Archives: Data Security Incident Response

Subscribe to Data Security Incident Response RSS Feed

Deeper Dive: GLBA-Regulated Financial Institutions Reduce Your Cybersecurity Risk With Rigorous Oversight of Third-Party Service Providers

Financial institutions that are subject to the Gramm-Leach Bliley Act (GLBA) can find practical tips that address their unique data security challenges in the 2019 Data Security Incident Report (DSIR). It appears that money remains a strong motivating force for many threat actors. According to the 2019 report, finance and insurance remain among the sectors … Continue Reading

Deeper Dive: Security Incident Mitigation Strategy: Effective Negotiation of Technology Contract Limitations of Liability

There is always significant negotiation around caps on liability when negotiating a contract with a technology vendor. If the vendor will have access to the personal information of its customers’ end users (regardless of whether the end users are employees or customers), treatment on caps on liability take on heightened importance. In fact, limitations of … Continue Reading

Deeper Dive: The Scourge of O365 Incidents

A Growing Menace 2018 saw a continuation of companies moving toward cloud-based email systems. Phishing incidents targeting those systems followed suit. Fully one-third of incidents addressed by our incident response team in 2018 involved unauthorized access to an online email account. Phishing attacks continued to dominate the types of cyberattacks organizations experienced in 2018, owed, … Continue Reading

Deeper Dive: GDPR a Game-Changer for Data Breach Notification

When the EU General Data Protection Regulation (GDPR) took effect on May 25, 2018, it dramatically changed the way multinationals manage the reporting of personal data breaches. It also substantially raised the stakes: Entities found to have violated the GDPR’s data security and breach reporting obligations could face much steeper regulatory fines than those available … Continue Reading

Fifth Annual Data Security Incident Response Report Released – Managing Enterprise Risks in a Digital World

We are excited to release the fifth edition of our annual Data Security Incident Response Report. This year’s report provides metrics from the 750+ potential incidents our team led clients through in 2018, as well as “Take Action” segments that feature insights from our team on key response items. Because it is our Report’s fifth … Continue Reading

Deeper Dive: Using Response Time Metrics to Drive Incident Response Preparedness & Response Improvement

One of the most important metrics in our report is the incident response (IR) timeline, which tracks the average time it takes companies to detect, contain, fully investigate, and provide notification of the incident to individuals. The metric is valuable because it helps entities identify areas where they can improve before an incident occurs and … Continue Reading

Canadian Breach Notification Requirements Take Effect November 1

On April 18, 2018, the Canadian government published long-awaited Breach of Security Safeguards Regulations specifying the requirements for notifying the Office of the Privacy Commissioner and affected individuals of data breaches that pose a “real risk of significant harm.” The Regulations will come into force on November 1. As we previously reported, the Digital Privacy Act, … Continue Reading

Deeper Dive: Forensics

A company’s ability to quickly and effectively conduct a forensic investigation is often critical to limiting the impacts of a data security incident, determining the scope of the incident and developing an effective communications plan. In BakerHostetler’s 2018 Data Security Incident Response Report, we analyzed over 560 data security incidents that we worked on in … Continue Reading

Deeper Dive: Take Action to Close the Largest Cause of Data Security Incidents – Your Employees

If you work at a typical company, employee actions and inadvertent disclosures present the greatest threat to the security of your data. Therefore, providing proper training and technical safeguards is one of the most important means to enhance your company’s security profile. In BakerHostetler’s newly-released 2018 Data Security Incident Response Report, we assisted our clients … Continue Reading

Deeper Dive: Key findings From Baker Hostetler’s 2018 Data Security Incident Report

In our 2018 Data Security Incident Report, “Building Cyber Resilience: Compromise Response Intelligence in Action,” we identify and analyze the most important trends and takeaways from the more than 560 incidents we handled last year. These incidents affected nearly every industry and impacted anywhere from a single individual to millions of people. Our report distills … Continue Reading

Deeper Dive: Minimizing Risk

For organizations of any size, making sense of the constantly evolving cyber risk landscape can seem daunting. With new threats materializing on a constant basis, it can be difficult for organizations to efficiently allocate resources and respond to security incidents. In BakerHostetler’s newly-released 2018 Data Security Incident Response Report, we use our experience from more … Continue Reading

Fourth Annual Data Security Incident Response Report Released – Building Cyber Resilience

On Monday we published our fourth annual Data Security Incident Response Report, which provides an analysis of the more than 560 cyber incidents handled by the team in 2017. Reflecting on the increasingly sophisticated nature of attacks, the aggressiveness by regulators in researching breaches and the expectations of highly developed responses, the report offers intelligence to … Continue Reading
LexBlog