cyber security

I'll be at the Law Firm Management Conference... will you?

 August 16-17, 2019 The Resort at Squaw Creek  Olympic Valley, CA 

  • Educational Programs by Legal Industry Leaders 

  • National Trends Affecting Firm Productivity & Profitability 

  • Leadership Training 

  • Law Firm Breakout Sessions 

  • Networking with Colleagues 

  • Social Activities for the Family 

 The Association of Defense Counsel of Northern California and Nevada (ADC) invites you to join other law firm leaders (present and future) on August 16-17 for a world class law firm management conference on the Management of the Modern Law Firm at a world class destination – The Resort at Squaw Creek. 

This seminar is tailored to current and future law firm leaders. This year we are pleased to offer dynamic speakers for interactive sessions in the areas of marketing, branding, leadership, work/life balance, IT and cyber security, sexual harassment training, and the invaluable law firm survey. Network with colleagues and obtain specialty credits for the sexual harassment training (which is mandatory for all employers with over five employees) and possible specialty credits for the work/life balance sessions. This is a perfect opportunity to engage future law firm leadership! 

Did we mention the destination! The Resort at Squaw Creek is family-friendly and provides the perfect atmosphere to kick back and enjoy the resort with your family, friends, and colleagues. Take a trip to the Olympic Village, play a round of golf (or two!), and hang out at the pool. 

How Your IT Security and IT Insurance Work Together 

Speakers: George Passidakis, Scott Putnam, and Kevin Sullivan 

Law firm cybersecurity is no longer an obscure topic of the past. It is here and will forever be a part of the law firm landscape. Are you protected? Are you meeting the requirements of your cybersecurity insurance? Where insurance can and cannot help. What measures do you have in place? Learn from industry leaders in this interactive 

Interested? Visit to register.

Are You Too Small to be Hacked?

"Nobody is going to hack me.  I'm too small to be noticed." - Small Business Owner

Yes, you're right, Ms. Business Owner.  You are not ultimately the target.  TARGET(the corp) is the Target.

In fact, that's what happened:  a contractor who did work for a TARGET store was hacked and the hackers waited for that contractor to access the payables system to submit their work invoice.  BOOM, TARGET is hacked.

But they came through you, Small Business Owner, because you thought:

"Nobody is going to hack me.  I'm too small to be noticed."

GDPR is a big hubbabaloo about Gov't requirements to protect data.  Read about that HERE and grab the free resources

Adding Cyber, Tech E&O to your insurance is easy.  Getting sued by your own customer because you let a hacker into them, through you, is hard.

That's because you're not Nobody.  You're just small enough to hack into...

Data Privacy and You

From our good friends at RPS: The European Union has enacted a comprehensive and far-reaching data privacy initiative, (GDPR). It contains massive penalties for noncompliance and is set to go into effect soon.

What do the initials "GDPR" stand for?

"General Data Protection Regulation" (

My Clients are all based in the United States. Do we care about this?

Yes.  Even if the company does not have a business in the EU, the regulation can apply if:

  • The business offers goods or services to EU subjects regardless of whether payment is required.
  • The business monitors the behavior of EU subjects. (Clicking on social media links, analyzing marketing likes/dislikes)
  • The business stores and holds the personal data of EU subjects.

Can you give me a quick idea of what this new law is about?

The GDPR unifies data protection laws for “Personal Data” across the European Union with the intention of strengthening privacy rights of consumers. It imposes hefty fines on companies that don’t comply. The GDPR has many requirements, but here are the primary ones:

  • The personal data you collect must be "minimized, accurate and portable".

  • You need to obtain informed consent from a EU consumer before collecting, storing or using their personal data.

  • Their personal data must be “provably deleted” if the consumer so chooses.

What does the new law consider "Personal Data"?

  • Name
  • Address
  • Photo
  • Email Address
  • Financial information
  • Healthcare information
  • The law also includes data that could indirectly identify an individual (racial or ethnic origin, political opinions, religious beliefs, etc.)

Who is affected?

Any US business that offers goods or services to customers in the European Union or holds any personal data on European Union subjects.

When does this new law take effect?

May 25, 2018

What does GDPR say a business must do if they are the victim of a data breach?

The GDPR requires that companies notify individuals of a breach of their personal data. Notification must include:

  • The name and contact information of the company’s data protection officer
  • The anticipated consequences of the breach
  • Any measures taken by the company to remedy or mitigate the breach


What are the penalties if a US business doesn’t comply with GDPR?

Monetary penalty is 20 Million Euros or 4% of a company’s annual revenue, whichever is greater.


What should US businesses do now?

Here is a great resource: And - if your client has not purchased a comprehensive Cyber Liability policy for their business, they should be doing so now. If they have purchased Cyber Liability, please ensure that the carrier is covering GDPR fines/penalties.

If you want a "white knight" assessment of you cyber security, contact Kevin and he'll set you up with a security audit.