COMMON SENSE TIPS TO PROTECT YOUR COMPANFROM A DATA BREACH

News reports of data breaches have become commonplace. Hersuggestions you should consider taking now, before your businessvictim. The list is not exhaustive and each business may need tounique situation differently:

1. Know What You Have. In a written document availmanagement, identify and inventory all physical devices ayou have, including equipment (leased or owned) that yoffsite. Also, list all software platforms and applicatiooperations, specifying the versions used and on whichequipment the software is being used.

2. Identify Sensitive Information You Store Electronicallyinformation includes personal identifying information conccustomers, vendors and employees, and confidential inforstore concerning intellectual property, your outside vendoparties. Know if and how all information is encrypted apoint(s) in the business process.

3. Know What Your Computer System Controls. Dependbusiness, your computer system can control not onlyinformation, but your company’s (and possibly, clients’) insystems. This can be a high risk area, particularly if yoinvolves manufacturing, as someone from the outside couldof your machinery and cause production problems.

4. Restrict Access. Access to confidential informationrestricted. Know which of your employees and non-empaccess, and what they have access to. For such peopappropriate written agreements with them to limit your"internal" breaches.

5. Assess Your Legal Obligations. Consider, among other legafollowing:

Do you have the right to collect and retainconcerning your customers, vendors, business pemployees?

Are there legal restrictions on your ability to useyou obtain from your customers, vendors, busineand employees?

What are your legal obligations to protect the infohave obtained from your customers, vendors, businand employees?

400 Garden City Plaza, Garden City, NY 11530 | Tel (516) 873-2000 | Fax (5450 Seventh Avenue, 15th Floor, New York, NY 10123 | Tel (212) 239-2000 | Fax (6

www.moritthock.com

July 2014

Y

e are a fewbecomes aaddress its

able to keynd systems

ou maintainns used in

pieces of

. Sensitiveerning yourmation you

rs and thirdnd at what

ing on youraccess to

frastructureur businessgain control

should beloyees havele, considerexposure to

l issues, the

informationartners and

informationss partners

rmation youess partners

16) 873-201046) 688-6096

6. Determine How Your Outsourced Functions Are Dealing WithCybersecurity Risks. You may be liable for any breaches to youroutsourcing partners’ networks. If you have outsourcing partnershandling any data concerning your customers, you should inquireand/or audit their systems to assure that they are using best-business-practice procedures in securing your business data in their systems.

7. Create a Risk Management Strategy. Management must: Prioritize what is the most important information in your

company's computer network; Implement appropriate technical, administrative and other

controls; and Prepare a response plan in the event of a breach (note that

development of these protocols requires the commitment ofupper management; in most cases, it will be insufficient tosimply hand the issue off to your IT Director).

8. Create A Network of Relationships With Experts Now. Time is of theessence following a serious data breach. You can respond more quickly,cheaply and effectively if you already have relationships with expertsyou can call and who will respond quickly.

9. Create A Written Cybersecurity Policy. Such a policy should identifywho has access, and what those persons are authorized to do with datain your network, and what should be done if a breach is suspected ofhaving occurred. Each employee and outsourcing partner should begiven a copy of these policies and procedures.

10. Determine Your Insurance Needs. Traditional business insurancetypically does not cover losses from cybersecurity breaches. Numerousinsurance carriers offer cybersecurity policies. These policies vary andyou should determine what insurance coverage is best for yourcompany’s needs.

At Moritt Hock & Hamroff LLP, our cybersecurity practice group is available toassist you proactively on strategies to reduce the risk of harm due to a breach, tocomply with industry "best practice" standards, and to respond appropriately inthe event that a breach occurs.

This Alert is published solely for the interests of friends and clients of Moritt Hock & HamroffLLP for informational purposes only and should in no way be relied upon or construed aslegal advice.

598203v1

Moritt Hock & Hamroff LLP is abroad based commercial lawfirm with more than 55 lawyersand a staff of paralegals. Thefirm's practice areas include:alternative dispute resolution;commercial foreclosure;construction; corporate,securities & financial services;creditors' rights & bankruptcy;cybersecurity; employment;equipment & vehicle leasing;healthcare; landlord & tenant;litigation; marketing,advertising & promotions; not-for-profit; real estate; surety;tax; trademarks, patents & otherintellectual property; trusts &estates; and white collar defense,government investigations,compliance & internalinvestigations.

This Alert was written by KeithS. Braun, Steven S. Rubin and A.Jonathan Trafimow.

Mr. Braun, of counsel with thefirm, concentrates his practice inall aspects of corporate andsecurities law.

Mr. Rubin, a partner with thefirm, chairs the firm's patentpractice and co-chairs itscybersecurity practice. Mr. Rubinconcentrates his practice on allphases of patent-relatedmatters, both domestically andinternationally.

Mr. Trafimow, a partner withthe firm, chairs the firm'semployment practice and co-chairs its cybersecurity practice.Mr. Trafimow representsemployers in all areas ofworkplace discrimination,retaliation, harassment and civilrights claims, and class actions.He also routinely advisesemployers on compliance withlocal and federal employmentlaws and regulations.

Any questions concerning thematters raised in the Alertshould be addressed to Mr.Braun, Mr. Rubin or Mr.Trafimow. They can be reachedat (516) 873-2000 or by email atkbraun@moritthock.com,srubin@moritthock.comjtrafimow@moritthock.com