You know that cybercrime is on the rise. And you know that it’s not a question but “if”, but of “when” your company will suffer a security incident of its own. However, every time you try to get your head around what you should be doing, it becomes overwhelming.

 

Between the lightning- fast changes in technology, and the complicated laws that always seems to be woefully trying to catch up, it’s enough to make even the most sophisticated business owner want to simply cover their eyes and ears and hope today isn’t the day.

 

We help simplify data privacy for our clients. We hate “legalese” and “tech-speak” When we talk Data Privacy, we talk to you in plain English that everyone on your team can understand. And when we help you plan for Data Privacy, we provide approachable, reasonable solutions that allow you to improve one step at a time.

  • Areas of Practice
    • • Business
    • <strong>Data Privacy and Cybersecurity Assessments</strong> Based on the NIST Privacy Framework and the NIST Cybersecurity Framework, we have a four-step process that helps you determine where your Data Privacy Program currently excels and where it needs work. Our "Four Steps to Improved Privacy Practices" include: <ol> <li>Identify your data</li> <li>Identify your legal requirements</li> <li>Identify your deficiencies</li> <li>Create a reasonable improvement plan</li> </ol> &nbsp; <strong>Written Information Security Plan Development</strong> Based on best practices from multiple Data Privacy Frameworks, we have the ability to generate, one, some, or all of you Policies and Procedures regarding Data Privacy and Cybersecurity, including: <ol> <li>Data Privacy General Provisions</li> <li>Data Protection Officer Policy</li> <li>Risk Analysis and Management Policy</li> <li>Sanctions Policy</li> <li>Asset Management Policy</li> <li>Hardware and Software Acquisition Policy</li> <li>Information Access Management Policy</li> <li>Education, Training and Awareness Policy</li> <li>Acceptable Use Policy</li> <li>Endpoint, Email &amp; Web Browser Protection Policy</li> <li>Network Security Policy</li> <li>Physical Security Policy</li> <li>Privacy and Security Incident Policy</li> <li>Business Continuity Plan</li> <li>Evaluation Policy</li> <li>Log Management, Vulnerability Scanning and Penetration Testing Policy</li> <li>Back-Ups and Disaster Recovery Plan</li> <li>Workstation Administration Policy</li> <li>Patch Management Policy</li> <li>Change Management Policy</li> <li>Data Encryption and Key Management Policy</li> <li>Bring Your Own Device (BYOD) Policy</li> <li>Configuration Standards Policy</li> <li>Remote Access Management Policy</li> <li>Sensitive Data Management Policy</li> <li>Document Retention and Destruction Policy</li> </ol> &nbsp; <strong>Outsourced Data Privacy Officer</strong> Having a plan is great. Having Policies and Procedures are also great. But who is keeping their eye on things to make sure the house stays in order? Our premier service, our Outsourced Data Privacy Officer service, includes: <ul> <li>Continuous Assessments</li> <li>Improvement Plan Development and Continuous Revisions</li> <li>Initial Drafting of Policy and Procedure Reviews plus periodic Review and Revisions</li> <li>Assistance Completing Vendor Assessments</li> <li>Assistance in Selecting Cyber Insurance</li> <li>Assistance in Security Solution Selection</li> <li>Security Vendor Management</li> </ul>
  • Attorneys in this Practice Area