Surety Bond Quarterly - Fall 2017 - 20

* Map your vendors and put contractual provisions in place, including requirements for the vendors
to have appropriate safeguards
in place to protect your data,
requirements for cyber liability
insurance,  and requirements to
indemnify you in the event of an
unauthorized access, use, or disclosure of your data (to name a few).
* Consider requiring high-risk vendors to complete a security questionnaire or audit before you agree
to send data to it.
* Involve your security team in the
review of all new vendor contracts
for any vendor that could present
an avenue of attack on your data
or systems.
Educate Employees
Employees are one of the largest
risks to an organization, particularly
in the wake of massive malware and
ransomware attacks.
* Implement an ongoing employee
engagement and education campaign, which includes face-to-face,
online, and physical education.
Evaluate Cyber Liability
Insurance Coverage
Use a broker with experience in
cyber liability insurance, as it is
rapidly changing.

* Different coverages are needed for
different risks, and litigation in this
area is defining coverage.
* Keep in mind insurance is to help
recover from an incident, not a
replacement for a business class
security program.
Engage Your Board
The company's board is ultimately
responsible for the security of the
company's data.
* It is crucial that the board be frequently apprised of the risk associated with data, educated about the
changing threat vectors, provided
recommendations for managing
the risk, and kept closely advised
of progress being made to protect
the data.
* Designate a Privacy and Cybersecurity Team to oversee the effort
going forward.
* The plan does not stop once initial
implementation of it is complete.
Consider designating a Privacy
Officer and Information Security
Officer whose responsibilities are
primarily protecting the company's
data. Others to appoint to the team
include a member of the C-Suite,
legal, communications, human relations, risk, compliance, information
governance, sales and marketing,
and operations.

* Once a basic data privacy and
cybersecurity plan is in place, the
team will continue to evaluate and
implement the processes and procedures, determine the assets to
be considered and used to protect
the data, triage security incidents,
recommend continued employee
engagement, and evaluate and
manage new risks that emerge. It is
an iterative process that should be
continuously addressed and supported by senior executives and
the board.
In the Winter 2017 issue of Surety
Bond Quarterly, part two of this
article will focus on what to look for
and provide specific questions to
ask and actions to take based on the
responses to them.
●
Linn F. Freedman practices in data
privacy and cybersecurity law and
complex litigation at Robinson+Cole,
where she is a member of the firm's
Business Litigation Group and chairs
its Data Privacy + Cybersecurity Team.
She focuses her practice on compliance with all state and federal data
privacy and security laws and regulations, as well as emergency data
breach response, mitigation, and
litigation. She also counsels clients
on state and federal investigations
and enforcement actions. She can
be reached at lfreedman@rc.com or
401.709.3353.
James Crifasi is Vice President
and Chief Technology Officer of
RedZone Technologies. He has over
19 years of information technology
(IT) security, architecture, and integration experience. He has worked
with business leaders to provide
global IT solutions in areas of CRM,
ERM, HRIS, and eCommerce and
has wide experience consulting for
banking and finance institutions,
specializing in effective network
security systems and high performance business systems. He can be
reached at jcrifasi@redzonetech.net
or 410.897.9494.
S.J. Cromwell of RedZone Technologies
was a contributing editor to this article.

