Filed under: Uncategorized | Tags: Combs & Company, Cyber Liability, Cyber Resiliency, Did You Know That?, Sean O'Rourke
“Fall down seven times, stand up eight.” Japanese Proverb
Resilience is a foundational component of human nature and business. The ability to get up sometimes is all that separates the successful from the also-rans, because getting knocked down is unavoidable in many instances. Like cyber.
The phrase du jour about cyber is, it’s not if but when you’ll experience a cyber event. Unfortunately, this is not hyperbole; it’s 99.782% fact, especially for businesses. So what’s a business to do? Get resilient.
DYKT? Snippets Ep. 3 touches on cyber resiliency, cyber risks, and where cyber insurance fits into the picture. The five videos take less than 20 minutes but could prove invaluable in preparing your business for the inevitable.
Music: “Camaro” by Oliver Michael via Artlist
Filed under: Uncategorized | Tags: Combs & Company, Cyber Liability, Cyber Resiliency, Did You Know That?, Rebecca Rakoski, Sean O'Rourke
“No longer are technology and cyber issues confined to tech geeks in some backroom. In the digital age, IT issues are front and center.” Will Hurd
2021:17
During my 25+ years in and around technology, the most common refrain from those on the business side of a company when it came to cyber was, “It’s an IT problem.” That is not the case any longer. Your IT folks have to be involved in the discussion, but cyber is most definitely a business problem now. Don’t believe me? Maybe my next guest on Did You Know That? can convince you.
Rebecca Rakoski is a founding partner of XPAN Law Partners, a practice primarily dedicated to their client’s cyber welfare. Our conversation focuses on what that means for businesses; some best practices required to stay in “compliance;” and a host of other elements of a cyber program.
Website: https://xpanlawpartners.com/
LinkedIn (personal): https://www.linkedin.com/in/rebecca-rakoski-esq-1460b116/
LinkedIn (firm): https://www.linkedin.com/company/xpan-law-partners/
Twitter: @XPANLawPartners
Email: rrakoski@xpanlawpartners.com
Filed under: Uncategorized | Tags: Cyber Liability, Cybersecurity, Did You Know That?, James Mottola, Sean O'Rourke
The United States Secret Service was established in 1865 to combat counterfeiting. In 1901, the agency was charged with protecting America’s political leaders, their families, and visiting heads of state or government.
2021:16
James Mottola is a frequent collaborator of mine on the Everything Cyber playlist, as well as other engagements revolving around cybersecurity and cyber liability. What some of you may not know is that Jim spent 20+ years in the United States Secret Service. That’s where he was indoctrinated into the world of cyber.
We’re taking this episode of Did You Know That? to explore Jim’s time with the Secret Service, talk about the agency’s mission, and discuss how it prepared him for the work he does today. While Jim doesn’t reveal any agency secrets, you will get a better idea of how it’s disparate mandates are handled and why there is intense competition among all government agencies.
You can learn more about Jim and his current job by visiting the sites below:
Porzio Compliance Services: https://porziocomplianceservices.com/
LinkedIn: https://www.linkedin.com/in/jamesmottola/
Music: “Come Get Yours – Instrumental” by Bunker Buster via Artlist
Filed under: Uncategorized | Tags: Cyber Liability, Cyber Resiliency, DFSPart500, Did You Know That?, nysdfs, Sean O'Rourke
“The five most efficient cyber defenders are: Anticipation, Education, Detection, Reaction and Resilience. Do remember: Cybersecurity is much more than an IT topic.” Stephane Nappo
And now Part 2 of the 2-part premiere of DYKT? Snippets. We’re closing out the conversation about the New York State Department of Financial Services (NYSDFS) Part 500 cyber regulations. Be sure to watch Part 1 before diving into these videos.
