Cyber Sip

Host Kevin Szczepanski welcomes Damion Walker, managing director of the technology practice for insurance giant Gallagher, to discuss the intricacies of cyber insurance and the newer product, known as tech errors & omissions (E&O) coverage. They explore the evolution of these insurance products, the importance of understanding the differences between them, and how businesses can leverage insurance as a financial tool. Their conversation emphasizes the need for businesses to be proactive in their insurance needs, the significance of choosing the right broker, and the underwriting process. Damion and Kevin also address the challenges faced in the cyber insurance market, providing insights on handling claims and the importance of maintaining communication with brokers regarding changes in business operations. Listen in for the whole story.

Kevin Szczepanski welcomes Gregg Davis, managing principal and technical advisory solutions leader at EPIC Insurance Brokers & Consultants. Kevin and Gregg start by discussing the increasing risks of insider threats to cybersecurity and the sophistication of threat actors along with the need for organizations to create a culture of verification and for real-world training. Diving into strategies to mitigate insider threats, they emphasize awareness and proactive measures. Kevin and Gregg touch on business email compromise, insurance policies, the evolving role of the CISO, and much more. Tune in for the whole episode.

Kevin Szczepanski and guest Nick Reese, co-founder and COO of Frontier Foundry, discuss strategic applications of AI on this episode. Nick's career evolution includes positions in the US Navy and within the US intelligence community, including a stint as director for emerging technology policy for the US Department of Homeland Security. His company is working on privacy-preserving AI. Kevin and Nick discuss the distinction between generative AI and artificial general intelligence and the need for small to medium-sized businesses to adopt AI strategically. The conversation emphasizes the significance of understanding data security, the role of human oversight, and the establishment of AI governance to ensure ethical and effective implementation of AI solutions.

Kevin Szczepanski and Michael Kurzer, a partner in the law firm Vinson & Elkins who leads the Technology Transactions & Intellectual Property Group, explore the burgeoning field of AI-ready data centers. Kevin and Michael discuss these data centers' significance, the complexities involved in their construction and operation, and the legal challenges they face. In addition, Michael shares insights on the evolving landscape of data centers, the impact of AI on infrastructure, and the importance of robust legal frameworks to navigate the associated risks. Listen in for the full conversation.

Kevin Szczepanski and Bob Buda, one of the first-ever certified Oracle database administrators, dive into database design, security, and management. To frame the conversation, Bob asks a hypothetical CEO this question: “What percentage of your annual salary would you wager that your data is totally secure?” He provides background about database design and the critical need for data security. Bob and Kevin also discuss the significance of selecting valuable use cases for AI implementation within businesses of all sizes and the need for comprehensive security measures, including the concept of zero trust. Listen in for the full conversation.

In this episode ofCyber Sip, Kevin Szczepanski welcomes plaintiff-side attorney David Lietz, a senior partner at Milberg. David and Kevin take a deep dive into the complexities of data breach class actions, including their evolution, the risks of identity theft, legal standing, and the settlement process. They note the many reasons people give to not join class actions, also pointing out new methods for upping the rates at which people do participate and what some of the benefits may be. They emphasize the importance of being proactive in protecting oneself from data breaches and offer insights into the legal landscape surrounding these cases.

Welcome back to Season 4! In this episode of Cyber Sip, Kevin Szczepanski and Kelly Geary, managing principal of Epic Insurance Brokers & Consultants and national practice leader of Professional, Executive & Cyber Solutions, discuss the current state of the cyber insurance market, the impact of AI on cybersecurity, and the challenges organizations face in implementing effective cybersecurity measures. They explore the rise of social engineering fraud, particularly through deepfake technology, and emphasize the importance of regular training and tabletop exercises to prepare organizations for potential cyber threats. The conversation highlights the need for a proactive approach to cybersecurity and the evolving landscape of insurance coverage in the face of new technologies.

Welcome to Season 4! In this candid solo season opener, host Kevin Szczepanski shares his personal experience of losing his laptop—and hopes listeners heed the valuable lessons he learned. Join Kevin now for essential steps to take immediately after the loss of a device, including contacting your IT department, changing passwords, and reporting the loss to the police. He also delves into the role of IT departments in recovering lost devices and helping to ensure data security. While Kevin's story has a happy ending, he emphasizes the importance of being cautious, attentive, and prepared.

