Advice for Law Firms from a Data Breach/Privacy Lawyer

Episode Notes

Transcript

[Music]

John W. Simek: Welcome to Digital Detectives, reports from the battlefront.  We’ll discuss computer forensics, electronic discovery and information security issues and what’s really happening in the trenches.  Not theory, but practical information that you can use in your law practice.  Right here on the Legal Talk Network.

Sharon D. Nelson: Welcome to the 139th edition of Digital Detectives.  We’re glad to have you with us.  I’m Sharon Nelson, president of Sensei Enterprises.  A digital forensics, managed, cybersecurity and managed information technology firm in Fairfax, Virginia.

John W. Simek: And I’m John Simek, vice-president of Sensei Enterprises.  Today on Digital Detectives, our topic is Advice for Law Firms from a Data Breach Privacy Lawyer.  Today, our guest is Beth Waller, as chair of the Cybersecurity and Data Privacy Practice at Woods Rogers, best practice is fully devoted to Cybersecurity and Data Privacy.  Clients ranging from local government and state agencies to mid-market firms and fortune 200 companies depend on Beth for advice and counsel.  Her clients banned industries such as banking, healthcare, manufacturing, high tech and energy.  Best credentials in the field are extensive.  She is a certified privacy law specialist by the International Association of Privacy Professionals, which is accredited by the American Bar Association.  In addition, she is a Certified Information Privacy Professional with expertise in both U.S. and European Law and a Certified Information Privacy Manager, also from the IAPP.  It’s great to have you with us today, Beth.

Beth Waller: Thanks, John and Sharon.  I’m so excited to be here.

Sharon D. Nelson: Well, let’s start, if you would, by telling us a little about what your daily work day looks like, Beth and in your answer, please do tell us the exciting news about your firm’s upcoming merger.

Beth Waller: Our firm just announced that we are merging or have merged as of July 1 with Vandeventer Black.  So, we are now Woods Rogers Vandeventer Black and now have over 130 attorneys across five offices.  So, we’re super excited to have those teammates joining the mix and excited to continue to expand our service offerings to the clients.  Now, with regards to my day to day, I imagine, Sharon, it’s much like you and John’s Day to day, and that is unpredictable, right?  In the Cybersecurity.  Any given day can be a little bit wild you start your day thinking it’s going to be one thing and then you receive a telephone call that sends you in a different direction.  So, I am a Cybersecurity Data Privacy attorney and 100% of my practice is Cybersecurity and Data Privacy.  And so, I like to refer to those as kind of two different buckets or two different sides of the house.  You’ve got the Cybersecurity incident response side of the house and also preparedness, assisting with cyber insurance.  And then, you have the privacy side of the house, which can deal with many things related to privacy compliance, but those things kind of intersect, especially in regards to data incidents and needing to give notifications, you end up in the realm of data privacy regulations.

Any day is a little bit different, and I love it because it is challenging.  I can begin the day thinking that I’m going to be working on a client’s $50million cyber insurance application with them. And in the day, in the midst of a major ransomware event for a county or a local government, you just never know.  And it does make scheduling lunch with me a little bit challenging, as my friends will tell you.  I’m constantly having to say, I’ll catch up with you another day.  But I love what I do, and I love helping clients in crisis and also the difficult problems that we get to solve as Cybersecurity professionals in the field as I’m sure you and John see on a day-to-day basis, it’s a lot of fun.

Sharon D. Nelson: It is.  And we say the same thing.  We say we run a firehouse minus the dalmatian.

Beth Waller: That’s right.  I love it.

John W. Simek: Well, Beth, we’ve seen some recent studies that show that more than 70% of people really have no idea who they should be talking to, who they should be contacting, who the first contact would be after data breach.  Now, Sharon, I always say in our CLEs that the first person they should call is their data breach lawyer, somebody like you.  And if so, do you agree with that?  And if so, why is that so important or what’s your opinion of that?

