Fasoo sponsored and presented at an event in Columbus, OH on November 13, 2018 entitled “Incident Detection, Response and Recovery” highlighting how to prepare and manage an incident response plan for cybersecurity and data protection. Presented and cosponsored by Catalyst Solutions, IBM and Huntington Insurance, the event brought together experts in legal, insurance, law enforcement, government, accounting and security disciplines to discuss the legal, technical and business issues of preparing for and responding to a data breach.
Bill Blake, Senior Vice President and CCO of Fasoo, presented Incident Response & Recovery: Secure Collaboration for Critical Information which highlighted the Wrapsody platform as a solution to help manage the development, access and control of an incident response plan (IRP). Bill showed an example of a CISO, Legal Counsel and an external Advisory firm securely collaborating on an IRP and how to control who could access the plan and any supporting documents involved in a response. The example showed how easy it is to securely collaborate on developing and managing the plan, but also on limiting access prior to, during and after a breach occurs. Since Wrapsody encrypts documents and controls their access, it guarantees only authorized users can access them. This is critical because if an incident response plan got into the wrong hands, malicious insiders or external parties could compromise an organization’s data security.
Ed Rice, an attorney at Sherrard, German & Kelly, P.C., talked about the importance of having a data security program in place. “Not only does it make good business sense, but under the regulatory landscape, for instance in NY, MA and CA, having such a program is a requirement when a company deals in data containing personal information. Ohio’s new data protection act actually provides a “safe harbor” from liability for a data breach if the company has in place a good data security program”.
One key to a data breach response is maintaining attorney – client privilege between internal or outside counsel and the organizations involved in the breach. A cybersecurity incident is not considered a data breach until an attorney says it is. An attorney should be involved in developing the plan so the plan and any supporting documents are considered attorney work product and come under attorney – client privilege. Since Wrapsody limits access to authorized users, if a malicious insider tried to share documents with external parties, they would not be accessible. If a court tried to subpoena the documents, attorney-client privilege would protect them legally, but Wrapsody’s encryption and access control would prevent access to the files themselves. Another key is having a detailed audit log of document access to prove to auditors, regulators and law enforcement who accessed the IRP during its preparation and execution, thus also helping establish what is subject to attorney – client privilege.
Once an event occurs and the organization executes the IRP, access is controlled and audited. If internal systems are compromised, Wrapsody enables mobile access to the IRP through a phone and tablet. Since each version of the IRP and any supporting documents are automatically synced to the Wrapsody server, those involved in the response will have access to the latest information, even if the IRP itself was hit with ransomware.
Protecting company and customer information is the main goal of cybersecurity. Preventing a data breach is a key tactic, but you need to have a viable incident response plan so you can act quickly and decisively if or when a breach occurs. Using Wrapsody to prepare and manage the plan along with sensitive documents should be a key tactic in your cybersecurity program.