Understanding the Basics of Cybersecurity and Compliance

"Cybersecurity" is an extremely important topic, but most lawyers and business owners don't fully understand where day-to-day IT stops and where Cybersecurity starts. In business, Cybersecurity is often related to "GRC" - Governance, Risk, and Compliance - which is an enormous and intimidating topic best understood when it is broken down into its component parts. 

This program, taught by Danny Mizrahi, Founder and CEO of Contango IT, Co-Founder and Managing Director of GRSee, and Amy B. Goldsmith, Esq., Chair of the Privacy and Cybersecurity Practice Group at Tarter, Krinsky & Drogin, LLP, breaks down the basics of Cybersecurity and Compliance. First, they will review IT best practices and "Must-Haves" for any business of any size, and how these relate to Cybersecurity and Legal Compliance 101 (including the NY Shield Act and the California Consumer Privacy Act). Moving on from the basics, the program will help attorneys ensure that their business clients are safe, secure, and prepared for the legal and contract compliance issues that will inevitably arise as the business grows.

1. Achieve IT and legal “Must-Haves” for a business and discuss these topics with your clients
2. Detect popular security scams (spoofing and phishing)
3. Evaluate collection of personal data to minimize risk
4. Understand Multi-Factor Authentication and how it can be used to keep data safe
5. Use encryption throughout all of a company or law firm’s internal and external correspondence to ensure that they are read-only by the intended recipients 
6. Use behavior monitoring to ensure compliance with a company’s IT Policies and Procedures
7. Incorporate best practices to control and maintain a company’s software and hardware
8. Understand Vendor Requirement letters
9. Review 3rd Party compliance checklists
10. Update Privacy and Information Security Policies (NY Shield, GDPR, CCPA)
11. Review PCI/ISO/SOC Frameworks
12. Evaluate and purchase cyber insurance