Planning Your Cybersecurity Budget for 2022 | #computerhacking | #hacking


Episode Notes

Prevention is key when it comes to cybersecurity, and lawyers simply can’t afford to skimp on security technologies. Sharon and John talk with expert Sherri Davidoff about growing cyber threats and the changing nature of attack tactics. They discuss the impacts of these new developments on lawyers and law firms and chat about how to prioritize security measures, reduce your risks, and create a budget plan that addresses all your cybersecurity needs. 

Sherri Davidoff is a cybersecurity expert, author, speaker and CEO of both LMG Security and BrightWise, Inc.

Special thanks to our sponsors CaseFleet and PInow.

Transcript

[Music]

Intro: Welcome to Digital Detectives Reports form the Battlefront.  We’ll discuss computer forensics, electronic discovery and information security issues in what’s really happening in trenches.  Not theory, but practical information that you can use in your law practice; right here on the Legal Talk Network.

Sharon D. Nelson: Welcome to the 130th Edition of Digital Detectives.  We’re glad to have you with us.  I’m Sharon Nelson, president of Sensei Enterprises.  A digital forensics, cyber security and information technology firm in Fairfax, Virginia.

John W. Simek: And I’m John Simek.  Vice president of Sensei Enterprises.  Today on Digital Detectives; our topic is “Planning your Cybersecurity Budget for 2022.”

Sharon D. Nelson: Before we get stared, I’d like to that our sponsors; pinow.com and CaseFleet.

John W. Simek: Today, our guest is Sherri Davidoff, the CEO of LMG Security and author of the recently-released book, Data Breaches.  As a recognized expert in cybersecurity and data breach response, Sherri has been called a security badass by The New York Times.  Her professional experiences are featured in the book; “Breaking and Entering: The Extraordinary Story of a Hacker Called ‘Alien’.  Sherri is a GIAC Certified Forensics Examiner and Penetration Tester receiving her degree in Computer Science and Electrical Engineering from MIT.  Her new book on Ransomware Response will be available later this year.  As usual, it’s great to have you with us Sherri.

Sherri Davidoff: Thanks so much John and Sharon.  I can’t believe you’ve done 30 podcasts since we last talked.  You’ve been very productive.

Sharon D. Nelson: We work on that.  And of course, getting some of the best guests too, which we managed today.  So, let’s start out by talking about, — most of our audiences is lawyers of course; how much should law firms be spending on cybersecurity?  And I’m sure there’s a difference between the big guys and the little guys.

Sherri Davidoff: Absolutely.  I mean, I feel like you know the answer I’m probably going to say; which is, it depends.  And it’s all about a process and determining what level of risk you’re willing to accept, and how much do you want to spend on reducing that risk?  So, I break it down into four steps.  Number one, you have to know what it is you’re trying to protect.  How much data do you hold?  What type of data do you have?  Where is it?  Et cetera.  Most organizations skip that step and just sort of trying to create a security program based on like no specifics to start, and that’s really the foundation.  What is it that you’re trying to protect and where is it?  And then the second piece of this is understand your obligations.  You cannot fully understand your obligations until you know exactly how much data you have, and what type of data it is; because as you guys know, there’s different laws surrounding the regulation of information in all different states and different countries.  You guys are the attorneys, so I’ll let you chime in there if you want.  But the bottom-line is you have to understand what your legal obligations are, because you may need to put certain security protocols in place based on those obligations.  And, we often forget those contractual obligations.  I’ve seen so many times over the years that attorneys signed a HIPAA BAA 12 years ago, and you never really took the time to go through and sort out exactly how you’re going to implement that.  So, make sure you’ve fully understand all of your contractual obligations as well.  And once you have that foundation, create your risk management plan and price it all out.  I wouldn’t suggest just creating a risk management plan by coming up with you know, random technologies that sound good.  Instead, we should be using a checklist.  And our national government here in the United States has created the NIST Cybersecurity Framework for example, which is a controls framework, a list of recommended standards and things that you can do to control and manage your risk.  So, don’t reinvent the wheel, grab something like the NIST Cybersecurity Framework to use as your checklist, or whatever your controls framework is that you choose and think is best for your organization.  You are not going to be able to check every item in the controls framework, and that’s where risk assessment comes in.  So, understand what the big threats are, what the likelihood and impact would be if something bad happened, and then prioritize which controls you’re actually going to implement.  And then finally, make sure that you and all the leadership within your organization are comfortable with any residual risks that you’re not addressing.  So, that’s the four steps.  Know what you’re trying to protect, understand your obligations, create that risk management plan and price it out, and then make sure you’re comfortable with your residual risks.  And I want to conclude that by saying that one thing we do know is that cybersecurity spending is going up across the board here in 2021.  According to Gartner, cybersecurity spending is likely to increase about 12.4% this year.  So, that means worldwide, we’re probably going to hit $150.4 billion dollars.  And that’s because the risks of hacking have gone up and the damages have as well, attackers have been evolving more effective tactics, and as a result, we’re seeing huge losses because of it.

