If you collect data in any part of your business — financial, health, human resources, online behavioral data, private user communications and images — you face increasing financial and regulatory pressures to protect it. Threats come from all directions – disgruntled employees, lost laptops, organized crime syndicates, underground hacker groups, and foreign governments. The cost of a security breach is significant. You could lose intellectual property or trade secrets, sensitive consumer data, or customers’ trust and confidence. Running afoul of regulators and privacy watchdog groups is just as perilous to your bottom line.
If your organization is facing an actual or suspected security incident, we can help you triage the issue, manage the incident response, engage external incident response vendors under privilege on your behalf, conduct internal investigations, comply with security breach notification laws, and defend resulting regulatory inquiries and civil litigation.
We can advise on the security requirements of state, federal, and international security laws, including HIPAA, GLBA, state “reasonable security” laws, and GDPR, and state and local security breach notification laws, as well as self-regulatory frameworks like the PCI-DSS.
To help assess your organization’s incident response capabilities and practice your incident response plan, we can design and facilitate a simulated incident response scenario, or “tabletop exercise.” The scenarios can be custom-tailored to test particular vulnerabilities that keep your team up at night, or we can take a real-life incident managed by our team and tailor it to match your organization’s systems, data, and personnel. Our exercises can cover all aspects of incident response, including alerting, triage, containment, investigation, notification, internal and external communications, and interactions with law enforcement and regulators.
We can help you conduct information security assessments and provide legal analysis of risk exposure. We can also provide information security technology counseling and remediation planning for topics such as identity and access management, threat intelligence and mining, cryptography, data loss prevention, and secure disposal. We are also able to assist with vulnerability and patch management as well as bug bounty programs.
We can help you develop information security policies that articulate corporate practices in a way that satisfies legal requirements and meets industry best practice guidance for plain language and transparency. We can also help you develop and implement related security policies and procedures, including incident response plans, record retention policies, acceptable use policies, responsible disclosure/bug bounty policies, and related policies.
We can provide general product counseling, especially for Internet of Things (IoT) devices and connected technology, wearables, cloud solutions, sharing economy platforms, and augmented reality devices. We can also assist with secure development lifecycle management.
We can assist you with finding threat actors (e.g., hackers) and disincentivizing future attacks through cease and desist letters, U.S. litigation/asset seizure, website domain take-downs, and coordination with law enforcement.
We can provide tailored training for your employees, including general security awareness training, phishing and spearphishing training with social engineering prevention guidance, and end-user compliance training.
We can provide pre-audit, privileged compliance review for audit standards (e.g., PCI-DSS, HIPAA, GLBA, NIST 800-53, NIST Cybersecurity Framework, SANS CIS 18, and ISO 27001). We can also help coordinate with external auditors to ensure appropriate scoping/remediation requests.
We can perform information security due diligence for vendors, corporate acquisitions, or equity investments. We can also draft templatized or custom security addenda for vendors and customers, including by creating security addenda negotiation “playbooks.”
The decisions you make during a cyberattack make a big difference in managing legal risk. You need practical, flexible legal counsel with the experience to guide you through incident response in a manner that is tailored for your organization.
Our small team of incident responders knows that every client is distinct, and so are their cybersecurity needs. Our approach ensures we craft custom strategies that align with your specific requirements, industry nuances, and risk tolerance.
In the fast-paced world of information security, knowledge is power. We stay at the forefront of the latest threats, technologies, and regulatory changes. Our clients benefit from our deep reservoir of insights and cross-functional expertise.
Our team bridges the gap between law and technology seamlessly. We possess a rare blend of legal expertise and technical acumen, allowing us to offer comprehensive solutions that address both the legal and technical aspects of proactive and reactive security.
We don’t wait for cyber threats to strike; we anticipate and prepare for them. Our proactive risk management strategies ensure that you’re well-prepared to face even the most unpredictable challenges.
If you are suffering from a security incident, we can help you manage the incident response, conduct internal investigations, comply with security breach notification laws, and defend resulting regulatory inquiries and civil litigation.