Goodpods logo
Goodpods

Log in

goodpods headphones icon

To access all our features

Open the Goodpods app
Close icon
Compliance Perspectives - Debra Geroux and Scott Wrobel on Responding to Data Breaches [Podcast]

Debra Geroux and Scott Wrobel on Responding to Data Breaches [Podcast]

06/08/21 • 14 min

Compliance Perspectives
Post By: Adam Turteltaub When a data breach occurs, one step is often overlooked in the rush to remediate:  preserving as much of the data logs and backups as possible  That’s a mistake, say Debra Geroux, Shareholder at Butzel Long and Scott Wrobel, Co-Owner, N1 Discovery, because that data illuminates what happened, how it happened, and what data was taken. In this podcast they also advise hiring cyber counsel immediately to obtain guidance through the legal and regulatory issues.  They may also be able to help you conduct the subsequent investigation under privilege.  Counsel can also help identify outside resources, deal with law enforcement, and help healthcare organizations determine if the breach is a reportable one. In addition to outside counsel, Geroux and Wrobel argue strongly for leveraging the organization’s communication team.  Managing messaging is critical.  The communication targets—victims, employees, the board, public, media -- have to be identified and given the information they need.  But, be judicious.  Limit your communications to essential information to reduce the opportunity to spin the story. Most importantly, they advise, make the effort to understand what the root cause of the incident was.  Often, that’s not as evident as it may seem.  Sometimes the first suspected point of breach is not the actual one. To reduce the risk of future incidents, they recommend adopting two-factor authentication.  Workforce training is also essential since so often employee errors (and vulnerability to sophisticated phishing efforts) are a factor. Hiring a third-party security company to conduct an internal and external vulnerability assessment can also be helpful.  It should identify every device and piece of software on or connected to your network, their vulnerabilities and how to remediate them. That assessment should also address any cloud-based solutions your organization is using.  While, generally speaking. those solutions are secure, if your organization leaves the default settings in place, it could leave you exposed to bad actors. Listen in to learn more about how to protect your organization, including the need to take a second look at your cyber insurance policy.
plus icon
bookmark
Post By: Adam Turteltaub When a data breach occurs, one step is often overlooked in the rush to remediate:  preserving as much of the data logs and backups as possible  That’s a mistake, say Debra Geroux, Shareholder at Butzel Long and Scott Wrobel, Co-Owner, N1 Discovery, because that data illuminates what happened, how it happened, and what data was taken. In this podcast they also advise hiring cyber counsel immediately to obtain guidance through the legal and regulatory issues.  They may also be able to help you conduct the subsequent investigation under privilege.  Counsel can also help identify outside resources, deal with law enforcement, and help healthcare organizations determine if the breach is a reportable one. In addition to outside counsel, Geroux and Wrobel argue strongly for leveraging the organization’s communication team.  Managing messaging is critical.  The communication targets—victims, employees, the board, public, media -- have to be identified and given the information they need.  But, be judicious.  Limit your communications to essential information to reduce the opportunity to spin the story. Most importantly, they advise, make the effort to understand what the root cause of the incident was.  Often, that’s not as evident as it may seem.  Sometimes the first suspected point of breach is not the actual one. To reduce the risk of future incidents, they recommend adopting two-factor authentication.  Workforce training is also essential since so often employee errors (and vulnerability to sophisticated phishing efforts) are a factor. Hiring a third-party security company to conduct an internal and external vulnerability assessment can also be helpful.  It should identify every device and piece of software on or connected to your network, their vulnerabilities and how to remediate them. That assessment should also address any cloud-based solutions your organization is using.  While, generally speaking. those solutions are secure, if your organization leaves the default settings in place, it could leave you exposed to bad actors. Listen in to learn more about how to protect your organization, including the need to take a second look at your cyber insurance policy.