(00:05:01)

John W. Simek: That’s a great segue because ever since the pandemic, the work-from-home environment, all the stuff that’s going in the remote access, the attackers really changed the way their kind of going after business and going after the individual users, talk a little bit about that and what that would impact would be on the budget now that we’re in this kind of a different world, if you will.

Sherri Davidoff: Yeah, absolutely John.  I appreciate you connecting the dots there.  Because, really, we have to invest more because the attackers are getting more effective and they’re changing the way they attack.  There’s a couple really key changes in the attack landscape that everyone should understand.  First of all, criminals have gone through kind of an industrial revolution.  So, they have figured out how to make record amounts of profit.  You see these ransomware gangs with $5-million-dollar ransom demands, even CNA had a $40-million-dollar ransom payment earlier this year.  So, they’re making huge amounts of money and then they’re reinvesting it into their technology and they’re hiring employees, hiring contractors to help improve their processes.  Recently, the Conti Ransomware Gang leaked a playbook that shows they have instructions for any hackers on their staff and those instructions helped them leverage zero-day attacks, help them understand what kinds of information they should be going after when they’re hacking into an organization.  So, they’ve gotten very sophisticated, they’ve scaled up, they’ve undergone this industrial revolution and we need to invest a little bit more to protect against that.  And I’ve been focusing on ransomware; in fact, that’s the topic of my new book, “Ransomware Response and Prevention” because ransomware is a huge contributing factor.  Ransomware contributed to 41% of all cyber insurance claims last year according to March.  We’re seeing the ransomware gangs in particular reaching that new level of sophistication, they have franchise models, so we have ransomware operators that are creating the processes and the software and then allowing other organized crime groups to use that to attack people.  The other big change we’re seeing with ransomware gangs is that they are now targeting data theft and they’re not only holding organizations hostage by locking up all your files, they are now threatening to publish your data and your client’s data unless you pay a fee.  And as result, that is a very effective and scary tactic, they are able to exact higher dollar payments because of it.

Sharon D. Nelson: Well, that kind of brings us to something that we worry about a lot, and that is that most lawyers still don’t seem to know that they under an unethical duty to monitor for data breaches.  So, tell us how they can do more 

effective monitoring?  What does it mean?  Why is it so critical?