For context, here are some links for the regulations & the actual requirements:
Who NYSDFS Supervises: https://www.dfs.ny.gov/who_we_supervise
NYSDFS Industry Definitions: https://www.dfs.ny.gov/institution_definition
NYSDFS Cybersecurity Resource Ctr: https://www.dfs.ny.gov/industry_guidance/cybersecurity
Regulation Sections:
500.02 – Cybersecurity Program
500.03 – Cybersecurity Policy
500.04 – Chief Information Security Officer (exempt)
500.05 – Penetration Testing & Vulnerability Assessments (exempt)
500.06 – Audit Trail (exempt)
500.07 – Access Privileges
500.08 – Application Security (exempt)
500.09 – Risk Assessment
500.10 – Cybersecurity Personnel and Intelligence (exempt)
500.11 – Third Party Service Provider Security Policy
500.12 – Multi-Factor Authentication (exempt)
500.13 – Limitations on Data Retention
500.14 – Training and Monitoring (exempt)
500.15 – Encryption of Nonpublic Information (exempt)
500.16 – Incident Response Plan (exempt)
500.17 – Notices to Superintendent
Music: “Camaro” by Oliver Michael via Artlist
Filed under: Combs & Company, Cyber Liability, Feature Friday, Important Notice | Tags: Combs & Company, Cyber Liability, Dynamic Identification, James Mottola, Sean C O'Rourke
By: Sean C. O’Rourke, Cyber Liability Consultant, Combs & Company, LLC
How often do you think about the information contained on a state-issued identification document (such as a driver’s license)? How about your passport, which is internationally recognized? The data on your credit card’s magnetic strip? Pretty sure most people would answer never or infrequently to any or all of these questions, which is why there are folks like James (Jim) Mottola.
Jim spent 26 years at the Secret Service, thinking a lot about identification documents and the information contained – and not contained – on them. To law enforcement, identification is a vital part of the job. But with COVID-19, questions about identification data have taken on new forms and urgencies, beyond law enforcement and the ability to get on an airplane or drive a car. A great many of those questions revolve around health ID’s; documents that could confirm a person has the COVID-19 antibodies, or never tested positive for the virus, or received the proper immunizations before traveling to other parts of the world.
Would a health ID work, especially here in the United States? If so, how would it work and most importantly, how would you protect the data? “Dynamic Identification” is a conversation I recorded with Jim to discuss these questions and others. It’s a topic that touches on every citizen and business. If interested, just click on the video below.
Filed under: Combs & Company, Cyber Liability, Feature Friday, Insurance 101 | Tags: Combs & Company, Cyber Liability, Feature Friday, Insurance 101, Mitchell Ledven
By: Mitchell R Ledven, Insurance Advisor, Combs & Company, LLC
The current landscape of the U.S. workforce is quite different than it was six months ago. In a world once consumed by daily human interaction, we now find ourselves spending most of our days sitting in front of a screen and talking behind a keyboard. Some may say that this is just a short-term solution to the problem at hand, while others say it will be the way of life moving forward. While we don’t know for certain which answer is correct, we can agree that one thing is for sure and that is every day you log into a computer, there is a risk that someone is out there trying to take advantage of you. That person could be your next door neighbor or a 12-year-old hacker sitting in their parent’s basement on the other side of the globe. The point of this blog isn’t to shake you out of your boots, but it is to inform you about a way to protect your business and its assets. Enter Cyber Liability Insurance, a coverage that helps protect data and operations of your business if you find yourself the victim of a cyber related attack. Here’s how it works:
Cyber Liability Insurance helps protect your business from losses resulting from online threats. These breaches can be suffered on a 1st and/or 3rd party basis. This is a responsive coverage to help soften the blow due to a cyber-attack.
What it Protects Against:
- Username and password theft
- Phishing emails
- Ransomware/cyber extorsion
- Defense costs, fines, and penalties
- Business interruption after a cyber related incident
- Breach response
- Funds transfer fraud
- Crisis management/PR
- Website is hacked
In a Nutshell: If you store data or have systems connected to the internet, you are exposed to cyber threats.
Is it required?: No. However, all states have laws regarding breach notification. Some states have laws dictating cyber protocols. For example, NY has DFS rule 500 and the SHIELD Act, while California has the California Consumer Protection Act (CCPA).
combsandco 