20

SURETY
752917_Selective.indd
1

BOND QUARTERLY | FALL 2017

6/16/15 1:15 AM


http://www.selective.com

Table of Contents for the Digital Edition of Surety Bond Quarterly - Fall 2017

NASBP Upcoming Meetings & Events
2017–2018 Executive Committee
From the CEO: Advice for the Advisor!
How Can Construction Contractors Expedite Payment on Federal Contracts?
The Growing Importance of the Bond Producer in the Efficient Resolution of Claims
Practical Tools to Help Jump-Start Your Company’s Cyber Plan
Bond Agency Owners: The Hardest Part is Letting Go
New Software Selection and Implementation is not a Weekend Project
Is Canada Soon to Have Its Version of the Miller Act?
2017 NASBP Resource Directory
Surety Bond Quarterly - Fall 2017 - Intro
Surety Bond Quarterly - Fall 2017 - cover1
Surety Bond Quarterly - Fall 2017 - cover2
Surety Bond Quarterly - Fall 2017 - 3
Surety Bond Quarterly - Fall 2017 - 4
Surety Bond Quarterly - Fall 2017 - 5
Surety Bond Quarterly - Fall 2017 - 6
Surety Bond Quarterly - Fall 2017 - 2017–2018 Executive Committee
Surety Bond Quarterly - Fall 2017 - 8
Surety Bond Quarterly - Fall 2017 - From the CEO: Advice for the Advisor!
Surety Bond Quarterly - Fall 2017 - How Can Construction Contractors Expedite Payment on Federal Contracts?
Surety Bond Quarterly - Fall 2017 - 11
Surety Bond Quarterly - Fall 2017 - 12
Surety Bond Quarterly - Fall 2017 - 13
Surety Bond Quarterly - Fall 2017 - The Growing Importance of the Bond Producer in the Efficient Resolution of Claims
Surety Bond Quarterly - Fall 2017 - 15
Surety Bond Quarterly - Fall 2017 - 16
Surety Bond Quarterly - Fall 2017 - 17
Surety Bond Quarterly - Fall 2017 - Practical Tools to Help Jump-Start Your Company’s Cyber Plan
Surety Bond Quarterly - Fall 2017 - 19
Surety Bond Quarterly - Fall 2017 - 20
Surety Bond Quarterly - Fall 2017 - Bond Agency Owners: The Hardest Part is Letting Go
Surety Bond Quarterly - Fall 2017 - 22
Surety Bond Quarterly - Fall 2017 - 23
Surety Bond Quarterly - Fall 2017 - 24
Surety Bond Quarterly - Fall 2017 - 25
Surety Bond Quarterly - Fall 2017 - New Software Selection and Implementation is not a Weekend Project
Surety Bond Quarterly - Fall 2017 - 27
Surety Bond Quarterly - Fall 2017 - 28
Surety Bond Quarterly - Fall 2017 - 29
Surety Bond Quarterly - Fall 2017 - Is Canada Soon to Have Its Version of the Miller Act?
Surety Bond Quarterly - Fall 2017 - 31
Surety Bond Quarterly - Fall 2017 - 32
Surety Bond Quarterly - Fall 2017 - 2017 NASBP Resource Directory
Surety Bond Quarterly - Fall 2017 - 34
Surety Bond Quarterly - Fall 2017 - 35
Surety Bond Quarterly - Fall 2017 - 36
Surety Bond Quarterly - Fall 2017 - 37
Surety Bond Quarterly - Fall 2017 - 38
Surety Bond Quarterly - Fall 2017 - 39
Surety Bond Quarterly - Fall 2017 - 40
Surety Bond Quarterly - Fall 2017 - 41
Surety Bond Quarterly - Fall 2017 - 42
Surety Bond Quarterly - Fall 2017 - 43
Surety Bond Quarterly - Fall 2017 - 44
Surety Bond Quarterly - Fall 2017 - 45
Surety Bond Quarterly - Fall 2017 - 46
Surety Bond Quarterly - Fall 2017 - cover3
Surety Bond Quarterly - Fall 2017 - cover4
https://www.nxtbook.com/naylor/SBPQ/SBPQ0118
https://www.nxtbook.com/naylor/SBPQ/SBPQ0417
https://www.nxtbook.com/naylor/SBPQ/SBPQ0317
https://www.nxtbook.com/naylor/SBPQ/SBPQ0217
https://www.nxtbook.com/naylor/SBPQ/SBPQ0117
https://www.nxtbook.com/naylor/SBPQ/SBPQ0416
https://www.nxtbook.com/naylor/SBPQ/SBPQ0316
https://www.nxtbook.com/naylor/SBPQ/SBPQ0216
https://www.nxtbook.com/naylor/SBPQ/SBPQ0116
https://www.nxtbook.com/naylor/SBPQ/SBPQ0415
https://www.nxtbook.com/naylor/SBPQ/SBPQ0315
https://www.nxtbook.com/naylor/SBPQ/SBPQ0215
https://www.nxtbook.com/naylor/SBPQ/SBPQ0115
https://www.nxtbook.com/naylor/SBPQ/SBPQ0414
https://www.nxtbook.com/naylor/SBPQ/SBPQ0314
https://www.nxtbook.com/naylor/SBPQ/SBPQ0214
https://www.nxtbookmedia.com