Sherri Davidoff: Yeah, thanks Sharon.  Effective monitoring is absolutely critical for detecting cyber infections; and also attacks that are in progress.  Antivirus is an important piece of – an important component of your cybersecurity program, but antivirus software absolutely will not catch everything.  In fact, here at LMG we have a laboratory and we like to go down to the dark web and actually purchase hacker tools and try them out in the lab and see that they do, and many of them literally have a check box that says “Evade antivirus?  Yes/no”.  In fact, that’s one of the features that they talent when you’re looking at hacker tools to buy on the dark web.  So, we know that they’re evading antivirus, they’re, in many cases, evading automated detection.  You really want to make sure that you have 24/7 network monitoring of your environment and this could be accessible even to small and mid-sized organizations.  Outsource it, do not expect your own IT staff to be sitting there 24/7 and monitoring because you have to make sure that you’re able to respond to it quickly as well.  We know that when hackers break into organizations, they are often dwelling, lurking in your network for anywhere from a few days to months, or sometimes, even years.  And sometimes, they’re also selling access to other cybercriminal gangs in that process.  And in that timeframe, they’re looking through your information, they’re spelunking for sensitive records.  Often, they’ll copy out huge volumes of data like your data repositories, they’re also specifically going after your cyber insurance coverage information because they want that when they’re negotiating.  At LMG, when we negotiate ransom payments, often we find that the criminals will settle for just under the cyber insurance coverage limit because they have a copy of that policy.  They also understand your finances, they’ll be looking for your P&L your balance sheet, things like that so that they understand how much of a ransom demand you could potentially afford.  So, they’re armed with all that information because they are dwelling in your network searching through it and finding things that are useful to them.  That also gives us an opportunity to detach them and you want to detect them while they’re dwelling in there.  So, make sure you have a monitoring service, you might also want to consider threat hunting; this is where an experienced professional actively goes into your network and hunts for threats.  At LMG we specialize in this and it is shocking the number of times that we find a threat and are able to avert a crisis, prevent that actual ransomware attack from happening because we’re able to remove the malware before it really metastasizes into that full-blown crisis.

(00:10:08)

John W. Simek: Let’s take that a little farther Sherri and let’s talk about prevention.  In some of the security technologies that are available for users today and firms and businesses, in which ones do you think that they should have in place to help kind of maybe put some buffer there against – and block these cyber-attacks?

Sherri Davidoff: Yeah.  Well, this ties into your earlier question about attacker tactics.  So, what are the top ways that attackers are actually breaking into organizations, we have some very good statistics on this.  We know that; number one, they’re getting in through email phishing, so, you click a link in a phishing email, your computer gets infected.  Number two, they’re getting in through remote log in interfaces, and this is huge, especially during the pandemic when a lot of people just fired up remote desktop that allows attorneys to log in remotely from wherever they are.  Unfortunately, criminals can also potentially log in remotely as well.  They can either try to hack into that log in interface if it’s available on the internet, or if they’ve stollen your password, a lot of times they can just log in using that password.  We see a ton of attacks including ransomware attacks that happen all because of one little stolen password.  And then there’s software vulnerabilities; that’s actually a distant third; most of the time it’s email phishing and then remote log in weaknesses using those stolen credentials.  So, in order to defend against email phishing; number one, you got to conduct training regularly, you need to deploy spam filtering and then you need to make sure your systems are patched so that if someone clicks on a bad link, your computer isn’t vulnerable.  That remote log in issue is actually a little bit trickier.  The first thing you can do is just prevent remote log in interfaces from showing up on the internet to begin with, use a VPN or some other method; but another piece o the issue is the fact that people are reusing passwords.  So, many of us, we’re not designed to remember passwords.  I don’t know about you guys, I hate passwords.  So, I’d rather not use them if I didn’t have to and it’s nice that we’re seeing biometrics and other things.  But in the meantime, the human brain is not designed to remember a zillion passwords with numbers and letters and squirrel(ph) noises and this and that.  Unfortunately, hackers know that people reuse passwords across a lot of different sites.  If they steal your Twitter password, they will try using it in your bank account at work and all kinds of other places and they know that you might put a 1 at the end or change 2019 to 2020 or summer to fall or whatever, and they have automated tools that will try variations on a stolen password.  So, they might get a stolen password from a data breach or from a phishing attack against you, or maybe they’ve grabbed it from a file on your computer, if they infected your system.  The bottom-line is they’ve got passwords.  Researchers have found that there are at least 15 billion stolen passwords available on the dark web; so, they’re out there.  And once your password is stolen, the criminals try it, and they will just log into your accounts.  So, assume that your passwords will be stolen.  And that gets us to the answer to the question you just asked which is that “What technology should we invest in?”  Number one, multi-factor authentication.  Password theft is a “when”, not an “if”.  Assume your password is out there and you use multipole methods to verify your identity before you log in.  So, you might have a password and an app on your phone, that is fantastic, or a little fob you plugged in to your computer.  Use a unique password for every account and I don’t know John, does that give you a little heart attack when I say that?