In this conversation, Sandeep Batta, lead solutions architect for IBM Hyper Protect, discusses the importance of a zero trust cybersecurity model. Sandeep particularly focusses on the rise of digital assets, the implications of quantum computing, and the necessity for organizations to adopt quantum-safe encryption. He emphasizes the need for a secure environment to protect critical data and infrastructure and the role of crypto services in ensuring data security. He also touches on the critical importance of hardware security modules (HSM) in data protection. The discussion also covers the necessity of building secure software pipelines, highlighting the importance of trust in technology. Kevin also signs off for the season with this episode. Stay tuned for Season 4!

Kevin Szczepanski is joined by insurance and technology veteran analyst and author Barry Rabkin as they take a deep dive into all things cyber, cyber risk, and insurability. Barry sets the stage by addressing the evolution of cyber risk and noting that the CrowdStrike outage was both a wake-up call and a harbinger of what's to come. Kevin and Barry then discuss cyber and operational technology (OT) vs information technology (IT). Their deeper dive into what cyber risks are (“corruption, disruption, destruction, nuisance, and theft”) leads them to note that our world, instead of terraforming, is cyberforming. Listen in as Barry shares more, including about his forthcoming book, “Ramifications of Insurance Commerce in the Cyber Age.”

Kevin Szczepanski and Brian Haugli, CEO of SideChannel, discuss the implications of the recent CrowdStrike incident. CrowdStrike, an endpoint detection and response (EDR) provider, pushed an update that caused worldwide system crashes and downtime for their customers. Brian and Kevin analyze what happened and look at how CrowdStrike responded. The EDR is still being criticized (and in some cases sued) for its process, timing, and lack of empathy and accountability. The incident raises questions about vendor selection, procurement contracts, and the need for better control and auditing of software updates. Kevin and Brian emphasize that it's still important to maintain good security practices, including embracing EDR technology. One outcome of the incident, they add, is looking at the role of the government in regulating EDR firms.

In this episode, Kevin Szczepanski and Dean Mechlowitz of TEKRiSQ discuss the blind spot that organizations may have when it comes to cyber risks and the need for a cyber risk assessment. They note that the tactics used by criminals to compromise data often don't require a highly skilled hacker, yet many organizations believe they are secure. Dean emphasizes the importance of conducting a cyber risk assessment to identify and prioritize risks based on the type of data, technology, processes, and regulatory requirements of the organization. Kevin and Dean also discuss the role of cyber insurance in risk management. Listen in to make sure you've done what you can to protect your business. 

In a quick solo episode, host Kevin Szczepanski offers practical information that can help when you or someone you know suffers from the modern malady known as identity theft. It's common and serious, affecting millions of people and costing billions of dollars every year. Most of us know that identity theft happens through various means, such as clicking on malicious links, downloading malware, or being a victim of a data breach, but knowing what to do, says Kevin, can provide a measure of comfort. Steps Kevin recommends include reporting the theft to the FTC, placing a fraud alert, correcting your credit report, and considering identity theft protection. Listen in for the details.

Kevin Szczepanski and guest Laura Zaroski, managing director of Gallagher's law firms practice, discuss law firms' varied responses regarding the use of generative AI: some embrace it while others prohibit it. They also explore benefits and risks of using AI, including the importance of checking work, avoiding sanctions, and client disclosures. They then touch on the potential impact on insurance coverage and underwriting. Firms should consider their risk tolerance and their cases' value when determining coverage limits. Another best practice is to establish and regularly revisit guidelines or policies for AI use. Kevin and Laura emphasize the need for law firms to understand and strategically use AI while also being aware of the potential dangers.

Kevin Szczepanski welcomes Jessica Copeland of Bond, Schoeneck & King back for a lively discussion on why (and whether) attorneys and firms of all sizes should use artificial intelligence. As a refresher, they remind listeners of the definition of AI and some of its uses. As with many things lawyer related, the answers come down to “it depends.” Law firms need to look at their priorities, capabilities, and needs. Other areas to consider are policies, compliance, indemnification, employee training, security, and clients' expectations. Kevin and Jessica also discuss AI tools' wide availability, noting that familiar companies like Lexis, Westlaw, and Microsoft Office have all rolled out internal AI features. Listen in for more.

