October 29, 2009 | Posted by Editor
Leading insurance broker Marsh is hosting two joint panel discussions with Perkins Coie, featuring Of Counsel Susan Lyon in Seattle and Associate Joseph Cutler in Portland, speaking on the latest updates in data security laws and enforcement.
|
October 8, 2009 | Posted by Editor
Perkins Coie Of Counsel Susan Lyon was quoted in a recent story posted on CreditCards.com, a publisher of original consumer credit card related news.
|
October 5, 2009 | Posted by Editor
Perkins Coie Of Counsel Susan Lyon was quoted extensively in a recent story posted on CreditCards.com, a publisher of original consumer credit card related news.
|
September 3, 2009 | Posted by Editor
Perkins Coie Of Counsel Susan Lyon was quoted this month in an Inside Counsel article entitled, "Watching Out for a National Cyberdisaster." The article discusses how cyber-attacks are a danger to security of critical infrastructure systems in the U.S.
|
March 25, 2009 | Posted by Susan Lyon
|
February 8, 2009 | Posted by James McCullagh
The Ponemon Institute has published its fourth annual survey of the costs of Data Breaches. The 2008 Annual Study: Cost of Data Breach key findings include:
-
Costs of response and impacts of data breaches continue to rise. Total average costs increased to $202 per record compromised, compared to $197 per record in 2007.
-
Cost of lost business and customer churn continue to account for the largest impact or some 69 percent of total breach costs.
-
Data breaches from third-parties account for 44% of the data losses.
-
Insider negligence accounted for over 88% of the data breaches. Lost laptops (35 percent) and system failure (33 percent) are the main causes of data breaches.
|
April 17, 2008 | Posted by James McCullagh
The New York Times recently reported on a sophisticated phishing scheme that targets executives by sending them what appears to be an official subpoena. The email includes an embedded link that purports to offer a copy of the entire subpoena, but which, when clicked, actually downloads keylogger software as well as software that permits remote control of the compromised computer. The New York Times article can be found here. A related article from SC Magazine can be found here. While the scheme is a sophisticated example of social engineering, all employees and particularly executives should be informed that (1) subpoenas are not served by email and (2) all suspect emails should be forwarded to IT before clicking an any links.
|
April 17, 2008 | Posted by James McCullagh
The Ponemon Institute has released the “Consumer's Report Card on Data Breach Notification.” This study of 1,795 people indicated that 31 percent said they terminated their relationship with the organization after learning that their personal information may have been released as a result of a data breach. 26 percent of respondents took no action after being notified and 57 percent said they lost trust and confidence in the organization.
Other key findings are:
§ 63 percent of survey respondents said notification letters they received offered no direction on the steps the consumer should take to protect their personal information;
§ 55 percent of respondents had been notified of two or more data breaches in the previous 24 months;
§ More than 55 percent of respondents state that the notification about the data breach occurred more than one month after the incident;
§ More than 50 percent of respondents rated the timeliness, clarity, and quality of the notification as either fair or poor;
§ Less than one-third of respondents said that the organization offered services to protect them from further harms; of those who opted into such services, 97 percent rated them good to excellent; and Two percent of respondents that had been notified of a data breach experienced identity theft as a result of the breach, while 64 percent were unsure if they were a victim of identity theft.
|
December 13, 2007 | Posted by Editor
A national survey conducted by the Ponemon Institute reveals remarkably widespread employee non-compliance with corporate data security policies. The independent survey, entitled Data Security Policies Are Not Enforced, found that a significant percentage of the IT professionals surveyed have failed to comply with simple data security procedures in seven high-risk areas. The study reveals that noncompliance among IT practitioners is common even though IT professionals consider malicious or negligent insiders to pose the greatest threat to an organization's information assets. The underlying cause of noncompliance, according to the survey, is employers' lax enforcement of data security policies and employees' lack of "security awareness".
|