John W. Simek: No.  I think the last I looked at my password manager, I’ve got like 880 different records in there, so you’re right.  There’s no way I can remember that.

Sherri Davidoff: Well, you just said the magic words; that’s right.  You were using a password manager because we know the human brain isn’t designed for this.  and that’s why you’re all cool and calm about it.  But if you don’t have a password manager, the idea of having 880 different passwords into your head is crazy.  So, that gets to the next piece which is use a password manager.  Guys they are cheap, in some cases, they’re free.  I don’t know, do you want to share what your password manger is?

John W. Simek: I use eWallet.

Sherri Davidoff: Very nice, and I like LastPass, there’s also Dashlane; there’s lots of good ones, they’re inexpensive, they will remember your passwords for you, they will actually fill them in for you too so you don’t have to type and it makes it a lot less likely that they will be picked up by attackers in the event that your computer was infected.  So, really great idea to use a password manager. Those are my top technologies to invest in.  Multifactor authentication and password managers. 

John W. Simek: Yup, I’m with you.

Sharon D. Nelson: You mentioned already, of course, that employee training is critical and I couldn’t agree more, I know we both do some of that.  But how do law firms budget for an effective cyber security training program?  That seems to be a hard sell for some of them.

Sherri Davidoff: It is.  And it’s such an important piece of the puzzle because you deploy amazing technologies, multifactor authentication is a great example.

(00:15:00)

But if a hacker tricks someone into clicking a link, then that’s all for naught.  So, step one is to know who it is you’re training, we need to train employees, but you might also consider training clients, communities, it’s a perfect topic for a lunch and learn or a webinar.  Clients usually appreciate that kind of training and your risk in part depending on them.  If a client sends you an infected file and attorney opens that, you can be infected in turn.  So, we’re all connected.  So, know exactly who it is that you want to train, and then think about the frequency.  Most organizations today do some kind of annual cybersecurity training which is great, but that’s not enough to keep security top of mind year-round.  Instead, you want to consider doing training at least monthly or on demand.  I love on demand, and I think since people have started to do work from home and have more flexible schedules, it’s a really great option for people.  The ballpark dollar amount that you can budget for on demand regular training is anywhere between $10 and $30 per head per year, which is a pretty reasonable amount considering the protections that it affords you.  Your human firewall is really important.  You might also want to consider specialized training for key roles.  But that’s kind of a ballpark, you may want to have training specifically for your IT staff, specifically for HR or for anyone that handles very sensitive information or you know, make it a CLE and train your attorneys.  But for that monthly on demand stuff, $10 to $30 per head is a pretty common range. 

Sharon D. Nelson: And you’re quite right that it will get CLE credit in every state that we’ve ever applied for it, so that’s another bonus for the lawyers.

John W. Simek: Well before we move on to our next segment, let’s take a quick commercial break.

Sponsor: Does your law firm need an investigator for a background check?  Civil investigation, or other type of investigation?  PInow.com is a one-of-a-kind resource for locating investigators anywhere in the US and worldwide.  The professionals listed on PInow understand the legal constraints of an investigation; are up-to-date on the latest technology, and have extensive experience in many types of investigation; including workers’ compensation and surveillance.  Find a pre-screen private investigator today.  Visit www.pinow.com.

Sponsor: What could be more important than knowing the facts of your case inside and out?  CaseFleet’s powerful software makes it easy to create a chronology of each case and to track the evidence for each fact.  With an intuitive interface, full text search and built-in document review, CaseFleet makes fact management easy.  Sign up for a 14-day free trial at casefleet.com/digitaldetectives and get 10% off your first subscription.