In this conversation, Kevin Szczepanski and Jessica Copeland of Bond, Schoeneck & King define generative AI as basically the use of large language models to create natural language responses. They note that AI has been used for decades—examples of it in everyday life include personalized recommendations on Amazon and Netflix. They then move on to the use of generative AI and AI governance. Generative AI has both benefits (efficiency and time savings) and risks (including accuracy, bias, confidentiality). Governance is crucial, and listeners will hear some recommendations for developing a robust AI governance plan, including selecting the right tools, identifying decision-makers, assessing security features, and implementing policies and training.

Kevin and his guest, Jodi Daniels, founder and CEO of Red Clover Advisors, discuss the importance of privacy as a fundamental human right, noting that building trust is a two-way street. Jodi explains that a privacy consultancy helps companies comply with data privacy laws and build trust with their customers. Jodi emphasizes that privacy is both a legal compliance issue and a market opportunity. By prioritizing privacy and being transparent about data use, businesses can differentiate themselves and gain a competitive advantage. They also discuss the book Jodi coauthored with her husband, Data Reimagined: Building Trust One Byte at a Time, which provides a story-driven approach to help professionals understand the importance of privacy and navigate privacy regulations. 

Kevin and guest Ziming Zhao, assistant professor in the Department of Computer Science and Engineering at the University at Buffalo, discuss Ziming's work in systems and software security. They focus on ethical hacking and its goal of responsibly disclosing vulnerabilities to vendors. Ziming says that hacking can be fun and doing it ethically serves a purpose, though he emphasizes that ethical hacking is not a guarantee of absolute security. Companies still need to have a security in design mindset. Ethical hackers can help raise the security bar for companies and organizations. Ziming also discusses the relationship between academia and industry in the field of ethical hacking. 

In this episode, host Kevin Szczepanski and his guest, Bill Haber of TEKRiSQ, discuss tips to prevent phishing attacks, which, they remind listeners, are “fraudulent attempts to obtain personal information through electronic messages.” Kevin and Bill highlight the prevalence and success of phishing attacks, emphasizing the need for vigilance from both individuals and organizations. Covering examples and types of phishing attacks—spear phishing, smishing, man-in-the-middle attacks—they offer takeaways including slowing down, being cautious of urgency, verifying suspicious emails, conducting trainings, and implementing tools like VPN and DNS filtering. These practices can both enhance cybersecurity and improve the chances of obtaining cyber liability insurance.

Kevin Szczepanski and Arun Vishwanath, chief technologist of Avant Research Group, discuss the urgent need for cyber-hygiene education for children, including about security and privacy. They highlight frequent cyberattacks targeting schools and other education systems, which often have outdated technology and may lack sophisticated IT security skills and resources. The conversation also touches on the role of the private sector in providing cyber-literacy education. Kevin and Arun embrace reforming credit monitoring for children and expanding its scope to include reputation management, and they agree about the importance of protecting the next generation from cyber threats and the need for systemic changes.  

Kevin Szczepanski and Kyle Cavalieri, president of Avalon Cyber, discuss the increasing risks of funds transfer fraud, covering topics such as understanding this type of fraud, how it works (including fake invoicing and “vishing” attacks), red flags, and how to respond. Red flags can include unexpected calls or emails, and it's important to be prepared for when these contacts occur. Kevin and Kyle emphasize the growing threat of such attacks, which can result in significant financial losses. They discuss the importance of immediate action, including updating credentials, notifying the bank, involving an attorney, and reporting the incident to law enforcement. Listen in to learn more.

More than ever, cybersecurity risk assessments are essential for businesses of all sizes to understand and mitigate their risks. Done appropriately, assessments can provide help with remediation and a plan for moving forward and can even assist with pursuing insurance coverage. This episode, which features Bill Haber, co-founder of the cybersecurity company TEKRiSQ, emphasizes the need for actionable steps and justifying recommendations based on an organization's specific risks and compliance obligations. Even if your organization is not subject to specific regulations, conducting a risk assessment is crucial for protecting data, limiting liability, and maintaining cyber insurance coverage. Listen in to learn more.

From Barclay Damon's new podcast studio, Kevin welcomes back University at Buffalo Professor Siwei Lyu. To start this fast-moving conversation, Siwei notes that what sets generative AI apart from analytical AI is that generative AI focuses on creating content rather than just answering questions or sorting through data, and he sheds light on what seemed to be the technology's “sudden appearance.” Siwei and Kevin also discuss the introduction of ChatGPT, current and future applications of generative AI, and concerns about generative AI's misuse. Throughout the talk, Siwei emphasizes the importance of responsible use and the need for safeguards.