Beth Waller: I think that that is incredibly important.  And I like to say that it’s not just because it’s like the Lawyers Employment Act that you want to have the lawyers, that we’re self-serving insert your lawyer joke.  Right, Sharon?  But, no, it’s because our one superpower that we bring to the mix is that we bring the attorney-client privilege, and that begins cloaking the investigation.  And so, I tell clients that much like if you had a major catastrophe where you had a major fire or a workplace death, if you were a manufacturing facility, for example, you would call the lawyers right away.

(00:05:00)

You would say, what’s going on?  You might call the fire department, maybe first to your fire department comments before, but you call the lawyer.  And I think that people need to be in that same mindset about a Cybersecurity incident.  The reason is that as soon as I get deployed, my kind of immediate job is to begin mitigating the situation, both in terms of helping a client oftentimes in dealing with very stressed-out CIOs, CISOs, CISOs or General Counsel or CEOs or CFOs.  This is their first rodeo most times, where you hope it’s their first rodeo.  But for me, this is a day-to-day adventure, and this is something that I deal with on a day-to-day basis.  So, I know what to do.  You might be running around with your chicken like your head cut off, right?  But my goal is to help you walk through this calmly, succinctly, and to go through the checklist.  And the checklist needs to be, you call me.  We engage our forensics we may also immediately engage with your cyber insurance carrier.

Oftentimes we will hopefully have gotten that into your Incident Response Plan at the outset, knowing exactly what resources you bring to bear in terms of your breach council, in terms of your forensics team that responds.  But most of the time, my first few calls are going to be related to giving notice to the carrier and then also getting a Forensics Incident Response Team deployed as quickly as possible.  Then from there, depending on your industry, we may need to take some immediate actions in the form of various regulator notifications.  And it just depends on the nature of your business, if you’re in financial services, if you are in healthcare, if you are in state and local government, there are a lot of different regulations that can come into play, and they overlap into your Cybersecurity Incident Response.  Financial services being an example where you might have obligations to notify a bank or a credit union, your regulator right away, or to file a suspicious activities report.  We need to be thinking about these things at the outset, and because of my experience, I know where to go and how to navigate those initial moments.

But our first responsibility is, like I said, give notice of carrier and then also get the right experts like John and Sharon on the line so that you make sure that you’re immediately beginning to do things like log collection, to make sure that the firewall logs aren’t rolling off, to make sure any kind of evidence that we need to preserve is immediately being preserved.  And then we can kind of move from there.  And there are a lot of different kind of players that come into the scene depending on the nature of the incident.  And we’ll talk maybe a little bit more about that as we go on in our conversation today.  But I like to say that I should be the first person you call.  And I keep my cell phone beside me.  I’m always around, always available and ready to jump into the fray.  Clients have talked to me as I’m walking through the grocery store.  I’m at the Starbucks drive through.  Incidents are never convenient, but I’m there.  And the goal is to make sure that we’re responding right away and protecting the client.  And really, what is the cyber catastrophe?

And so, how do we begin to take those steps to mitigate?  The first step is let’s protect the privilege.  And we’re protecting it from potential litigation later.  Yes, but also depending on if you’re a public body, there’s FOIA concerns.  If you are in potential shareholder litigation later, there’s shareholder related concerns.  And then also, like I said, there’s just kind of knowing where to go, how to navigate and that’s kind of part of my role.

Sharon D. Nelson: Well, that’s why it’s so important that they get to their data breach lawyer first.  And I can see that you are well prepared, which is always a good thing.

John W. Simek: Well, I don’t know how you keep all that stuff, those laws and regulations straight in your head Beth.  There’s just so many of them.

Beth Waller: There are.  It’s like an alphabet soup, but it’s great.

Sharon D. Nelson: Well, we used to recommend that Data Breaches being reported to the FBI.  That was kind of the old solid advice that I think most people were giving.  But more and more we’re saying that CISA should be the first stop.  What’s your advice to clients?