Sharon D. Nelson: Welcome back to Digital Detectives on the Legal Talk Network.  Today our topic is “Planning Your Cybersecurity Budget for 2022”.  Today, our guest is Sherri Davidoff, the CEO of LMG Security and author of the recently-released book; “Data Breaches”.  As a recognized expert in cybersecurity and data breach response, Sherri has been called a security badass by The New York Times.  I’m kind of jealous that you got that title, I wanted that one Sherri.  And look for her new book coming out soon on ransomware response called Ransomware and Cyber Extortion: Response and Prevention.

John W. Simek: So, Sherri, let’s pick it up again and say – for our listeners, how about a little free advice?  What can they do – what do they do if they get actually compromised?  If they get hacked?  How can they keep those cost that cyber incident down?

Sherri Davidoff: Yeah, great question.  Actually, before I jump in, Sharon, you are my favorite badass attorney by the way.

Sharon D. Nelson: Okay, thank you.  I feel much better now.

Sherri Davidoff: But yeah, the last thing you want is unplanned expenses that aren’t in your budget, right?  So, we really want to think about how do we keep the cost of a cybersecurity incident down?  You can’t prevent everything.  Early detection is key, and again, that investing in monitoring, think about who is monitoring your environment, both the cloud and your local network environment, and how when to know if something bad happened.  According to fire rise(ph), 76% of all ransomware attacks happen after-hours and on the weekends.  So, you may not even discover it.  And I’ve seen quite a few attorney-hacking cases where they’re going to hit you on a Friday evening and you’re out for the weekend and you don’t find out until Monday morning and all the damage is done at that point.  So, early detection is absolutely critical.  You want to nip it in the bud ideally before anything major happens.  Find out that a computer is infected right away, ideally within minutes and then hopefully you can prevent the attackers from actually stealing anything.  Invest in that monitoring and feel free to drop me a line or LinkedIn or anywhere if you have any questions about that.  Also, you want to make sure that you have a fast response.

(00:20:04)

You want to make sure you know who you’re going to call in the event that you have an incident, you don’t want to be struggling, thinking about “Who am I going to call?” and “How much is it going to cost?”  It’s a good idea to have an incident response retainer in place with an organization that’s familiar with your environment or at least you’ve taken the time to have a conversation or two with them in advance.  And make sure you understand your cyber insurance coverage and you know that your response vendor is going to be approved by your cyber insurer if you have that, and that you are working with an experienced cyber security attorney or data breach attorney so that they can guide the investigation.  It’s wise to conduct tabletop exercises ahead of time.  That’s where you sit around the table and you have an experienced professional guide you through a scenario.  These are absolutely invaluable.  I’ve done a zillion of them, I’m sure Sharon and John, you probably have as well, and you always find communication gaps or unexpected differences in expectations.  Like the CIO where a partner thinks “You should call me at 2:00 in the morning if we think we’ve been hacked.”  And you IT folks say “Oh, I didn’t know you wanted to be woken up at 2:00 in the morning.”  So, do those tabletop exercises so that everybody knows what to expect.  And of course, back to cyber insurance, it can absolutely help cover the cost of any incident.  So, know your coverage, understand your sublimits, make sure you get approval for any remediation work that you do or any response work from your cyber insurer in order to make sure that it is covered.  And your cyber insurer can also provide risk reduction services as well as training.  So, take advantage of those perks if you can.

Sharon D. Nelson: Well, it was only today Sherri that I had a chance to read your wonderful article on your website.  How to find ransomware, cyber insurance coverage in 2021.  And as I told you before we got started on this podcast, I liked it so much, I’ve already written a blog that’s going to go up tomorrow in my Ride the Lightning blog. So, thank you very much for all that useful information and maybe we can convey just a little about it here because people need to understand the role of cyber insurance and of course as lawyers have discovered to their dismay, the costs are going up by 30% to 40% this year, and they are just reeling because they’re paying more and they’re getting less.  So, would you expand on that?