Join Kevin Szczepanski as he explains his five need-to-know cyber action items for the year. They involve 1) conducting a cyber risk assessment, essential for identifying and prioritizing risks, 2) developing an incident response plan to help respond to and mitigate cyber incidents, 3) conducting tabletop exercises, which give organizations the opportunity to do run-throughs of real incidents, 4) reviewing policies, including determining which ones you need, and 5) considering appointing a virtual chief information security officer (CISO). Kevin also provides a preview of upcoming topics for Season 3 of the podcast, including AI, cybersecurity for kids, risk management, and insurance—all recorded in our new state-of-the-art podcast studio.

“Compliance” doesn't have to be a dirty word. Check out the final episode of Season 2 of Barclay Damon Live: Cyber Sip™ when, for the first time ever, host Kevin Szczepanski welcomes two guests: his Barclay Damon colleague Bridget Steele and the founder and CEO of Opollo Technologies, Ryan Young. Using Ryan's company as an example, you'll hear how embracing compliance rather than avoiding it can be just the ticket to securing clients. Especially in the health care and other highly regulated sectors, when businesses successfully integrate compliance into their development, they can be more competitive. Listen in now.

In episode 46 of Barclay Damon Live: Cyber Sip™, Justin Daniels, an attorney with Baker Donelson and cohost of the podcast “She Said Privacy/He Said Security,” shares with host Kevin Szczepanski his thinking around the use—and risks—of AI in business. His concern comes with the explosion of tools like ChatGPT and the attitude of many business owners, investors, and software designers that if (or when) something goes wrong, especially regarding data and privacy, they'll “fix it later.” Justin, also the coauthor of Data Reimagined: Building Trust One Byte at a Time, says that attitude needs to change and suggests following the nonpartisan National Institute on Standards and Technology (NIST) standards when thinking about AI use within your company. (Hint: It's probably there already.) Listen for details.

Episode 45 of Barclay Damon Live: Cyber Sip™ addresses a critically important topic: “Building Trust One Deal at a Time: Due Diligence in M&A Transactions.” Once again, Brian Haugli, CEO of SideChannel, founder of RealCISO, and creator and host of CISO Life Podcast, joins host Kevin Szczepanski. This time, they're covering cyber due diligence, assessments, and risks related to mergers and acquisitions. Brian notes that, though a deal rarely falls through because of cyber issues, it's critical for the acquiring organization to know what it's getting and how any gaps might affect the deal—especially financially. Watch or listen in for more.

Welcome to Barclay Damon Live: Cyber Sip™. In episode 44, host Kevin Szczepanski welcomes Brian Haugli, SideChannel CEO, founder of RealCISO, creator and host of CISO Life Podcast, and more, for “Your Cybersecurity Roadmap: Targeting Gaps and Assessing Risks.” Brian and Kevin first address a misconception: If you tick off the common boxes for security controls, you've done all you need to do. Not true, says Brian. Using his talent for visual explanations, Brian confirms that there's a lot more to reducing your organization's risks and making sure you have a solid program in place. Watch or listen for more.

Welcome to Barclay Damon Live: Cyber Sip™ episode 42, “‘California Emissions': Is the CCPA a Bellwether for the Rest of Us?” Michelle Merola, leader of Hodgson Russ's Cybersecurity & Privacy Practice, returns to talk with host Kevin Szczepanski about the changing landscape of privacy laws and specifically how California leads the way with its recently revised California Consumer Privacy Act (CCPA). Kevin and Michelle review the changes, which make the law even more consumer friendly, and touch on how other states across the country may follow suit (or not). Topics include the new regulatory agency the state has established as well as how even businesses based outside California may need to comply with the law. Listen now for this vital information.

Welcome to Barclay Damon Live: Cyber Sip™. In episode 42, “Social Engineering: The People Problem of Cybersecurity,” host Kevin Szczepanski is joined by Arun Vishwanath, a cybersecurity thought leader, author, and chief technology officer at Avant Research Group. Arun discusses his latest book from MIT Press, The Weakest Link: How to Diagnose, Detect, and Defend Users From Phishing, wrapping it into meaningful information about cybersecurity training and testing. Starting with a definition of “social engineering,” which refers to hackers directly targeting users with technology, Arun and Kevin agree that currently testing and training aren't solving the problem and discuss potential solutions. Listen in for more.