Beth Waller: I have clients come to me and they’ll tell me, like, “no worries, we have already reported to the FBI or to the local police or whomever.”  And I think that’s great.  I think in terms of your first few steps, that’s the first thing that you really need to try to think through is what law enforcement is going to be most beneficial to me.  Also, what law enforcement notifications may be required of me.  And I say that because between FBI and CISA, I think that that there is some overlap there.

I find people often are going to the IC3, as we call it, form.  I typically bypass that form and instead reach out directly to supervisory agents that I’m in touch with or aware of because I think that you get into the form and then you end up in the just the form city.  You just waiting for a response and somebody to get back to you versus if you are in an urgent need, knowing where to go and how to navigate quickly is important.  I will say too that in states like Virginia and there are many other states that have these types of offerings, you can also reach out to your local fusion center.  So, in Virginia I typically recommend that we reach out to the Virginia Fusion Center one because that is something that came out of 911, they are absolute privilege.

(00:10:00)

It’s the same thing with CISA and FBI.  There are certain privileges that attach to your making report to law enforcement in this way, but the Fusion Centers job is to actually help you navigate the various alphabet soup of federal authorities that can come parachute in to assist you.  And so, I think that reaching out to law enforcement is important.  I would say follow your breach coach’s direction on that and then also know that the resources of the various law enforcement groups are somewhat limited.

So, one thing I would note is that when you reach out to the FBI and again shoutout to the Cybercrimes Unit, love those guys.  The various divisions and the various states that we dealt with, they’re not going to deploy with an agent and a badge to your office necessarily.  Instead, what they’re going to do is say, “okay, great, you’ve been hit with PYSA Ransomware.  All right, well, PYSA Ransomware is handled by the field office out of Denver, right?  And they’re the ones who have all the expertise on that.  Let me get in touch with the agent in charge in Denver, so that they can get you information about this particular threat actor that can help you as you navigate.  Is this a double extortion ransomware event?  Is this one where paying the ransom makes some sense?  Are they on the OFAC, no, no list, no go list, which we’ll talk about?  But those types of issues, that’s where it can be very beneficial to reach out to your FBI folks.  CISA, same thing, you also have MS-ISAC and like I said, a lot of different state resources that can come to bear too.

John W. Simek: You mentioned earlier about working with the digital forensic folks to investigate and remediate a breach.  Can you talk a little bit more about that aspect of your work?

Beth Waller: Yeah.  So, as part of my job, I do engage forensic and cybersecurity experts, incident response teams who come in to play in the midst of an incident.  And by I engage, I mean I engage on behalf of the client.  And the reason for that is for privilege purposes.  So, again, there is this whole kind of body of law that has arisen around Cybersecurity incidents and Cybersecurity incident response that says that in order for forensic reports to be really protected from disclosure, the lawyer needs to do the engagement.  And not only does the lawyer need to do the engagement, but they also really need to direct the engagement.  That’s a very important distinction lately because there’s been a lot of litigation that has resulted in reports being disclosed.  You see it out of the Capital One litigation that’s a big one, where Mandiant had its root cause report, get disclosed.

John W. Simek: That was the poster child, wasn’t it?

Beth Waller: It was a poster child.  But I will tell you that working with those types of folks, the key is that in that instance, that was actually a tripartite agreement, which is to say between Mandiant Capital One and their law firm.  And that was actually born out of a retainer agreement whereby the Capital One had arranged to engage Mandiant and had paid a retainer in order to get SLA service level access to Mandiant.  And because of that, because of the way that engagement arose, and then the lawyer inserted themselves into a kind of midstream that was part of the factual basis that allowed the judge to say that was not privileged and confidential.  And so, why do I nerd out on this and get into the weeds?  Well, the reason is –

John W. Simek: Because you don’t want to be there.