Sherri Davidoff: Absolutely.  And I really appreciate you taking the time to read that because that article was a labor of love and I felt really fortunate that I got to get that information from the horse’s mouth, I had the opportunity to interview underwriters and key executives within insurance organizations who shared their insight perspective.  But, what’s important to understand about cyber insurance is it’s not just about covering costs.  Some of where cyber insurance comes into play is services.  In fact, services is the name of the game when it comes to incident response.  So, when you think you may have had a cyber incident, one of the first entities to call is your cyber insurance company because they have access – or many of them have a breach response team that’s available for you.  So, you might be assigned a breach coach which is a specialized attorney who has the experience to guide the investigation.  They can connect you with an instant response team, all this can happen very quickly.  They also have contracts in place for call center services, for public relation services and all this can happen on a dime so that you are not scrambling in an instant to figure out who’s going to help you.  This is especially critical for small to mid-sized organizations or solo practitioners because you probably don’t have your own security staff on call 24/7.  You really want to outsource to the experts who are handling incidents like these day in and day out.  So, that’s the first thing to remember about cyber insurance, it’s not just about the financial coverage, it’s also about services that can reduce the damage to your organization and help get you back on your feet more quickly.  So, with that in mind, it has been an eye opener this year for many companies that are trying to get insurance coverage and all of a sudden find out they can.  Many organizations suddenly are getting denied coverage from their insurer or they’re finding that their rates are rising 50% or more; and at the same time, as you said Sharon, you’re getting less for more money.  We’re seeing sublimit, particularly on ransomware coverage.  You might think you have a million-dollar policy, but you’ve been hit with ransomware and all of a sudden you only have $250,000 of coverage.  So, the details in this matter, we’re also seeing co-insurance where you pay 20%, they pay 80% and those costs can add up really fast.  So, how do you qualify for great cyber insurance coverage with some of these providers that actually offer services?  Well, I can tell you exactly what they’re looking for because they shared it and it was pretty much the same across the board.  Multifactor authentication is number one.  Everyone in your organization needs to have multifactor authentication continently deployed across the board.  And I can’t tell you how many times we see almost everybody has multifactor or some people do and some people don’t; but a partner doesn’t want to have it or a key executive doesn’t want to have it and you know what?  They’re the ones who are going to get hacked.

(00:25:03)

And once you have like an email, a business email conference case, where email gets downloaded, you can’t put that genie back in the bottle.  All of those emails are out there.  So, multifactor authentication is absolutely key and that’s what they want to see for qualifying for these policies.  Second is restricting remote log in interfaces.  A lot of times, insurers are actually scanning prospective insureds, even sometimes without you knowing it to see if they have any open remote login interfaces accessible and that will affect whether or not you can even get insurance coverage and it may also affect the cost.  So, make sure you don’t have any remote log in interfaces showing up on the internet, they want to see that you’re patching your systems regularly and that you have effective monitoring and detection in place.  So, those are the top things that I heard over and over from insurers, and it makes sense because its in line with those key ways to reduce your risks.  They recognize that if you are a higher risk, they’re going to pay out more money.  And so, it’s really a win-win if we all implement these technologies.

John W. Simek: So, Sherri, what about the cloud?  Using the could for data storage and email?  You know, email cloud services.  Does that improve the overall security for folks?

Sherri Davidoff: It absolutely can because cloud providers have the ability to introduce security features that might not be available to you in your local environment.  So, make sure that you’re leveraging these advanced security features.  For example, Microsoft Office 365 and Google offer some great ways to categorize your information, to classify it, track it, detect any threats in your environment, you just have to turn it on.  In some cases, there’s an additional cost, but in some cases, there isn’t.  So, take advantage of it.  And also make sure to use multifactor authentication on all of the could apps you use.  If a could application does not offer MFA, walk the other way and find a vendor who does offer multifactor authentication because it’s absolutely incredible.