Kevin Szczepanski, host of Barclay Damon Live Presents Cyber Sip™, welcomes Chicago-based Brian Dusek, senior vice president and head of Americas cyber with Mosaic Insurance Company. Brian is a cyber insurance underwriter and frequent speaker in this space, and he shares current ideas on a range of topics regarding the sustainability of the cyber insurance market. It's a constantly evolving industry. In this episode, you'll hear about trends over the last year, including an inflection point and a turn toward stability. Ransomware and business email compromise haven't gone away, but brokers and insurers are working to ask potential insureds the right questions. Listen in for a deeper dive into privacy, security, where biometrics come into play—and how all of this can affect businesses.

It's episode 40 of Barclay Damon Live: Cyber Sip™. Host Kevin Szczepanski is joined for the first time by Michelle Merola of Hodgson Russ, where she is a partner and leader of the law firm's Cybersecurity & Privacy Practice. Kevin and Michelle start off by defining “privacy” as it's currently conceived, which includes the right to protect your personal information and data. They then delve into the difference between cybersecurity and privacy and the recent paradigm shift from a focus on security to privacy. Listen in for more on developing privacy laws and how they may affect businesses across the country.

Learn about the hot topic of deepfakes in the newest episode of Barclay Damon Live: Cyber Sip™. In episode 39, Siwei Lyu, SUNY Empire Innovation Professor at the University at Buffalo, returns to talk with host Kevin Szczepanski about this polarizing issue, addressing both the notable harms and potential benefits of “generative AI technology” (that's Siwei's preferred, less inherently scary term for the field). Like so many issues today, it's complicated, says Siwei, and neither extreme position—AI? No problem! Or…AI? We're doomed!—is correct. With his combined background in media forensics, mathematics, neuroscience, and social psychology, Siwei brings a compelling perspective to the conversation. Listen in for more revealing information.

Episode 38 of Barclay Damon Live: Cyber Sip™ finds host Kevin Szczepanski talking about cybersecurity claims and coverage trends with John Farley, managing director of Gallagher Insurance. The landscape is constantly shifting, says John, and he's seeing claims rising slightly after they dipped last year. John describes some of the many factors affecting trends in cyberattacks, and hence cyber coverage and claims, asserting that carriers are offering more services to help clients lower their risks and try to prevent attacks to stay insurable. It's a win-win for the industry and for businesses that are in a constant battle to protect their data, their customers, and their bottom lines. Kevin and John also touch on the potential effects of new developments in artificial intelligence in this arena. Listen in for more information.  

Listen in to episode 37 of Barclay Damon Live: Cyber Sip™, which finds host Kevin Szczepanski delving into the fascinating and sometimes unsettling topic of artificial intelligence with Siwei Lyu, SUNY Empire Innovation Professor at the University at Buffalo. Siwei and Kevin begin with a basic definition of artificial intelligence, or AI, and how it works. They then move into recent innovations like ChatGPT and both the excitement and concerns around its applications. With an optimistic attitude and a belief in the ability of humans to survive and thrive, Siwei offers insights for all.

Welcome to Barclay Damon Live: Cyber Sip™ episode 36. Host Kevin Szczepanski talks with Kyle Cavalieri, president of Avalon Cyber, about tabletop exercises. (No sit-ups involved.) Kevin and Kyle define the practice as a moderated exercise that tests an organization's ability to respond to a cyberattack. It's helpful to evaluate incident-response plans; to gain clarity around stakeholders' awareness of their roles, responsibilities, and communication; and to learn where its response program may have budget gaps. That's some of the “whys” of companies conducting such exercises (which should minimally be held annually). They also get to the “who” and the “how.” Listen in for more on this hot topic.

It's episode 35 of Barclay Damon Live: Cyber Sip™! Host Kevin Szczepanski and returning guest Reggie Dejean of Lawley Insurance take a look at the future of cyber liability coverage. Kevin kicks it off by noting that some in the insurance industry are making noises about cyber risk becoming uninsurable. Reggie, a 20-year veteran of the field, counters that, because cyber insurance (and reinsurance) are newer areas and because of the enormous disruption that major cyberattacks and breaches can cause, this is a natural phase of testing and potentially correcting the segment. Do we need legislation? What's happening with litigation? And what's the best type of cyber insurance for businesses to have? Listen in for answers and tips.