Beth Waller: I don’t want to be there.  But number two, but for the grace of God go I kind of thing.  But number two, it’s because the details matter.  I will tell you that just being a lawyer cc’d on something anymore isn’t going to work.  So, as counsel, I do try to make sure I’m deeply engaged, that the manage service agreement flows directly between me and the forensics team directly, that all reports are given to me.  And that not only that, but that I participate in every little nuance of the engagement.  And I think that’s important because the reason being that I can help direct.  Okay, well, look, I appreciate that there is an interest in the root cause of this particular event, but I’m really most interested as counsel in the exfiltration of the data.  So, rather than spin our wheels looking at, “okay, we’re going to collect the entirety of an environment in terms of evidence, let’s really focus in on those things that are most important.”  So, I think having kind of a deep kind of geek speak love of incident response and also being able to jump into the phrase council helps really guide the engagement in the right way and also helps the client with the outcome.

Sharon D. Nelson: Well, that sounds like a great plan, and I think really a lot of folks who are listening are not aware of the dangers of the privilege breaking down.

Beth Waller: That’s right.  Well, they think that, “okay, I’m going to copy my lawyer in and that’ll be okay.”  But there’s this whole body of law that, again, I know that Sharon, you and John are geeking out on with me that says it’s continuing to evolve, that says just a copy on something isn’t sufficient anymore.  And that’s why you really need to engage experts like Sensei or lawyers that really do this on a day-to-day basis to make sure that you’re not waiving your privilege.

(00:15:00)

Because I think that if you’re not deeply engaged with where the law is, you can really kind of go amok on these types of engagements.

Sharon D. Nelson: And they do because they are headless chickens and they are scared.

Beth Waller: I mean, exactly.  The headless chickens.

Sharon D. Nelson: They get ahead of themselves.  They need to start and stay with their lawyer while they’re doing everything else.

Beth Waller: Absolutely.

John W. Simek: Well, before we move on to our next segment, let’s take a quick commercial break.

Sharon D. Nelson: As a lawyer, insurance is one of the last parts of your job you want to spend unbillable hours on.  That’s why thousands of lawyers have switched to Embroker.  Embroker offers A plus rated insurance for law firms you can quote and buy instantly online.  If you need help, they have experts on standby.  Go from signup to purchase in 15 minutes by visiting embroker.com/law.

[Music]

Looking for secure legal software to help manage your firm’s matters in the cloud.  With Clio’s cloud based legal software, you can safely manage everything.  From client intake to billing from one secure platform, so that attorneys can spend more time doing what they do best, practicing law.  To learn why over 150,000 attorneys, firm staff and IT leaders trust Clio, visit clio.com today.

Welcome back to Digital Detectives on the Legal Talk Network.  Today, our topic is Advice for Law Firms from a Data Breach and Privacy Lawyer.  Our guest is Beth Waller, as chair of the Cybersecurity and Data Privacy Practice at Woods Rogers, best practice is fully devoted to Cybersecurity and Data Privacy.

John W. Simek: So, Beth, last year, the ABA’s Legal Technology Report that showed only 36% of law firms have instant response plans.  I know that bothers Sharon and I quite a bit, but why do you think that number is so low?  And I know you mentioned IRPs earlier on, but can you talk about the importance of IRPs and assisting clients and drafting them?

Beth Waller: Absolutely.  I feel like it’s like, what is it?  The metaphor about the cobblers’ kids always has the wear shoes.  And I think that lawyers tend to be in that camp that we kind of put ourselves last in terms of incident response plans and taking care of these types of things.  And also, think that lawyers tend to think that we will know what to do.  Even if I’m a real estate lawyer, I’ll generally be able to figure it out.  And I don’t mean that to sound negative against my real estate brother and sisters out there, but say that in a sense that I think lawyers tend to think that they will be able to tackle these things.  And I don’t think that they understand that there’s a lot of nuances to the specifics of an incident response plan and how you delve into them.