Previous Episode

undefined - Marti Arvin and Anthony Buenger on the CMMC Framework [Podcast]

Marti Arvin and Anthony Buenger on the CMMC Framework [Podcast]

Post By: Adam Turteltaub America’s data is under attack. Solar Winds and other recent headline-grabbing stories have demonstrated that foreign adversaries are eager to hack into computer systems for a wide range of purposes. The US Department of Defense has had its supply chain hit hard, and to help protect both the chain and the nation’s assets has pursued the Cybersecurity Maturity Model Certification (CMMC), with a multi-level approach requiring outside certification, not the self-certification as in the past.  Although only for defense contractors, it is a model worth watching since it may eventually expand, in one form or another, to additional areas of government contracting. In this podcast Tony Buenger, Cyber Security Consultant and Instructor, and Marti Arvin, Executive Advisor, both of CynergisTek explain some of the complexities of CMMC and its many levels. Level 1 covers basic hygiene and is primarily focused on technical security controls. Level 3 is a certification that requires maturity in terms of documented policies and procedures that have been institutionalized. Level 5, the highest level, is focused on persistent threats. Notably CMMC focuses not just on technology, but also on processes and people, even looking to ensure that the process are built into the organization’s governance. As a result, it’s not a standard for just the CISO or CIO to handle. CMMC is a commitment that needs to be institutionalized, takes time, and requires both trust and ongoing verification. In sum, it very much requires the maturity that is a part of its name. Listen in to learn more about CMMC and what your organization needs to do now, and possibly in the future.

Next Episode

undefined - Amii Barnard-Bahn on Promotability [Podcast]

Amii Barnard-Bahn on Promotability [Podcast]

Post By: Adam Turteltaub While most of the work in compliance is selfless, there needs to be a bit of self-interest when it comes to career.  Even if a compliance officer doesn’t want to make it to the top, he or she likely would, at some point, want to move up. How best to do that?  In this podcast we talk with long-time compliance veteran and executive coach Amii Barnard-Bahn about promotability.  She has developed a Promotability Index and is author of the book The PI Guidebook. Amii reports that from her analysis there are five key elements of promotability: Self-awareness External awareness Strategic thinking Executive presence, and Thought leadership External awareness is worth special attention and centers around how your behaviors impact others and how others perceive you.  The latter is particularly important since that perception becomes their reality when working with you. Notably absent from the list is technical expertise.  It is a requirement, to be sure, but above a certain level technical acumen starts to be less important than the ability to manage people and affect change through others. When it comes to seeking a promotion she advises to avoid having discussions with supervisors about the topic during the annual evaluation.  That conversation is more about compensation, and it is better to separate the two.  Also, it is ill-timed for another reason:  typically succession planning conversations by management and HR are held months earlier.  Better to raise the topic about six months before the annual review cycle. If you do approach your manager about moving up, make sure she or he knows it is safe to give you candid feedback.  In addition, be sure to understand the power structure and culture of your company to know the likelihood of whether you are a candidate to move up the ladder.  Ask questions such as:  “How am I seen?”  “Am I working on the things I should be?”  “Are there perceptions that block me?” Finally, she counsels individuals that the days of just working harder to get ahead are gone.  Instead, build around your strengths and remove bad habits.  Focus on areas such as the ability to influence and working with and through others. Listen in to learn more about how you may be able to improve your own promotability index.

If you like this episode you’ll love
CASA on the Go: Continuing Education for CASA Volunteers

CASA on the Go: Continuing Education for CASA Volunteers

Learning Life with Jon Tota

Learning Life with Jon Tota

Motivation Plus Marketing Podcast

Motivation Plus Marketing Podcast

PodCraft | How to Podcast & Craft a Fantastic Show

PodCraft | How to Podcast & Craft a Fantastic Show

Finding Mastery with Dr. Michael Gervais

Finding Mastery with Dr. Michael Gervais

Episode Comments

Generate a badge

Get a badge for your website that links back to this episode

Select type & size
Open dropdown icon
share badge image

<a href="https://goodpods.com/podcasts/compliance-perspectives-117862/debra-geroux-and-scott-wrobel-on-responding-to-data-breaches-podcast-16040032"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to debra geroux and scott wrobel on responding to data breaches [podcast] on goodpods" style="width: 225px" /> </a>

Copy