In episode 34 of Barclay Damon Live: Cyber Sip™, host Kevin Szczepanski welcomes back Bryan McCarthy of Transatlantic Reinsurance Company to discuss limiting exposure to biometric privacy claims. They continue the conversation they started in episode 28 about the effects of Illinois's Biometric Information Privacy Act (BIPA). BIPA is intended to protect residents of Illinois but has ramifications for businesses across the country. Hear Kevin and Bryan review what companies can do to protect themselves through insurance coverage for biometric privacy claims—claims about fingerprints, retinal scans, and other biometric data not being handled properly under BIPA. Beginning with who is subject to the statute (you may be surprised) and then moving on to the wisdom, as Bryan says, of “everyone being on the same page” with regard to coverage, they give a solid overview. Tune in.

Episode 33 of Barclay Damon Live: Cyber Sip™, with host Kevin Szczepanski, looks at five security controls you need to know about. Kevin talks with guest Dean Mechlowitz of TEKRiSQ about the importance and challenges of establishing security controls within your company, regardless of size or sector. TEKRiSQ is in the business of examining cyber wellness, and as co-founder, Dean has a good handle on the issue. Especially for smaller companies, but also for companies of other sizes, he and Kevin review what can be done to avoid cyber criminals' crosshairs—and to become insurable. Hot topics include data privacy, passwords, multifactor authentication (Kevin's favorite!), and everyone's worry, employee vulnerability. Listen in for more.

In episode 32 of Barclay Damon Live: Cyber Sip™, host Kevin Szczepanski welcomes Brandy Griffin of Crum & Forster Insurance to talk about the ever-changing landscape of cyber security. Brandy, who is senior manager for cyber incident response and e-risk, and Kevin dive deep and cover some newer issues, like board- and executive-level responsibility for all things data privacy and security. What else? For one thing, it's easier than ever to have resilient backups, but that's not stopping attackers. Kevin and Brandy also touch on AI, ransom policies, conquering the “alphabet soup,” and taking advantage of helpful resources from the insurance industry. It's no game!

In episode 31 of Barclay Damon Live: Cyber Sip™, host Kevin Szczepanski welcomes Reggie Dejean of Lawley Insurance to address the burning question “do I need cyber insurance?” You'll hear why Reggie believes that organizations need this type of coverage—his reasons boil down to the cost of these elements: extortion or ransom fees, legal and forensic fees, and business disruption. As Kevin has discussed with multiple guests, though, the application process can be daunting. In the rare instance that a company can't get the coverage it needs, they say, it's smart to have, at minimum, a law firm and a forensics firm on speed dial. Listen in for more.

In this solo episode of Barclay Damon Live: Cyber Sip™, host Kevin Szczepanski fills listeners in on important updates for financial companies—those that are licensed, regulated, chartered, or otherwise authorized to do business under New York State's banking, insurance, or financial services laws. If the question is whether the new Part 500 Cybersecurity Rules will affect your business, the answer is most likely yes. Over the past year, the New York Department of Financial Services has issued proposed amendments that will have a significant effect not only on the primarily targeted businesses but on the vendors that serve them. And they are coming soon. Listen in for more details.

Host Kevin Szczepanski is back with episode 29 of Barclay Damon Live: Cyber Sip™. In this segment, Kevin talks with Bill Haber, co-founder of TEKRiSQ, a cybersecurity company that helps small- and medium-sized businesses minimize technology risks quickly and affordably. Bill's company approaches its work with a “wellness” philosophy—only recommending solutions after the underlying issues are diagnosed. Bill dispels some common myths, describing how and where his company comes into the mix when businesses are seeking cybersecurity insurance. Listen in for more—and be sure to come back to hear Bill's co-founder, Dean Mechlowitz, cover in an upcoming episode the top ten solutions underwriters like to see in place.

Host Kevin Szczepanski is back with episode 28 of Barclay Damon Live: Cyber Sip™. Kevin and his guest, Bryan McCarthy of Transatlantic Reinsurance Company, explore Illinois's Biometric Information Privacy Act (BIPA), its 2008 origins, and what it mandates. Bryan, a senior claims examiner for Trans Re, and Kevin agree that the topic of protecting biometric information is critical and timely—whether that information comes from a fingerprint, retinal scan, or facial recognition. Also critically important: knowing if, when, how, and by whom the information is being collected, stored, and destroyed. You might be surprised to learn how broadly applicable this Illinois-based act is, how non-compliance is punishable, and the trends in class-action lawsuits because of it. Listen for more.

