Thursday, June 2, 2016

Cyberpunks, Cybermen, Cyber Risk ("Cyber" is scary...)

Plenty has been written about the unfolding Panama Papers event, and the ripples hitting risk, information security and more.

"Panama Papers Data Dump Includes BigLaw Intermediaries" --
  • “A group of international journalists that released the so-called Panama Papers, which exposed the use of shell companies by wealthy individuals to hide their money from tax authorities, released data on Monday [May 9] related to more than 200,000 such companies, including information about BigLaw firms named in a prior data leak.”
  • “The data, which can be found here, co-mingles information uncovered in both the Panama Papers, which were released in April, and a report from 2013 known as the Offshore Leaks investigation, which focused on actions by U.K. citizens and residents to set up anonymous shell companies in foreign jurisdictions.”
  • “The released papers do not necessarily reveal illegal activity or other wrongdoing by the law firms or their clients, but altogether do shine a light on the secretive and complex use of offshore shell companies to conduct business — some of which is controversial or linked to questionable persons and activities.”
  • “Edelson PC's recent putative privacy class action alleging a Chicago-based regional law firm failed to take measures to effectively safeguard sensitive client data highlights the need for firms to obtain expansive cyber liability coverage. There is a misconception among firms that adding a "network endorsement" to their lawyers' professional liability policy will cover most cyber risks, but that isn't the case, according to Eileen Garczynski, senior vice president of specialty insurance brokerage Ames & Gough... As a result, purchasing a standalone cyber policy has become a must for law firms, Garczynski said.”
  • “And because many cyber policies only cover claims resulting from the theft or inadvertent disclosure of personally identifiable information such as birth dates and Social Security numbers, it is crucial for a law firm to obtain a cyber policy with a definition of ‘confidential information’ that encompasses all materials that fall under the attorney-client privilege. ‘A law firm will have some [personally identifiable information], but perhaps the bigger concern is that someone will steal the firm's strategy, a client's intellectual property or confidential emails,’ Garczynski said.”
  • “Like other businesses, many law firms have started to store more data in the cloud rather than on computer servers located onsite. As a result, firms that use third-party cloud storage vendors to store sensitive data should make sure that a policy's definition of ‘computer network’ encompasses those cloud providers, experts say. Otherwise, any claims that ensue if confidential information is stolen from a cloud provider may not be covered.”

No comments:

Post a Comment