Information Security

 View Only
  • 1.  Data Breach / CyberAttack with Third-Parties

    Posted 01-17-2020 11:27 AM
    I am interested in finding out if anyone has developed an incident report that you use when a third-party has reported to you that a cyberattack/data breach has hit their systems?  Is there a checklist you use to ensure that they have communicated to your customers, have put the proper controls in place to ensure future attack doesn't happen, etc?  With the Data Privacy laws, new CyberSecurity laws coming in place and more and more reports in the news, I'm curious on how others are handling the audit/monitoring/reporting of these type of events.

    Thank You


  • 2.  RE: Data Breach / CyberAttack with Third-Parties

    Posted 01-24-2020 11:15 AM
    Has anyone had to deal with a Third-Party Data Breach that they have had to respond?  What questions and documentation are you documenting?  We have an Incident Response Plan in place and we have questions, but I'm checking with others to see if ours is adequate especially enlight of the cyber security acts/laws coming in play now within the states.

    Thank you


  • 3.  RE: Data Breach / CyberAttack with Third-Parties

    Posted 01-27-2020 08:08 AM
    We have sadly. We typically have the vendor send us an incident report within 24-48 hours (per our contract) and then coordinate with Legal and Communication teams to handle the reporting to the regulator and communication to customers. 
    Often we find the initial report is not enough for our regulator reporting so we have a call with the vendor and then Legal keeps the documentation. 
    Kerry
    --
    Kerry Klewer
    Operations Compliance and Strategy Manager