In episode 27 of Barclay Damon Live: Cyber Sip™, host Kevin Szczepanski welcomes back his guest and good friend Brian Rice, chief information technology officer at specialty wholesale insurance broker Synapse LLC. Kevin and Brian explore the ethical and legal ramifications of ineffective cyber defense postures. Addressing the moral obligation for companies—whether a yoga studio, a law firm, or a multi-billion dollar concern—Kevin and Brian cover the duty to protect customer, employee, and business-sensitive data. As they wrap up, Kevin poses this question: What can a company do right now to improve its security posture and minimize exposure to these risks? Listen in for Brian's top four tips now.

In this quick yet important chat with Brian Rice of Synapse Partners LLC, Barclay Damon Live: Cyber Sip™ host Kevin Szczepanski discusses security controls for companies of any size and in any sector. Hear Brian's point of view (which comes in part from working with companies ranging from seven to 700 people over the course of 20 years) on burning questions like: What's the number one biggest liability for companies? And what's the number one best defense against a potential invasion of your systems? Answer: Employees. And training them. Sure, having good cyber insurance coverage is important, but, as Brian says, having auto insurance doesn't stop you from driving mindfully. Tune in for more on this important topic.

In this quick solo episode of Barclay Damon Live: Cyber Sip™, host Kevin Szczepanski clues listeners in on some lurking online pitfalls. While Kevin uses the example of attorneys being targeted, the information is applicable to non-attorneys as well. Kevin points out some red flags and some useful prevention techniques as he describes a typical potential scam. (Hint: The scam usually starts with an email that might seem just a little bit off.) Listen in as Kevin goes through five specific red flags to avoid being scammed. And stay tuned for another episode coming soon.

Join Barclay Damon Live: Cyber Sip™ host Kevin Szczepanski as he welcomes Rich Sheridan, senior vice president, chief claims officer for Berkley Cyber Risk Solutions. In this informative episode, “Avoid Cyberattacks: Don't Click That,” Kevin and Rich review the evolution of cyberspace, especially with regard to the most frequent types of claims insured clients make. Data breaches, malware and ransomware, and fraud frequently trigger claims. Less frequent, due to the rise of encryption, are claims for lost devices. Employee mistakes are still a major driver, asserts Rich, for example, clicking on a link they shouldn't open. Listen in as Kevin and Rich share more information about how companies and individuals can shore up their defenses against cyber issues.

Check out episode 23 of the Barclay Damon Live podcast Cyber Sip™, during which host Kevin Szczepanski speaks with Ruth Promislow, a partner at Bennett Jones LLP, one of Canada's top business law firms. A thought leader in the data-protection, privacy, and security space, Ruth joins Kevin for a lively conversation, starting with the basics: what does a US business with operations, customers, or employees in Canada need to do to comply with Canadian law? Then Ruth covers what constitutes personal information in Canada versus the US definition. Listen in for lots of valuable cross-border information.

Host Kevin Szczepanski is back with a new season of the Barclay Damon Live podcast Cyber Sip™. Listen to episode 22 as Kevin welcomes Bill Prohn, director of information technology for Dopkins & Company, an accounting and consulting firm, as well as the managing director of Dopkins System Consultants, an affiliate focused on technology. Bill is also a self-described cyber evangelist, who for years has urged people to try new technology and now advises with absolute conviction that cybersecurity is the underpinning for businesses. As we enter October and Cybersecurity Awareness Month, Kevin and Bill take a look at the month's theme as described by the Cybersecurity Infrastructure Security Agency (CISA), an agency of the US Department of Homeland Security, focusing on four key messages CISA has delineated. Tune in, and stay tuned for new episodes coming soon.

Join host Kevin Szczepanski for episode 21 of Barclay Damon Live: Cyber Sip™. Kevin and guest Lizzie Cookson, director of incident response for ransomware remediation firm Coveware, offer an informative and wide-ranging discussion of Lizzie's work, which includes data-driven profiling of ransomware actors to both predict their patterns and achieve better outcomes for victims. They also talk about how ransomware threats have evolved over the last few years and how they continue to evolve. Kevin and Lizzie then delve into possible results after a ransomware attack. Considering all the factors involved, Lizzie recommends that, when it comes to strategy, companies emphasize resilience over prevention. Listen in for more insights. Disclaimer: This material is for informational purposes only and does not constitute legal advice or a legal opinion, and no attorney-client relationship has been established or implied. Thanks for listening.