So, I think in terms of your question about why do a number of law firms not have incident response plans and I think that’s why.  And I do think that incident response plans are important, and I do assist clients in drafting them.  But I will tell you quite candidly that I do tell clients as well that’s if you were going to spend your time drafting an incident response plan or an asset inventory.  Like a digital asset inventory or you were going to spend your time drafting an incident response plan and let’s say, creating an up-to-date network map.  I would often spend my time first on that asset inventory and that network map.  And the reason being that when you have an incident, it is way more useful for a John and a Sharon to have those items at hand right as you parachute in than it is to have an incident response plan that nobody’s following because we’re chickens with our heads cut off.  So, I do think that those things can be very helpful.  And I think that whatever you do with an incident response plan, you need to make sure that you can follow it.  Number one and that it’s kind of accurate to your organization, number two which is to say.

If you have an incident response plan and you have a very hands-on CEO for example, you need to make sure that that incident response plan reflects the fact that the CEO is going to be in the room versus thinking that that person might not be there.  But yeah, I think asset inventories and network maps are the way to go, and then incident response plans.

John W. Simek: Can’t protect it if you don’t know you have it.

Beth Waller: That’s right.

Sharon D. Nelson: That’s right, for sure.  Well, you referenced a little bit earlier in the conversation about OFAC, which does not allow payment of ransomware to certain ransomware groups.  But now these groups are beginning to play games.  They rename themselves or pretend to be a different group, one that’s not on the OFAC list.  How in the world can you ensure that clients are not, however, unknowingly, violating the law?

Beth Waller:  You know Sharon I think that’s a great question.  I think the challenge is that you have no real certainty that you aren’t.  I think that that’s the real challenge right now.  You go to the FBI and the field offices that are working with these particular ransom groups –

(00:20:00)

–may be able to tell you, like, yes, we think this is or is not affiliated with the sanctioned entity.  They won’t give you an official report, but they might tell you off the record, hey yay or nay, I think you’ve got a problem.  And then if you’re working with there are groups that go out there and do ransomware negotiation, and then they also provide you with wallets.  They will also do assessments, and you can rely on them to some extent, but I think that it is a major risk.  I don’t think that it’s a very clear-cut thing.  And I know that business people are really pushed up against a wall and really feel like that they may need to pay that ransom.  I think you need to take a step back.  And that’s often what I tell clients, take a step back.  Let’s take a deep breath and let’s really look at this and decide if this is something where we need to pay.

If your backups are not viable, is there a way to come back online without the backups?  Even if it’s a pain in the rear for Susie at the front desk to be reentering a bunch of invoices?  Can we come back online that way versus paying a ransom and exposing ourselves.  Or if you have data that may be being released, paying the ransom may or may not prevent that data from becoming released.  And the reason I say that is because now you have Ransomware as a service.  And just like software as a service, you have your developer, and then you can go out and you have folks that are selling this ransomware access.  And they may not be the folks that are the developer of the ransomware.  So, you could end up in a situation where you have multiple threat actors and you could have ended up in a situation where you have a threat actor deploying ransomware where you think that you’re going to get a decryption key that works, but you might not.  So, I think Sharon is a deep challenge for businesses right now.  And what I tell clients is that they really need to look at these options and not just go to that knee jerk, “oh, we’ll just pay.”  Let’s look at this and really assess the situation.

John W. Simek: You mentioned cyber insurance earlier on, but do you help your clients be proactive in getting their Cybersecurity game to the next level?  Especially, we’ve seen recently as the demands of the cyber insurance companies, they’re almost requiring if it will certain measures be taken or you’re not going to get any coverage.

Beth Waller:  That’s right.  Well, I do think that in 2022, especially Q1, Q2 2022, we have been seeing a big push towards very specific requirements in cyber insurance.  And not just like you will have MFA.  I’ve seen insurance applications wherein they get into the level of tell me exactly what you are utilizing in terms of software.  Tell me exactly what cloud providers you’re using.  Tell me this, tell me that.  And the underwriters are taking that back and really trying to look at it and figure out whether or not this entity is insurable.  And so, to your question of do I help clients, I do.  I’m not an insurance broker, as a Cybersecurity attorney, I don’t sell insurance.  I don’t get any benefit from it.  But what I do is I help a client navigate the application process.  So, if you receive an application from a broker, I will help you by reviewing that with you and figuring out, because these are often really signed under penalty of perjury, right?