Sharon D. Nelson: So, one of the questions we hear all about the time from lawyers is “Why is security so darn expensive?”  And they don’t use the word “darn”.  But maybe you can give them a bit of an answer.

Sherri Davidoff: Well, the number one reason is because we store much more data than we need.  So, think about all the data you have, data creates risk.  I like to think of it as hazardous material; the more hazardous material you store, the more money you need to invest into controlling it properly and the more risk you have.  So, one of the simplest and most effective and cheapest things you can to reduce your cyber security risk is start deleting that data.  For example, put a retention time on your email and I know that probably gave half your audience a heart attack just saying that, but it will cheaply and quickly reduce your risk of having a data leak; or at least, if you’re going to store a lot of sensitive data, you know, take it, archive it, and store it offline so it’s much less likely to be breached.  Most people underestimate how much data you have.  Often, you have multiple copies of information.  So, Sharon, if I send you doc and I have a copy of it, there’s a copy of it up there in the cloud, you might have a copy of it on your local computer, now I have three copies of the same data which all can be leaked.  So, think about storing information centrally, setting a time and deleting it, you know, we’re all data hoarders, we just kind of need a little security therapy to get over that and start cleaning things out.  The other reason that security is so expensive is because we are 150 milliseconds away from every psychopath on the planet.  So, unlike in the real world, any attacker can rattle your virtual doorknob and that’s a piece of the problem as well.  We want to reduce our attack surface, reduce those extra log in interfaces and try to centralize as much as we can.  And then the last reason is that cyber security is really new, it’s just not really integrated into our processes yet.  So, if you think about here in the real world, you don’t have to invest a ton in security to feel secure and to be secure.  We have police walking the streets, we have effective laws in our society that for the most part, to turn crime.  We have regulations like health inspections for restaurants so you don’t have to worry about being poisoned, that’s a piece of security.  So, that means we don’t individually have to invest a ton of effort or know a lot in order to feel secure in our day to day lives.  But we don’t yet have that security foundation in cyberspace.  I do think we will get there though.

John W. Simek: So, Sherri, last question for you.  Can you tell our listeners what your top takeaways for cyber security budgeting are?

Sherri Davidoff: Absolutely.  Here are the key takeaways; make sure you prioritize technologies that reduce risk quickly and effectively like multifactor authentication password mangers.  Know what information you’re trying to secure, and delete the data you don’t need.  Deleting data will instantly reduce your risk.  Invest in early detection, invest in monitoring, don’t skip that step, it’s really important.  And then finally, make sure you have a good plan for what happens when you get hacked.  It happens to the best of us and you don’t want costs that are outside your budget.

Sharon D. Nelson: Well, we want to thank you for being our guest today, Sherri.  This was just a podcast jam-packed with useful information.  So, for the record, I want to state that not are you only a cyber security badass, but an incredibly fast-talking cyber security badass.  We got about three times the content in the usual 25 to 30 minutes.

(00:30:17)

Sherri Davidoff: (00:30:18) don’t have time to waste, you bill by the hour, we got to get it all in.

Sharon D. Nelson: That was just awesome.  Thank you for being our guest.

Sherri Davidoff: Thank you so much for having me, always a pleasure Sharon and John.

John W. Simek: That does it for this edition of Digital Detectives; and remember, you can subscribe to all the editions of this podcast at legaltalknetwork.com or in Apple Podcast.  And if you enjoyed our podcast, please rate us on Apple Podcast.

Sherri Davidoff: And you could find out more about Sensei’s digital forensics, technology and cyber security services at senseient.com.  We’ll see you next time on Digital Detectives.

Outro: Thanks for listening to Digital Detectives on the Legal Talk Network.  Heck out some of our other podcasts on legaltalknetwork.com and in iTunes.

[Music]

 

Podcast transcription by Tech-Synergy.com





Original Source link




Leave a Reply

Your email address will not be published. Required fields are marked *

seventy one − = sixty six