Jerry Tarrant, far right, describes how a large tech firm might respond to a possible data breach at the TechJamcybersecurityforum. VBMphoto.
by Timothy McQuiston, Vermont Business Magazine Vermont Attorney GeneralTJ Donovanmoderated a panel of experts at the business expo TechJam October 19 designed to walk the attendees through a data breach scenario. The workshop, called “Anatomy of a Data Breach,” demonstrated best practices and showed participants the different elements of a data breach – from the technology to governmental reporting requirements to FBI reporting to public relations approaches. The scenario involved spear-phishing and ransomware, as well as a reportable data breach. TechJam is presented by Seven Days.
The packed eventin Essex Junction led the audience through a fictional scenario in which a firm realizes late on a Friday that its customer files might have been compromised.
Former MyWebGrocer CFO Jerry Tarrant played the CEO of this firm. "Beer Friday is off," Tarrant said to chuckles. The panel then led the audience through how a larger firm might deal with a possible data breach.
This concerns reporting to authorities, bringing in IT and a forensic IT consultant and calling both the AG's office and the FBI. One of the most important players is your insurance company. Especially if you have customer personal information, not only must you have tight cybersecurity software, but insurance to cover your firm if it fails.
Everyone in the audience was suitably scared to death.
While your insurance carrier might take a more practical position on, say, paying off ransomware, the FBI said, "Never" pay off a ransom. So, there wasn't always total agreement on how to respond.
It can also be very, very expensive, whether you're paying off a ransom or whether you're setting up protections, including encryption.
For smaller businesses, doing commonsense precautions like multiple backups onsite and offsite, while not hanging on to personal information on customers, might be enough. Calling in a forensic consultant would be beyond the means of most firms with 10 or fewer employees.
“Now more than ever businesses need to be aware and proactive about data breaches,” Attorney GeneralDonovansaid. “Our office is working hard to educate Vermont businesses about how to prevent a data breach, minimize loss, and what next steps are required and recommended.”
The panel consisted of the following experts: Attorney General T.J.Donovan; Jerry Tarrant (MyWebGrocer); Heather Roszkowski (The University of Vermont Health Network); Matt Borick, Esq. (Downs Rachlin Martin); Jonathan Rajewski (Leahy Center for Digital Investigation at Champlain College); Nick Sherman (Leonine Public Affairs); Mindy Higgins Bero (Hickok & Boardman Insurance Group); Jennifer Vander Veer (Federal Bureau of Investigations); and Ryan Kriger, Esq. (Vermont Office of the Attorney General).
This is the second year that Attorney GeneralDonovanhas moderated a panel at Vermont Tech Jam. Tech Jam, organized by Seven Days and the Vermont Technology Alliance, is a free job fair and tech expo where attendees can meet with recruiters from local tech companies, learn about training programs, and connect with tech professionals and industry experts.
Find out more at:techjamvt.com/
If your business has suffered a data breach, please contact the Attorney General’s Office to report the breach at 802-828-3171. For more information about data breaches, you can visit the Attorney General’s website at:ago.vermont.gov/privacy-data-security/
Source: AG. VBM.