So, can we say this?  Can we say that?  And then also when you get the actual insurance application, I assist clients in terms of negotiating those terms on the back end.  So, let’s say that there is an exclusion for this, that or the other.  I’m helping to spot the issue to say client, this particular exclusion is going to leave us dead in the water based on your business.  And then also, I would require or recommend that you push back on this particular language.  But, John, to your point, it’s very difficult in this market to negotiate, right?  And so, helping clients get those types of protocols in place is really critical.  And so, I really depend on Cybersecurity experts like you and Sharon to be able to come in and help give that kind of briefing on those things.  From my standpoint, I’m really on the back end trying to navigate the Wild West that is cyber insurance with them.

Sharon D. Nelson: We use that term a lot.

John W. Simek: I think the other challenge is they don’t understand what even the questions mean, what the form means.

Sharon D. Nelson: They also don’t like it that once we explain that, that their answers are not going to satisfy the cyber insurance company.

Beth Waller: That’s exactly right.  And I think the key really is to try to look at what you can do in the short term that would be really beneficial.  Can you go ahead and implement MFA?  Can you go ahead and get an external pen test and see — because what’s also happening in the insurance arena these days is the actual underwriter is going out and contracting to have pen testing done and then having that pen testing become an exclusion in your policy.  Like, if you do not close 440, then you will not get coverage if something comes through 440.  And so, you could preemptively do that or kind of get yourself cyber hygiene ready by getting a pen test done, but just make sure that if you do get it done, that you act on it right, because that’s the other thing going back to kind of evidence generation.  As lawyers, what we don’t want to do is create a record that we were sitting there knowing that we were like Swiss cheese with a bunch of holes.

(00:25:03)

We want to make sure that we’re fixing those holes.  If we know that we’re going to look like Swiss cheese, at least we’re doing it under the auspices of privilege.  Because that’s the other thing I’ll tell folks.  If you’re going up for a sock too, you’re going up for a pen test and you know it’s going to be bad and your client requires it, then engage with me first so that I can then turn around and engage somebody like Sharon and John to come in and do that kind of work so that we cover it with privilege, you get the expertise that you need, but we’re not creating a scenario where you’re just kind of making it hog wild available to everybody.

Sharon D. Nelson: Sounds like good advice to me.  As privacy laws proliferate, and they certainly are, how do you help your clients make sure they’re in compliance with those laws?  It’s terribly complicated since there are so many different definitions and standards.  Isn’t that the case?

Beth Waller: It is.  I mean, really what we try to do is create matrixes based on the client’s exposure.  So, oftentimes what we’re doing is we actually have our own in-house privacy analysts that works alongside me, much like you would have a real estate paralegal and real estate laws.  And he assists me in gathering information.  And then we figure out, okay, hey, you’re in California or you’re in Illinois or you’re in Europe or you’re in Brazil or China or Canada, places that have privacy regulations.  And then we figure out in the back door from there what your requirements may need to be.  But it is like drinking from a fire hose, Sharon, it is constant.

Sharon D. Nelson: Back to the fire station again.

Beth Waller: We back to the fire station.  Let me tell you, I wild eyed most of the time, especially with a potential federal law coming down the pike.  It is getting real up in here.  But again, I love it.  I love the challenge.  But it is something that you have to stay on top of and what was good a year ago is not necessarily good now.

Sharon D. Nelson: It moves so fast, we have to change our PowerPoints every time we do it.  It’s outmoded from the last one we gave.  It’s just constant.  But before we move on to our next segment, let’s take a quick commercial break.

[Music]

John W. Simek: They say the best things in life for free, which either means the Legal Toolkit Podcast is pretty awesome, or we’re totally committed to the wrong business model.  You’ll just have to tune in to find out which it is.  I’m Jarrett (00:27:08) and each episode, I run the risk of making a total ask of myself so that you can have a laugh, learn something new, and why not maybe even improve your law practice.  Stop believing Podcasts can be both fun and helpful.  Subscribe now to the legal toolkit. Go ahead, I’ll wait.

