Discussions by Domain: Proactive Information Security

Jul 30, 2019

“You can’t protect everything absolutely all the time.” 

Ryan J. Cooper is the Principal of Cooper, LLC. As the founding partner, Ryan started Cooper, LLC to focus on achieving the results that matter for each client, recognizing that each client is different. Ryan draws upon a diverse experience obtained at a premier international and national law firm. Ryan has counseled clients on strategic corporate transactions and successfully litigated matters in state and federal courts throughout the country. With a depth of experience that includes strategic business planning, high-stakes litigation, and insurance coverage counseling, Ryan has a unique combination of skill sets that rank him among his client’s most trusted advisors.

There is no magic checklist for information security.

Ryan:  “There is a gold standard we want to achieve, but there is no checklist that you can just mark off the boxes and say, ‘Congratulations’. There’s two questions… that clients have to confront.”

Ryan:  “One is whether or not they’re protecting information for third party risk, which is when clients have other people’s information that they need to keep secure. Now that may be clients who have consumer data or maybe clients who are vendors to other businesses.”

Ryan: “So that’s one level of security. And then there’s another.. which is first party security. And that is clients I have who have very valuable and proprietary information. It may be sales data, it may be intellectual property such as trademarks or patents, etc. And so that’s often the first question that we need to confront. And then beyond that, if you look at a lot of the standards organizations, there is conflicting information.”

 Defense and proactive litigation for third parties.

Ryan:  “You see third parties being the target more and more. And that’s because they’re aggregators. They’re a gateway. Either they’ve aggregated data from a bunch of different clients and therefore a hacker can get a bigger pot in a single hit or they have the gateways to multiple clients. Proactively, I think there are three things I always hammer clients about when we want to prepare ourselves and position ourselves to be strongest against third party risk.”

Ryan: “The first issue is smart contract policies. They will include certifications from the vendor as to their security requirements or their security standards that they meet our client’s requirements. They need to have insurance provisions. You need to make sure that you’re added as an additional insured on those policies so you have direct access.”

Ryan: “Contract provision terms, you need to then follow up and actually implement those contract provisions. Particularly when you have a contract that allows you to due diligence your vendors, you really got to do that. And you can and you should. And that’s why you put it in there, in the contract, in the first place. You need to due diligence to make sure your vendor’s doing what they said they are going to do. And also when to jump ahead for a second to the litigation side.”

Ryan: “Then insurance for yourself. I’m a big proponent that any comprehensive information security plan has to have its own crafted in cyber insurance policy for the areas you can’t secure. At the end of the day we also have insurance because you can’t protect everything absolutely all the time. And so you need to have an insurance policy that is designed so that if the worst should happen that you do have coverage that will help you either make you whole or cover you for your liability.”

To learn more about Ryan, connect with him here on LinkedIn.

 Listen to Ryan’s full Discussions by Domain podcast episode on Wednesday, July 31st.

Discussions by Domain: Cyber Insurance

“Not every company has the same risk.”Judy Selby founded Clearview Privacy Consulting LLC and Judy Selby Consulting LLC, bringing her 25 years of insurance coverage litigation experience to her insurance consulting services. Judy is an expert in cyber insurance and...