,
because employees’ devices may not be as well protected and may have picked
up malware during personal use. Employers should have strong BYOD policies in
place if they allow those devices to connect to their network.
Data breach litigation is not expected to slow. More plaintiffs’ attorneys are
entering the field.
The plaintiff’s bar is pursuing a uniform damage model for class action legislation
brought by victims of a data breach. If adopted, this will make litigation more
lucrative by eliminating the need to prove actual damages to individual plaintiffs.
Some state regulators are coming back and inquiring about data breaches
several years later. From an insurer’s perspective, when can the file be closed?
Attorneys’ computer networks house a great deal of sensitive and confidential
information. Be sure that attorneys used by your pool have good security and
cyber coverage so they can respond appropriately if there is a breach.
A best practice in cyber breach planning is to have a pre-vetted roster of experts,
generally more than one in any given discipline, so an expert will be available
quickly if needed.
Emerging issues in cyber coverage include network business interruption, cyber
extortion, crossover coverage, and the effect of war, terrorism and crime
exclusions.
The west coast version of this conference will be October 6-7 at the Loews Santa Monica
Beach Hotel. Here is the registration link.
Related documents
View session overview, activities and output
View session overview, activities and output
Global Data & Privacy Update
Global Data & Privacy Update
clicking here.
clicking here.
High Court case Citation Court Procedural History Facts Issue
High Court case Citation Court Procedural History Facts Issue
Best Practices for Insuring Medical Practices from Cyber Risk
Best Practices for Insuring Medical Practices from Cyber Risk
Interested Industry Participant Registration Form
Interested Industry Participant Registration Form
Phil-Bell-CRL-Introduction-and-Cyber-Liability-for
Phil-Bell-CRL-Introduction-and-Cyber-Liability-for
Word - Salt Lake County
Word - Salt Lake County
Data Privacy and Data Security Compliance Issues
Data Privacy and Data Security Compliance Issues
Cyber Extortion - Bartling Insurance Group
Cyber Extortion - Bartling Insurance Group
DISCHARGE OF CONTRACT
DISCHARGE OF CONTRACT
Form 2 - Cost estimate
Form 2 - Cost estimate
Download
advertisement