Conrad: Hi, Gee what’s up?

Gee:  Just having some lunch, Conrad.

Conrad: Hey, Gee, do you see that billboard out there?

Gee: Oh, you mean that guy out there in the gray suit?

Conrad: Yeah, the gray suit guy. There’s all those beautiful, rich, leatherbound books in the background?

Gee: That is exactly the one. That’s JD McGuffin, at Law, he’ll fight for you.

Conrad: I bet you he has got so many years of experience.  Like, decades and decades.  And I bet he even went to a law school.

Gee: Are you a lawyer?  Do you suffer from dull marketing and a lack of positioning in a crowded legal marketplace?  Sit down with Gee and Conrad for lunch hour Legal Marketing on the Legal Talk Network, available wherever podcasts are found.

Sharon D. Nelson: Welcome back to Digital Detectives on the Legal Talk Network.  Today, our topic is Advice for Law Firms from a Data Breach and Privacy Lawyer.  Today, our guest is Beth Waller, as chair of the Cybersecurity and Data Privacy Practice at Woods Rogers, best practice is fully devoted to Cybersecurity and Data Privacy.  Beth, we can’t imagine that your area of practice will do anything but continue to expand.  I’m pretty sure you agree, but I’ll let you say so.  And what does your crystal ball tell you about the future as it applies to those areas of practice?

Beth Waller: I think you’re absolutely right, Sharon.  I think it’s only going to continue to expand.  And really, it’s being driven by data privacy.  The global concerns around what do we do with data, what do we do with consumer data, how do we sell that data, how do we use that data?  And so, I think that that’s really kind of the frontier is data privacy.  I think it’s the frontier also in the cyber insurance realm, because I think a lot of folks haven’t really delved into the fact that their cyber insurance covers privacy fines and penalties.  And I think with more states going live like California and Virginia and Colorado, Utah, Connecticut.  On data privacy concerns, I think you’re going to see more and more privacy penalties and that’s going to become the next frontier.  So, I think it’s only going to expand.  I also don’t see criminals going away.  So, I think cyber is going to be here to stay.  I think they’re going to be always looking for a hook up.  But bring it on is what I say, bring it on.

John W. Simek: Well, Beth, I’m going to throw you a softball here.  What’s the one big question we haven’t asked that our audience is probably very curious about?  And what would their answer be?

Beth Waller: I guess one big question would be, what can I do as a law firm or a lawyer or just somebody in industry?  What can I tell my clients or what can I do myself to protect against these things?  And I think my answer would be, being aware that these issues are out there is the first step.

(00:30:02)

And then engaging the right people to help you.  Don’t try to solve these problems by yourself.  Make sure you’re reaching out to experts who can assist you just like you would in any other area of your life or practice.  Reach out to those who can help you translate the digital geek speak into things that you can do that are actionable to protect yourself.

Sharon D. Nelson: Well, you’ve been a terrific guest today, Beth.  I love your spontaneity and your sense of humor and your depth of knowledge.

Beth Waller: Thank you.  Thank you so much for inviting me.  It’s been a real pleasure.

Sharon D. Nelson: Well, it was a pleasure for us to, thank you and I know our audience will enjoy it.

John W. Simek: That does it for this edition of Digital Detectives.  And remember, you can subscribe to all the editions of this Podcast at legaltalknetwork.com or an Apple Podcast.  And if you enjoyed our podcast, please rate us on Apple Podcasts.

Sharon D. Nelson: And you can find out more about Sensei’s digital forensics, manage technology, and manage cybersecurity services at senseient.com.  We’ll see you next time on Digital Detective.

Male: Thanks for listening to Digital Detectives on the Legal Talk Network.  Check out some of our other podcasts on legaltalknetwork.com and in iTunes.